2016-08-26 18:50:37 +03:00
|
|
|
'use strict';
|
|
|
|
|
|
2020-10-01 10:52:05 -04:00
|
|
|
const winston = require('winston');
|
|
|
|
|
const passport = require('passport');
|
2021-12-30 16:14:33 -05:00
|
|
|
const nconf = require('nconf');
|
|
|
|
|
const path = require('path');
|
2020-10-01 16:22:19 -04:00
|
|
|
const util = require('util');
|
2016-11-15 12:45:00 +03:00
|
|
|
|
2023-05-03 13:42:28 -04:00
|
|
|
const meta = require('../meta');
|
2019-12-16 08:44:55 -05:00
|
|
|
const user = require('../user');
|
2023-09-25 14:35:26 -04:00
|
|
|
const groups = require('../groups');
|
|
|
|
|
const topics = require('../topics');
|
2019-12-16 08:44:55 -05:00
|
|
|
const privileges = require('../privileges');
|
2023-09-25 14:35:26 -04:00
|
|
|
const privilegeHelpers = require('../privileges/helpers');
|
2019-12-16 08:44:55 -05:00
|
|
|
const plugins = require('../plugins');
|
2020-06-03 20:18:42 -04:00
|
|
|
const helpers = require('./helpers');
|
2019-12-16 08:44:55 -05:00
|
|
|
const auth = require('../routes/authentication');
|
2021-04-02 10:40:48 -04:00
|
|
|
const writeRouter = require('../routes/write');
|
Bootstrap5 (#10894)
* chore: up deps
* chore: up composer
* fix(deps): bump 2factor to v7
* chore: up harmony
* chore: up harmony
* fix: missing await
* feat: allow middlewares to pass in template values via res.locals
* feat: buildAccountData middleware automatically added ot all account routes
* fix: properly allow values in res.locals.templateValues to be added to the template data
* refactor: user/blocks
* refactor(accounts): categories and consent
* feat: automatically 404 if exposeUid or exposeGroupName come up empty
* refactor: remove calls to getUserDataByUserSlug for most account routes, since it is populated via middleware now
* fix: allow exposeUid and exposeGroupName to work with slugs with mixed capitalization
* fix: move reputation removal check to accountHelpers method
* test: skip i18n tests if ref branch when present is not develop
* fix(deps): bump theme versions
* fix(deps): bump ntfy and 2factor
* chore: up harmony
* fix: add missing return
* fix: #11191, only focus on search input on md environments and up
* feat: allow file uploads on mobile chat
closes https://github.com/NodeBB/NodeBB/issues/11217
* chore: up themes
* chore: add lang string
* fix(deps): bump ntfy to 1.0.15
* refactor: use new if/each syntax
* chore: up composer
* fix: regression from user helper refactor
* chore: up harmony
* chore: up composer
* chore: up harmony
* chore: up harmony
* chore: up harmony
* chore: fix composer version
* feat: add increment helper
* chore: up harmony
* fix: #11228 no timestamps in future :hourglass:
* chore: up harmony
* check config.theme as well
fire action:posts.loaded after processing dom
* chore: up harmony
* chore: up harmony
* chore: up harmony
* chore: up themes
* chore: up harmony
* remove extra class
* refactor: move these to core from harmony
* chore: up widgets
* chore: up widgets
* height auto
* fix: closes #11238
* dont focus inputs, annoying on mobile
* fix: dont focus twice, only focus on chat input on desktop
dont wrap widget footer in row
* chore: up harmony
* chore: up harmony
* update chat window
* chore: up themes
* fix cache buster for skins
* chat fixes
* chore: up harmony
* chore: up composer
* refactor: change hook logs to debug
* fix: scroll to post right after adding to dom
* fix: hash scrolling and highlighting correct post
* test: re-enable read API schema tests
* fix: add back schema changes for 179faa2270f2ad955dcc4a7b04755acce59e6ffd and c3920ccb10d8ead2dcd9914bb1784bed3f6adfd4
* fix: schema changes from 488f0978a4aa1ca1e4d2a1f2e8c7ef7a681f2f27
* fix: schema changes for f4cf482a874701ce80c0f306c49d8788cec66f87
* fix: schema update for be6bbabd0e2551fbe9571dcf3ee40ad721764543
* fix: schema changes for 69c96078ea78ee2c45885a90a6f6a59f9042a33c
* fix: schema changes for d1364c313021e48a879a818b24947e1457c062f7
* fix: schema changes for 84ff1152f7552dd866e25a90972d970b9861107e
* fix: schema changes for b860c2605c209e0650ef98f4c80d842ea23a51ce
* fix: schema changes for 23cb67a1126481848fac39aafd1e253441e76d7f
* fix: schema changes for b916e42f400dac8aa51670b15e439f87f0eb8939
* fix: schema change for a9bbb586fcb3a1c61b5fb69052236e78cdf7d743
* fix: schema changes for 4b738c8cd36c936a1dbe2bb900c694bf6c5520ec
* fix: schema changes for 58b5781cea9acb129e6604a82ab5a5bfc0d8394d
* fix: schema changes for 794bf01b21709c4be06584d576d706b3d6342057
* fix: schema changes for 80ea12c1c1963f5b39fb64841e4f3c8da3c87af2, e368feef51e0766f119c9710fb4db8f64724725c, and 52ead114bec961c62fa2eb0786540e229f6e4873
* fix: composer-default object in config?
* fix: schema changes for 9acdc6808c070555352951c651921df181b10993 and 093093420027999df3c67bf0ea6024f6dbf81d2d
* fix: schema changes for c0a52924f1f7ef8caeaacda67363ac269b56042c
* fix: schema change for aba420a3f3b774e949c2539c73f3dc0e1ae79a38, move loggedInUser to optional props
* fix: schema changes for 8c67031609da30d788561459f8bb76e9a69253de
* fix: schema changes for 27e53b42f3ce48fa61d3754375715cd41ffe808d
* fix: schema changes for 28359665187b0a3b9ec6226dca1234ebdbd725a5
* fix: breaking test for email confirmation API call
* fix: schema changes for refactored search page
* fix: schema changes for user object
* fix: schema changes for 9f531f957e08eabb4bae844ddd67bde14d9b59f0
* fix: schema changes for c4042c70decd628e5b880bd109515b47e4e16164 and 23175110a29640e6fa052db1079bfedb34a61055
* fix: schema changes for 9b3616b10392e247974eb0c1e6225a1582bf6c69
* fix: schema changes for 5afd5de07d42fd33f039a6f85ded3b4992200e5a
* fix: schema change for 1d7baf12171cffbd3af8914bef4e6297d1160d49
* fix: schema changes for 57bfb37c55a839662144e684875003ab52315ecc and be6bbabd0e2551fbe9571dcf3ee40ad721764543
* fix: schema changes for 6e86b4afa20d662af8b9f1c07518df2d8c258105 and 3efad2e13b7319eb9a1f4fda7af047be43ebc11f and 68f66223e73a72f378f193c83a9b5546bede2cda
* fix: allowing optional qs prop in pagination keys (not sure why this didn't break before)
* fix: re-login on email change
* fix: schema changes for c926358d734a2fa410de87f4e4a91744215fc14a
* fix: schema changes for 388a8270c9882892bad5c8141f65da8d59eac0fd
* fix: schema change for 2658bcc821c22e137a6eeb9bb74098856a642eaf
* fix: no need to call account middlewares for chats routes
* fix: schema changes for 71743affc3e58dc85d4ffa15ce043d4d9ddd3d67
* fix: final schema changes
* test: support for anyOf and oneOf
* fix: check thumb
* dont scroll to top on back press
* remove group log
* fix: add top margin to merged and deleted alerts
* chore: up widgets
* fix: improve fix-lists mixin
* chore: up harmony/composer
* feat: allow hiding quicksearch results during search
* dont record searches made by composer
* chore: up 54
* chore: up spam be gone
* feat: add prev/next page and page count into mobile paginator
* chore: up harmony
* chore: up harmony
* use old style for IS
* fix: hide entire toolbar row if no posts or not singlePost
* fix: updated messaging for post-queue template, #11206
* fix: btn-sm on post queue back button
* fix: bump harmony, closes #11206
* fix: remove unused alert module import
* fix: bump harmony
* fix: bump harmony
* chore: up harmony
* refactor: IS scrolltop
* fix: update users:search-user-for-chat source string
* feat: support for mark-read toggle on chats dropdown and recent chats list
* feat: api v3 calls to mark chat read/unread
* feat: send event:chats.mark socket event on mark read or unread
* refactor: allow frontend to mark chats as unread, use new API v3 routes instead of socket calls, better frontend event handling
* docs: openapi schema updates for chat marking
* fix: allow unread state toggling in chats dropdown too
* fix: issue where repeated openings of the chats dropdown would continually add events for mark-read/unread
* fix: debug log
* refactor: move userSearch filter to a module
* feat(routes): allow remounting /categories (#11230)
* feat: send flags count to frontend on flags list page
* refactor: filter form client-side js to extract out some logic
* fix: applyFilters to not take any arguments, update selectedCids in updateButton instead of onHidden
* fix: use userFilter module for assignee, reporterId, targetUid
* fix(openapi): schema changes for updated flags page
* fix: dont allow adding duplicates to userFilter
* use same var
* remove log
* fix: closes #11282
* feat: lang key for x-topics
* chore: up harmony
* chore: up emoji
* chore: up harmony
* fix: update userFilter to allow new option `selectedBlock`
* fix: wrong block name passed to userFilter
* fix: https://github.com/NodeBB/NodeBB/issues/11283
* fix: chats, allow multiple dropdowns like in harmony
* chore: up harmony
* refactor: flag note adding/editing, closes #11285
* fix: remove old prepareEdit logic
* chore: add caveat about hacky code block in userFilter module
* fix: placeholders for userFilter module
* refactor: navigator so it works with multiple thumbs/navigators
* chore: up harmony
* fix: closes #11287, destroy quick reply autocomplete
on navigation
* fix: filter disabled categories on user categories page count
* chore: up harmony
* docs: update openapi spec to include info about passing in timestamps for topic creation, removing timestamp as valid request param for topic replying
* fix: send back null values on ACP search dashboard for startDate and endDate if not expicitly passed in, fix tests
* fix: tweak table order in ACP dash searches
* fix: only invoke navigator click drag on left mouse button
* feat: add back unread indicator to navigator
* clear bookmark on mark unread
* fix: navigator crash on ajaxify
* better thumb top calculation
* fix: reset user bookmark when topic is marked unread
* Revert "fix: reset user bookmark when topic is marked unread"
This reverts commit 9bcd85c2c6848c3d325d32027261809da6e11c9e.
* fix: update unread indicator on scroll, add unread count
* chore: bump harmony
* fix: crash on navigator unread update when backing out of a topic
* fix: closes #11183
* fix: update topics:recent zset when rescheduling a topic
* fix: dupe quote button, increase delay, hide immediately on empty selection
* fix: navigator not showing up on first load
* refactor: remove glance
assorted fixes to navigator
dont reduce remaning count if user scrolls down and up quickly
only call topic.navigatorCallback when index changes
* more sanity checks for bookmark
dont allow setting bookmark higher than topic postcount
* closes #11218, :train:
* Revert "fix: update topics:recent zset when rescheduling a topic"
This reverts commit 737973cca9e94b6cb3867492a09e1e0b1af391d5.
* fix: #11306, show proper error if queued post doesn't exist
was showing no-privileges if someone else accepted the post
* https://github.com/NodeBB/NodeBB/issues/11307
dont use li
* chore: up harmony
* chore: bump version string
* fix: copy paste fail
* feat: closes #7382, tag filtering
add client side support for filtering by tags on /category, /recent and /unread
* chore: up harmony
* chore: up harmony
* Revert "fix: add back req.query fallback for backwards compatibility" [breaking]
This reverts commit cf6cc2c454dc35c330393c62ee8ce67b42d8eefb.
This commit is no longer required as passing in a CSRF token via query parameter is no longer supported as of NodeBB v3.x
This is a breaking change.
* fix: pass csrf token in form data, re: NodeBB/NodeBB#11309
* chore: up deps
* fix: tests, use x-csrf-token query param removed
* test: fix csrf_token
* lint: remove unused
* feat: add itemprop="image" to avatar helper
* fix: get chat upload button in chat modal
* breaking: remove deprecated socket.io methods
* test: update messaging tests to not use sockets
* fix: parent post links
* fix: prevent post tooltip if mouse leaves before data/tpl is loaded
* chore: up harmony
* chore: up harmony
* chore: up harmony
* chore: up harmony
* fix: nested replies indices
* fix(deps): bump 2factor
* feat: add loggedIn user to all api routes
* chore: up themes
* refactor: audit admin v3 write api routes as per #11321
* refactor: audit category v3 write api routes as per #11321 [breaking]
docs: fix open api spec for #11321
* refactor: audit chat v3 write api routes as per #11321
* refactor: audit files v3 write api routes as per #11321
* refactor: audit flags v3 write api routes as per #11321
* refactor: audit posts v3 write api routes as per #11321
* refactor: audit topics v3 write api routes as per #11321
* refactor: audit users v3 write api routes as per #11321
* fix: lang string
* remove min height
* fix: empty topic/labels taking up space
* fix: tag filtering when changing filter to watched topics
or changing popular time limit to month
* chore: up harmony
* fix: closes #11354, show no post error if queued post already accepted/rejected
* test: #11354
* test: #11354
* fix(deps): bump 2factor
* fix: #11357 clear cache on thumb remove
* fix: thumb remove on windows, closes #11357
* test: openapi for thumbs
* test: fix openapi
---------
Co-authored-by: Julian Lam <julian@nodebb.org>
Co-authored-by: Opliko <opliko.reg@protonmail.com>
2023-03-17 11:58:31 -04:00
|
|
|
const accountHelpers = require('../controllers/accounts/helpers');
|
2018-09-04 15:43:33 +02:00
|
|
|
|
2019-12-16 08:44:55 -05:00
|
|
|
const controllers = {
|
2017-02-17 19:31:21 -07:00
|
|
|
helpers: require('../controllers/helpers'),
|
2020-10-01 10:52:05 -04:00
|
|
|
authentication: require('../controllers/authentication'),
|
2016-08-26 18:50:37 +03:00
|
|
|
};
|
|
|
|
|
|
2020-10-01 13:30:00 -04:00
|
|
|
const passportAuthenticateAsync = function (req, res) {
|
|
|
|
|
return new Promise((resolve, reject) => {
|
2021-04-02 10:40:48 -04:00
|
|
|
passport.authenticate('core.api', (err, user) => {
|
2020-10-01 13:30:00 -04:00
|
|
|
if (err) {
|
|
|
|
|
reject(err);
|
|
|
|
|
} else {
|
|
|
|
|
resolve(user);
|
2021-04-02 10:40:48 -04:00
|
|
|
res.on('finish', writeRouter.cleanup.bind(null, req));
|
2020-10-01 13:30:00 -04:00
|
|
|
}
|
|
|
|
|
})(req, res);
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
2016-10-13 11:43:39 +02:00
|
|
|
module.exports = function (middleware) {
|
2020-06-03 20:18:42 -04:00
|
|
|
async function authenticate(req, res) {
|
2021-11-28 19:31:08 -05:00
|
|
|
async function finishLogin(req, user) {
|
|
|
|
|
const loginAsync = util.promisify(req.login).bind(req);
|
2022-08-13 20:24:42 -04:00
|
|
|
await loginAsync(user, { keepSessionInfo: true });
|
2021-11-28 19:31:08 -05:00
|
|
|
await controllers.authentication.onSuccessfulLogin(req, user.uid);
|
2023-01-30 11:48:10 -05:00
|
|
|
req.uid = parseInt(user.uid, 10);
|
2021-11-28 19:31:08 -05:00
|
|
|
req.loggedIn = req.uid > 0;
|
|
|
|
|
return true;
|
|
|
|
|
}
|
2020-10-01 16:22:19 -04:00
|
|
|
|
2022-01-20 18:22:10 -05:00
|
|
|
if (res.locals.isAPI && (req.loggedIn || !req.headers.hasOwnProperty('authorization'))) {
|
2020-12-07 15:44:34 -05:00
|
|
|
// If authenticated via cookie (express-session), protect routes with CSRF checking
|
2022-01-20 18:22:10 -05:00
|
|
|
await middleware.applyCSRFasync(req, res);
|
|
|
|
|
}
|
2020-10-13 16:58:44 -04:00
|
|
|
|
2022-01-20 18:22:10 -05:00
|
|
|
if (req.loggedIn) {
|
2020-06-03 20:18:42 -04:00
|
|
|
return true;
|
2020-10-01 10:52:05 -04:00
|
|
|
} else if (req.headers.hasOwnProperty('authorization')) {
|
2020-10-01 13:30:00 -04:00
|
|
|
const user = await passportAuthenticateAsync(req, res);
|
|
|
|
|
if (!user) { return true; }
|
|
|
|
|
|
|
|
|
|
if (user.hasOwnProperty('uid')) {
|
2021-11-28 19:31:08 -05:00
|
|
|
return await finishLogin(req, user);
|
2020-10-01 13:30:00 -04:00
|
|
|
} else if (user.hasOwnProperty('master') && user.master === true) {
|
2021-11-26 18:59:29 -05:00
|
|
|
// If the token received was a master token, a _uid must also be present for all calls
|
2020-10-01 13:30:00 -04:00
|
|
|
if (req.body.hasOwnProperty('_uid') || req.query.hasOwnProperty('_uid')) {
|
|
|
|
|
user.uid = req.body._uid || req.query._uid;
|
|
|
|
|
delete user.master;
|
2021-11-28 19:31:08 -05:00
|
|
|
return await finishLogin(req, user);
|
2020-10-01 10:52:05 -04:00
|
|
|
}
|
2020-10-01 16:22:19 -04:00
|
|
|
|
2021-07-09 11:40:05 -04:00
|
|
|
throw new Error('[[error:api.master-token-no-uid]]');
|
2020-10-01 13:30:00 -04:00
|
|
|
} else {
|
|
|
|
|
winston.warn('[api/authenticate] Unable to find user after verifying token');
|
|
|
|
|
return true;
|
|
|
|
|
}
|
2017-05-12 17:53:23 -04:00
|
|
|
}
|
2020-04-24 11:49:56 -04:00
|
|
|
|
2020-11-20 16:06:26 -05:00
|
|
|
await plugins.hooks.fire('response:middleware.authenticate', {
|
2020-04-24 11:49:56 -04:00
|
|
|
req: req,
|
|
|
|
|
res: res,
|
2021-11-18 16:42:18 -05:00
|
|
|
next: function () {}, // no-op for backwards compatibility
|
2020-04-24 11:49:56 -04:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
if (!res.headersSent) {
|
2020-06-03 20:18:42 -04:00
|
|
|
auth.setAuthVars(req);
|
2017-05-12 17:53:23 -04:00
|
|
|
}
|
2020-06-03 20:18:42 -04:00
|
|
|
return !res.headersSent;
|
2018-12-07 13:31:31 -05:00
|
|
|
}
|
|
|
|
|
|
2021-03-08 14:03:22 -05:00
|
|
|
middleware.authenticateRequest = helpers.try(async (req, res, next) => {
|
2021-12-30 16:14:33 -05:00
|
|
|
const { skip } = await plugins.hooks.fire('filter:middleware.authenticate', {
|
|
|
|
|
skip: {
|
|
|
|
|
// get: [],
|
|
|
|
|
post: ['/api/v3/utilities/login'],
|
|
|
|
|
// etc...
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const mountedPath = path.join(req.baseUrl, req.path).replace(nconf.get('relative_path'), '');
|
|
|
|
|
const method = req.method.toLowerCase();
|
|
|
|
|
if (skip[method] && skip[method].includes(mountedPath)) {
|
|
|
|
|
return next();
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-03 20:18:42 -04:00
|
|
|
if (!await authenticate(req, res)) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
next();
|
|
|
|
|
});
|
2017-05-12 17:53:23 -04:00
|
|
|
|
2021-02-04 00:01:39 -07:00
|
|
|
middleware.ensureSelfOrGlobalPrivilege = helpers.try(async (req, res, next) => {
|
2020-06-03 20:18:42 -04:00
|
|
|
await ensureSelfOrMethod(user.isAdminOrGlobalMod, req, res, next);
|
|
|
|
|
});
|
2017-05-12 17:53:23 -04:00
|
|
|
|
2021-02-04 00:01:39 -07:00
|
|
|
middleware.ensureSelfOrPrivileged = helpers.try(async (req, res, next) => {
|
2020-06-03 20:18:42 -04:00
|
|
|
await ensureSelfOrMethod(user.isPrivileged, req, res, next);
|
|
|
|
|
});
|
2017-05-12 17:53:23 -04:00
|
|
|
|
2019-12-16 08:44:55 -05:00
|
|
|
async function ensureSelfOrMethod(method, req, res, next) {
|
2017-05-12 17:53:23 -04:00
|
|
|
/*
|
|
|
|
|
The "self" part of this middleware hinges on you having used
|
|
|
|
|
middleware.exposeUid prior to invoking this middleware.
|
|
|
|
|
*/
|
2019-12-16 08:44:55 -05:00
|
|
|
if (!req.loggedIn) {
|
|
|
|
|
return controllers.helpers.notAllowed(req, res);
|
|
|
|
|
}
|
|
|
|
|
if (req.uid === parseInt(res.locals.uid, 10)) {
|
2020-06-03 20:18:42 -04:00
|
|
|
return next();
|
2019-12-16 08:44:55 -05:00
|
|
|
}
|
|
|
|
|
const allowed = await method(req.uid);
|
|
|
|
|
if (!allowed) {
|
|
|
|
|
return controllers.helpers.notAllowed(req, res);
|
|
|
|
|
}
|
2020-02-26 12:26:52 -05:00
|
|
|
|
|
|
|
|
return next();
|
2017-05-12 17:53:23 -04:00
|
|
|
}
|
|
|
|
|
|
2021-02-04 00:01:39 -07:00
|
|
|
middleware.canViewUsers = helpers.try(async (req, res, next) => {
|
2019-03-26 12:24:28 -04:00
|
|
|
if (parseInt(res.locals.uid, 10) === req.uid) {
|
|
|
|
|
return next();
|
|
|
|
|
}
|
2019-12-16 08:44:55 -05:00
|
|
|
const canView = await privileges.global.can('view:users', req.uid);
|
|
|
|
|
if (canView) {
|
|
|
|
|
return next();
|
|
|
|
|
}
|
|
|
|
|
controllers.helpers.notAllowed(req, res);
|
2020-06-03 20:18:42 -04:00
|
|
|
});
|
2016-08-26 18:50:37 +03:00
|
|
|
|
2021-02-04 00:01:39 -07:00
|
|
|
middleware.canViewGroups = helpers.try(async (req, res, next) => {
|
2019-12-16 08:44:55 -05:00
|
|
|
const canView = await privileges.global.can('view:groups', req.uid);
|
|
|
|
|
if (canView) {
|
|
|
|
|
return next();
|
|
|
|
|
}
|
|
|
|
|
controllers.helpers.notAllowed(req, res);
|
2020-06-03 20:18:42 -04:00
|
|
|
});
|
2016-08-26 18:50:37 +03:00
|
|
|
|
2021-12-10 17:16:54 -05:00
|
|
|
middleware.canChat = helpers.try(async (req, res, next) => {
|
2023-10-17 13:19:25 -04:00
|
|
|
const canChat = await privileges.global.can(['chat', 'chat:privileged'], req.uid);
|
|
|
|
|
if (canChat.includes(true)) {
|
2021-12-10 17:16:54 -05:00
|
|
|
return next();
|
|
|
|
|
}
|
|
|
|
|
controllers.helpers.notAllowed(req, res);
|
|
|
|
|
});
|
|
|
|
|
|
2021-02-04 00:01:39 -07:00
|
|
|
middleware.checkAccountPermissions = helpers.try(async (req, res, next) => {
|
2016-08-26 18:50:37 +03:00
|
|
|
// This middleware ensures that only the requested user and admins can pass
|
2021-03-08 14:47:33 -05:00
|
|
|
|
|
|
|
|
// This check if left behind for legacy purposes. Older plugins may call this middleware without ensureLoggedIn
|
2020-06-03 20:18:42 -04:00
|
|
|
if (!req.loggedIn) {
|
|
|
|
|
return controllers.helpers.notAllowed(req, res);
|
|
|
|
|
}
|
2021-03-08 14:47:33 -05:00
|
|
|
|
2022-09-19 10:08:18 -04:00
|
|
|
if (!['uid', 'userslug'].some(param => req.params.hasOwnProperty(param))) {
|
|
|
|
|
return controllers.helpers.notAllowed(req, res);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const uid = req.params.uid || await user.getUidByUserslug(req.params.userslug);
|
2019-12-16 08:44:55 -05:00
|
|
|
let allowed = await privileges.users.canEdit(req.uid, uid);
|
|
|
|
|
if (allowed) {
|
|
|
|
|
return next();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (/user\/.+\/info$/.test(req.path)) {
|
|
|
|
|
allowed = await privileges.global.can('view:users:info', req.uid);
|
|
|
|
|
}
|
|
|
|
|
if (allowed) {
|
|
|
|
|
return next();
|
|
|
|
|
}
|
Bootstrap5 (#10894)
* chore: up deps
* chore: up composer
* fix(deps): bump 2factor to v7
* chore: up harmony
* chore: up harmony
* fix: missing await
* feat: allow middlewares to pass in template values via res.locals
* feat: buildAccountData middleware automatically added ot all account routes
* fix: properly allow values in res.locals.templateValues to be added to the template data
* refactor: user/blocks
* refactor(accounts): categories and consent
* feat: automatically 404 if exposeUid or exposeGroupName come up empty
* refactor: remove calls to getUserDataByUserSlug for most account routes, since it is populated via middleware now
* fix: allow exposeUid and exposeGroupName to work with slugs with mixed capitalization
* fix: move reputation removal check to accountHelpers method
* test: skip i18n tests if ref branch when present is not develop
* fix(deps): bump theme versions
* fix(deps): bump ntfy and 2factor
* chore: up harmony
* fix: add missing return
* fix: #11191, only focus on search input on md environments and up
* feat: allow file uploads on mobile chat
closes https://github.com/NodeBB/NodeBB/issues/11217
* chore: up themes
* chore: add lang string
* fix(deps): bump ntfy to 1.0.15
* refactor: use new if/each syntax
* chore: up composer
* fix: regression from user helper refactor
* chore: up harmony
* chore: up composer
* chore: up harmony
* chore: up harmony
* chore: up harmony
* chore: fix composer version
* feat: add increment helper
* chore: up harmony
* fix: #11228 no timestamps in future :hourglass:
* chore: up harmony
* check config.theme as well
fire action:posts.loaded after processing dom
* chore: up harmony
* chore: up harmony
* chore: up harmony
* chore: up themes
* chore: up harmony
* remove extra class
* refactor: move these to core from harmony
* chore: up widgets
* chore: up widgets
* height auto
* fix: closes #11238
* dont focus inputs, annoying on mobile
* fix: dont focus twice, only focus on chat input on desktop
dont wrap widget footer in row
* chore: up harmony
* chore: up harmony
* update chat window
* chore: up themes
* fix cache buster for skins
* chat fixes
* chore: up harmony
* chore: up composer
* refactor: change hook logs to debug
* fix: scroll to post right after adding to dom
* fix: hash scrolling and highlighting correct post
* test: re-enable read API schema tests
* fix: add back schema changes for 179faa2270f2ad955dcc4a7b04755acce59e6ffd and c3920ccb10d8ead2dcd9914bb1784bed3f6adfd4
* fix: schema changes from 488f0978a4aa1ca1e4d2a1f2e8c7ef7a681f2f27
* fix: schema changes for f4cf482a874701ce80c0f306c49d8788cec66f87
* fix: schema update for be6bbabd0e2551fbe9571dcf3ee40ad721764543
* fix: schema changes for 69c96078ea78ee2c45885a90a6f6a59f9042a33c
* fix: schema changes for d1364c313021e48a879a818b24947e1457c062f7
* fix: schema changes for 84ff1152f7552dd866e25a90972d970b9861107e
* fix: schema changes for b860c2605c209e0650ef98f4c80d842ea23a51ce
* fix: schema changes for 23cb67a1126481848fac39aafd1e253441e76d7f
* fix: schema changes for b916e42f400dac8aa51670b15e439f87f0eb8939
* fix: schema change for a9bbb586fcb3a1c61b5fb69052236e78cdf7d743
* fix: schema changes for 4b738c8cd36c936a1dbe2bb900c694bf6c5520ec
* fix: schema changes for 58b5781cea9acb129e6604a82ab5a5bfc0d8394d
* fix: schema changes for 794bf01b21709c4be06584d576d706b3d6342057
* fix: schema changes for 80ea12c1c1963f5b39fb64841e4f3c8da3c87af2, e368feef51e0766f119c9710fb4db8f64724725c, and 52ead114bec961c62fa2eb0786540e229f6e4873
* fix: composer-default object in config?
* fix: schema changes for 9acdc6808c070555352951c651921df181b10993 and 093093420027999df3c67bf0ea6024f6dbf81d2d
* fix: schema changes for c0a52924f1f7ef8caeaacda67363ac269b56042c
* fix: schema change for aba420a3f3b774e949c2539c73f3dc0e1ae79a38, move loggedInUser to optional props
* fix: schema changes for 8c67031609da30d788561459f8bb76e9a69253de
* fix: schema changes for 27e53b42f3ce48fa61d3754375715cd41ffe808d
* fix: schema changes for 28359665187b0a3b9ec6226dca1234ebdbd725a5
* fix: breaking test for email confirmation API call
* fix: schema changes for refactored search page
* fix: schema changes for user object
* fix: schema changes for 9f531f957e08eabb4bae844ddd67bde14d9b59f0
* fix: schema changes for c4042c70decd628e5b880bd109515b47e4e16164 and 23175110a29640e6fa052db1079bfedb34a61055
* fix: schema changes for 9b3616b10392e247974eb0c1e6225a1582bf6c69
* fix: schema changes for 5afd5de07d42fd33f039a6f85ded3b4992200e5a
* fix: schema change for 1d7baf12171cffbd3af8914bef4e6297d1160d49
* fix: schema changes for 57bfb37c55a839662144e684875003ab52315ecc and be6bbabd0e2551fbe9571dcf3ee40ad721764543
* fix: schema changes for 6e86b4afa20d662af8b9f1c07518df2d8c258105 and 3efad2e13b7319eb9a1f4fda7af047be43ebc11f and 68f66223e73a72f378f193c83a9b5546bede2cda
* fix: allowing optional qs prop in pagination keys (not sure why this didn't break before)
* fix: re-login on email change
* fix: schema changes for c926358d734a2fa410de87f4e4a91744215fc14a
* fix: schema changes for 388a8270c9882892bad5c8141f65da8d59eac0fd
* fix: schema change for 2658bcc821c22e137a6eeb9bb74098856a642eaf
* fix: no need to call account middlewares for chats routes
* fix: schema changes for 71743affc3e58dc85d4ffa15ce043d4d9ddd3d67
* fix: final schema changes
* test: support for anyOf and oneOf
* fix: check thumb
* dont scroll to top on back press
* remove group log
* fix: add top margin to merged and deleted alerts
* chore: up widgets
* fix: improve fix-lists mixin
* chore: up harmony/composer
* feat: allow hiding quicksearch results during search
* dont record searches made by composer
* chore: up 54
* chore: up spam be gone
* feat: add prev/next page and page count into mobile paginator
* chore: up harmony
* chore: up harmony
* use old style for IS
* fix: hide entire toolbar row if no posts or not singlePost
* fix: updated messaging for post-queue template, #11206
* fix: btn-sm on post queue back button
* fix: bump harmony, closes #11206
* fix: remove unused alert module import
* fix: bump harmony
* fix: bump harmony
* chore: up harmony
* refactor: IS scrolltop
* fix: update users:search-user-for-chat source string
* feat: support for mark-read toggle on chats dropdown and recent chats list
* feat: api v3 calls to mark chat read/unread
* feat: send event:chats.mark socket event on mark read or unread
* refactor: allow frontend to mark chats as unread, use new API v3 routes instead of socket calls, better frontend event handling
* docs: openapi schema updates for chat marking
* fix: allow unread state toggling in chats dropdown too
* fix: issue where repeated openings of the chats dropdown would continually add events for mark-read/unread
* fix: debug log
* refactor: move userSearch filter to a module
* feat(routes): allow remounting /categories (#11230)
* feat: send flags count to frontend on flags list page
* refactor: filter form client-side js to extract out some logic
* fix: applyFilters to not take any arguments, update selectedCids in updateButton instead of onHidden
* fix: use userFilter module for assignee, reporterId, targetUid
* fix(openapi): schema changes for updated flags page
* fix: dont allow adding duplicates to userFilter
* use same var
* remove log
* fix: closes #11282
* feat: lang key for x-topics
* chore: up harmony
* chore: up emoji
* chore: up harmony
* fix: update userFilter to allow new option `selectedBlock`
* fix: wrong block name passed to userFilter
* fix: https://github.com/NodeBB/NodeBB/issues/11283
* fix: chats, allow multiple dropdowns like in harmony
* chore: up harmony
* refactor: flag note adding/editing, closes #11285
* fix: remove old prepareEdit logic
* chore: add caveat about hacky code block in userFilter module
* fix: placeholders for userFilter module
* refactor: navigator so it works with multiple thumbs/navigators
* chore: up harmony
* fix: closes #11287, destroy quick reply autocomplete
on navigation
* fix: filter disabled categories on user categories page count
* chore: up harmony
* docs: update openapi spec to include info about passing in timestamps for topic creation, removing timestamp as valid request param for topic replying
* fix: send back null values on ACP search dashboard for startDate and endDate if not expicitly passed in, fix tests
* fix: tweak table order in ACP dash searches
* fix: only invoke navigator click drag on left mouse button
* feat: add back unread indicator to navigator
* clear bookmark on mark unread
* fix: navigator crash on ajaxify
* better thumb top calculation
* fix: reset user bookmark when topic is marked unread
* Revert "fix: reset user bookmark when topic is marked unread"
This reverts commit 9bcd85c2c6848c3d325d32027261809da6e11c9e.
* fix: update unread indicator on scroll, add unread count
* chore: bump harmony
* fix: crash on navigator unread update when backing out of a topic
* fix: closes #11183
* fix: update topics:recent zset when rescheduling a topic
* fix: dupe quote button, increase delay, hide immediately on empty selection
* fix: navigator not showing up on first load
* refactor: remove glance
assorted fixes to navigator
dont reduce remaning count if user scrolls down and up quickly
only call topic.navigatorCallback when index changes
* more sanity checks for bookmark
dont allow setting bookmark higher than topic postcount
* closes #11218, :train:
* Revert "fix: update topics:recent zset when rescheduling a topic"
This reverts commit 737973cca9e94b6cb3867492a09e1e0b1af391d5.
* fix: #11306, show proper error if queued post doesn't exist
was showing no-privileges if someone else accepted the post
* https://github.com/NodeBB/NodeBB/issues/11307
dont use li
* chore: up harmony
* chore: bump version string
* fix: copy paste fail
* feat: closes #7382, tag filtering
add client side support for filtering by tags on /category, /recent and /unread
* chore: up harmony
* chore: up harmony
* Revert "fix: add back req.query fallback for backwards compatibility" [breaking]
This reverts commit cf6cc2c454dc35c330393c62ee8ce67b42d8eefb.
This commit is no longer required as passing in a CSRF token via query parameter is no longer supported as of NodeBB v3.x
This is a breaking change.
* fix: pass csrf token in form data, re: NodeBB/NodeBB#11309
* chore: up deps
* fix: tests, use x-csrf-token query param removed
* test: fix csrf_token
* lint: remove unused
* feat: add itemprop="image" to avatar helper
* fix: get chat upload button in chat modal
* breaking: remove deprecated socket.io methods
* test: update messaging tests to not use sockets
* fix: parent post links
* fix: prevent post tooltip if mouse leaves before data/tpl is loaded
* chore: up harmony
* chore: up harmony
* chore: up harmony
* chore: up harmony
* fix: nested replies indices
* fix(deps): bump 2factor
* feat: add loggedIn user to all api routes
* chore: up themes
* refactor: audit admin v3 write api routes as per #11321
* refactor: audit category v3 write api routes as per #11321 [breaking]
docs: fix open api spec for #11321
* refactor: audit chat v3 write api routes as per #11321
* refactor: audit files v3 write api routes as per #11321
* refactor: audit flags v3 write api routes as per #11321
* refactor: audit posts v3 write api routes as per #11321
* refactor: audit topics v3 write api routes as per #11321
* refactor: audit users v3 write api routes as per #11321
* fix: lang string
* remove min height
* fix: empty topic/labels taking up space
* fix: tag filtering when changing filter to watched topics
or changing popular time limit to month
* chore: up harmony
* fix: closes #11354, show no post error if queued post already accepted/rejected
* test: #11354
* test: #11354
* fix(deps): bump 2factor
* fix: #11357 clear cache on thumb remove
* fix: thumb remove on windows, closes #11357
* test: openapi for thumbs
* test: fix openapi
---------
Co-authored-by: Julian Lam <julian@nodebb.org>
Co-authored-by: Opliko <opliko.reg@protonmail.com>
2023-03-17 11:58:31 -04:00
|
|
|
|
2019-12-16 08:44:55 -05:00
|
|
|
controllers.helpers.notAllowed(req, res);
|
2020-06-03 20:18:42 -04:00
|
|
|
});
|
2016-08-26 18:50:37 +03:00
|
|
|
|
2021-02-04 00:01:39 -07:00
|
|
|
middleware.redirectToAccountIfLoggedIn = helpers.try(async (req, res, next) => {
|
2018-12-17 16:03:01 -05:00
|
|
|
if (req.session.forceLogin || req.uid <= 0) {
|
2016-08-26 18:50:37 +03:00
|
|
|
return next();
|
|
|
|
|
}
|
2019-12-16 08:44:55 -05:00
|
|
|
const userslug = await user.getUserField(req.uid, 'userslug');
|
2021-02-03 23:59:08 -07:00
|
|
|
controllers.helpers.redirect(res, `/user/${userslug}`);
|
2020-06-03 20:18:42 -04:00
|
|
|
});
|
2016-08-26 18:50:37 +03:00
|
|
|
|
2021-02-04 00:01:39 -07:00
|
|
|
middleware.redirectUidToUserslug = helpers.try(async (req, res, next) => {
|
2019-12-16 08:44:55 -05:00
|
|
|
const uid = parseInt(req.params.uid, 10);
|
2018-11-17 22:31:39 -05:00
|
|
|
if (uid <= 0) {
|
2016-08-26 18:50:37 +03:00
|
|
|
return next();
|
|
|
|
|
}
|
2024-04-12 12:50:51 -04:00
|
|
|
const [canView, userslug] = await Promise.all([
|
|
|
|
|
privileges.global.can('view:users', req.uid),
|
|
|
|
|
user.getUserField(uid, 'userslug'),
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
if (!userslug || (!canView && req.uid !== uid)) {
|
2019-12-16 08:44:55 -05:00
|
|
|
return next();
|
|
|
|
|
}
|
2021-04-15 12:43:28 -04:00
|
|
|
const path = req.url.replace(/^\/api/, '')
|
|
|
|
|
.replace(`/uid/${uid}`, () => `/user/${userslug}`);
|
2023-08-16 20:28:34 -04:00
|
|
|
controllers.helpers.redirect(res, path, true);
|
2020-06-03 20:18:42 -04:00
|
|
|
});
|
2016-08-26 18:50:37 +03:00
|
|
|
|
2021-02-04 00:01:39 -07:00
|
|
|
middleware.redirectMeToUserslug = helpers.try(async (req, res) => {
|
2019-12-16 08:44:55 -05:00
|
|
|
const userslug = await user.getUserField(req.uid, 'userslug');
|
|
|
|
|
if (!userslug) {
|
|
|
|
|
return controllers.helpers.notAllowed(req, res);
|
|
|
|
|
}
|
2021-11-28 18:48:52 -05:00
|
|
|
const path = req.url.replace(/^(\/api)?\/me/, () => `/user/${userslug}`);
|
2019-12-16 08:44:55 -05:00
|
|
|
controllers.helpers.redirect(res, path);
|
2020-06-03 20:18:42 -04:00
|
|
|
});
|
2017-11-16 15:38:26 -07:00
|
|
|
|
2023-12-13 13:18:07 -05:00
|
|
|
middleware.redirectToHomeIfBanned = helpers.try(async (req, res, next) => {
|
|
|
|
|
if (req.loggedIn) {
|
|
|
|
|
const canLoginIfBanned = await user.bans.canLoginIfBanned(req.uid);
|
|
|
|
|
if (!canLoginIfBanned) {
|
|
|
|
|
req.logout(() => {
|
|
|
|
|
res.redirect('/');
|
|
|
|
|
});
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
next();
|
|
|
|
|
});
|
|
|
|
|
|
2016-10-13 11:43:39 +02:00
|
|
|
middleware.requireUser = function (req, res, next) {
|
2018-01-31 15:20:17 -05:00
|
|
|
if (req.loggedIn) {
|
2016-08-26 18:50:37 +03:00
|
|
|
return next();
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-18 12:30:49 -07:00
|
|
|
res.status(403).render('403', { title: '[[global:403.title]]' });
|
2016-08-26 18:50:37 +03:00
|
|
|
};
|
|
|
|
|
|
Bootstrap5 (#10894)
* chore: up deps
* chore: up composer
* fix(deps): bump 2factor to v7
* chore: up harmony
* chore: up harmony
* fix: missing await
* feat: allow middlewares to pass in template values via res.locals
* feat: buildAccountData middleware automatically added ot all account routes
* fix: properly allow values in res.locals.templateValues to be added to the template data
* refactor: user/blocks
* refactor(accounts): categories and consent
* feat: automatically 404 if exposeUid or exposeGroupName come up empty
* refactor: remove calls to getUserDataByUserSlug for most account routes, since it is populated via middleware now
* fix: allow exposeUid and exposeGroupName to work with slugs with mixed capitalization
* fix: move reputation removal check to accountHelpers method
* test: skip i18n tests if ref branch when present is not develop
* fix(deps): bump theme versions
* fix(deps): bump ntfy and 2factor
* chore: up harmony
* fix: add missing return
* fix: #11191, only focus on search input on md environments and up
* feat: allow file uploads on mobile chat
closes https://github.com/NodeBB/NodeBB/issues/11217
* chore: up themes
* chore: add lang string
* fix(deps): bump ntfy to 1.0.15
* refactor: use new if/each syntax
* chore: up composer
* fix: regression from user helper refactor
* chore: up harmony
* chore: up composer
* chore: up harmony
* chore: up harmony
* chore: up harmony
* chore: fix composer version
* feat: add increment helper
* chore: up harmony
* fix: #11228 no timestamps in future :hourglass:
* chore: up harmony
* check config.theme as well
fire action:posts.loaded after processing dom
* chore: up harmony
* chore: up harmony
* chore: up harmony
* chore: up themes
* chore: up harmony
* remove extra class
* refactor: move these to core from harmony
* chore: up widgets
* chore: up widgets
* height auto
* fix: closes #11238
* dont focus inputs, annoying on mobile
* fix: dont focus twice, only focus on chat input on desktop
dont wrap widget footer in row
* chore: up harmony
* chore: up harmony
* update chat window
* chore: up themes
* fix cache buster for skins
* chat fixes
* chore: up harmony
* chore: up composer
* refactor: change hook logs to debug
* fix: scroll to post right after adding to dom
* fix: hash scrolling and highlighting correct post
* test: re-enable read API schema tests
* fix: add back schema changes for 179faa2270f2ad955dcc4a7b04755acce59e6ffd and c3920ccb10d8ead2dcd9914bb1784bed3f6adfd4
* fix: schema changes from 488f0978a4aa1ca1e4d2a1f2e8c7ef7a681f2f27
* fix: schema changes for f4cf482a874701ce80c0f306c49d8788cec66f87
* fix: schema update for be6bbabd0e2551fbe9571dcf3ee40ad721764543
* fix: schema changes for 69c96078ea78ee2c45885a90a6f6a59f9042a33c
* fix: schema changes for d1364c313021e48a879a818b24947e1457c062f7
* fix: schema changes for 84ff1152f7552dd866e25a90972d970b9861107e
* fix: schema changes for b860c2605c209e0650ef98f4c80d842ea23a51ce
* fix: schema changes for 23cb67a1126481848fac39aafd1e253441e76d7f
* fix: schema changes for b916e42f400dac8aa51670b15e439f87f0eb8939
* fix: schema change for a9bbb586fcb3a1c61b5fb69052236e78cdf7d743
* fix: schema changes for 4b738c8cd36c936a1dbe2bb900c694bf6c5520ec
* fix: schema changes for 58b5781cea9acb129e6604a82ab5a5bfc0d8394d
* fix: schema changes for 794bf01b21709c4be06584d576d706b3d6342057
* fix: schema changes for 80ea12c1c1963f5b39fb64841e4f3c8da3c87af2, e368feef51e0766f119c9710fb4db8f64724725c, and 52ead114bec961c62fa2eb0786540e229f6e4873
* fix: composer-default object in config?
* fix: schema changes for 9acdc6808c070555352951c651921df181b10993 and 093093420027999df3c67bf0ea6024f6dbf81d2d
* fix: schema changes for c0a52924f1f7ef8caeaacda67363ac269b56042c
* fix: schema change for aba420a3f3b774e949c2539c73f3dc0e1ae79a38, move loggedInUser to optional props
* fix: schema changes for 8c67031609da30d788561459f8bb76e9a69253de
* fix: schema changes for 27e53b42f3ce48fa61d3754375715cd41ffe808d
* fix: schema changes for 28359665187b0a3b9ec6226dca1234ebdbd725a5
* fix: breaking test for email confirmation API call
* fix: schema changes for refactored search page
* fix: schema changes for user object
* fix: schema changes for 9f531f957e08eabb4bae844ddd67bde14d9b59f0
* fix: schema changes for c4042c70decd628e5b880bd109515b47e4e16164 and 23175110a29640e6fa052db1079bfedb34a61055
* fix: schema changes for 9b3616b10392e247974eb0c1e6225a1582bf6c69
* fix: schema changes for 5afd5de07d42fd33f039a6f85ded3b4992200e5a
* fix: schema change for 1d7baf12171cffbd3af8914bef4e6297d1160d49
* fix: schema changes for 57bfb37c55a839662144e684875003ab52315ecc and be6bbabd0e2551fbe9571dcf3ee40ad721764543
* fix: schema changes for 6e86b4afa20d662af8b9f1c07518df2d8c258105 and 3efad2e13b7319eb9a1f4fda7af047be43ebc11f and 68f66223e73a72f378f193c83a9b5546bede2cda
* fix: allowing optional qs prop in pagination keys (not sure why this didn't break before)
* fix: re-login on email change
* fix: schema changes for c926358d734a2fa410de87f4e4a91744215fc14a
* fix: schema changes for 388a8270c9882892bad5c8141f65da8d59eac0fd
* fix: schema change for 2658bcc821c22e137a6eeb9bb74098856a642eaf
* fix: no need to call account middlewares for chats routes
* fix: schema changes for 71743affc3e58dc85d4ffa15ce043d4d9ddd3d67
* fix: final schema changes
* test: support for anyOf and oneOf
* fix: check thumb
* dont scroll to top on back press
* remove group log
* fix: add top margin to merged and deleted alerts
* chore: up widgets
* fix: improve fix-lists mixin
* chore: up harmony/composer
* feat: allow hiding quicksearch results during search
* dont record searches made by composer
* chore: up 54
* chore: up spam be gone
* feat: add prev/next page and page count into mobile paginator
* chore: up harmony
* chore: up harmony
* use old style for IS
* fix: hide entire toolbar row if no posts or not singlePost
* fix: updated messaging for post-queue template, #11206
* fix: btn-sm on post queue back button
* fix: bump harmony, closes #11206
* fix: remove unused alert module import
* fix: bump harmony
* fix: bump harmony
* chore: up harmony
* refactor: IS scrolltop
* fix: update users:search-user-for-chat source string
* feat: support for mark-read toggle on chats dropdown and recent chats list
* feat: api v3 calls to mark chat read/unread
* feat: send event:chats.mark socket event on mark read or unread
* refactor: allow frontend to mark chats as unread, use new API v3 routes instead of socket calls, better frontend event handling
* docs: openapi schema updates for chat marking
* fix: allow unread state toggling in chats dropdown too
* fix: issue where repeated openings of the chats dropdown would continually add events for mark-read/unread
* fix: debug log
* refactor: move userSearch filter to a module
* feat(routes): allow remounting /categories (#11230)
* feat: send flags count to frontend on flags list page
* refactor: filter form client-side js to extract out some logic
* fix: applyFilters to not take any arguments, update selectedCids in updateButton instead of onHidden
* fix: use userFilter module for assignee, reporterId, targetUid
* fix(openapi): schema changes for updated flags page
* fix: dont allow adding duplicates to userFilter
* use same var
* remove log
* fix: closes #11282
* feat: lang key for x-topics
* chore: up harmony
* chore: up emoji
* chore: up harmony
* fix: update userFilter to allow new option `selectedBlock`
* fix: wrong block name passed to userFilter
* fix: https://github.com/NodeBB/NodeBB/issues/11283
* fix: chats, allow multiple dropdowns like in harmony
* chore: up harmony
* refactor: flag note adding/editing, closes #11285
* fix: remove old prepareEdit logic
* chore: add caveat about hacky code block in userFilter module
* fix: placeholders for userFilter module
* refactor: navigator so it works with multiple thumbs/navigators
* chore: up harmony
* fix: closes #11287, destroy quick reply autocomplete
on navigation
* fix: filter disabled categories on user categories page count
* chore: up harmony
* docs: update openapi spec to include info about passing in timestamps for topic creation, removing timestamp as valid request param for topic replying
* fix: send back null values on ACP search dashboard for startDate and endDate if not expicitly passed in, fix tests
* fix: tweak table order in ACP dash searches
* fix: only invoke navigator click drag on left mouse button
* feat: add back unread indicator to navigator
* clear bookmark on mark unread
* fix: navigator crash on ajaxify
* better thumb top calculation
* fix: reset user bookmark when topic is marked unread
* Revert "fix: reset user bookmark when topic is marked unread"
This reverts commit 9bcd85c2c6848c3d325d32027261809da6e11c9e.
* fix: update unread indicator on scroll, add unread count
* chore: bump harmony
* fix: crash on navigator unread update when backing out of a topic
* fix: closes #11183
* fix: update topics:recent zset when rescheduling a topic
* fix: dupe quote button, increase delay, hide immediately on empty selection
* fix: navigator not showing up on first load
* refactor: remove glance
assorted fixes to navigator
dont reduce remaning count if user scrolls down and up quickly
only call topic.navigatorCallback when index changes
* more sanity checks for bookmark
dont allow setting bookmark higher than topic postcount
* closes #11218, :train:
* Revert "fix: update topics:recent zset when rescheduling a topic"
This reverts commit 737973cca9e94b6cb3867492a09e1e0b1af391d5.
* fix: #11306, show proper error if queued post doesn't exist
was showing no-privileges if someone else accepted the post
* https://github.com/NodeBB/NodeBB/issues/11307
dont use li
* chore: up harmony
* chore: bump version string
* fix: copy paste fail
* feat: closes #7382, tag filtering
add client side support for filtering by tags on /category, /recent and /unread
* chore: up harmony
* chore: up harmony
* Revert "fix: add back req.query fallback for backwards compatibility" [breaking]
This reverts commit cf6cc2c454dc35c330393c62ee8ce67b42d8eefb.
This commit is no longer required as passing in a CSRF token via query parameter is no longer supported as of NodeBB v3.x
This is a breaking change.
* fix: pass csrf token in form data, re: NodeBB/NodeBB#11309
* chore: up deps
* fix: tests, use x-csrf-token query param removed
* test: fix csrf_token
* lint: remove unused
* feat: add itemprop="image" to avatar helper
* fix: get chat upload button in chat modal
* breaking: remove deprecated socket.io methods
* test: update messaging tests to not use sockets
* fix: parent post links
* fix: prevent post tooltip if mouse leaves before data/tpl is loaded
* chore: up harmony
* chore: up harmony
* chore: up harmony
* chore: up harmony
* fix: nested replies indices
* fix(deps): bump 2factor
* feat: add loggedIn user to all api routes
* chore: up themes
* refactor: audit admin v3 write api routes as per #11321
* refactor: audit category v3 write api routes as per #11321 [breaking]
docs: fix open api spec for #11321
* refactor: audit chat v3 write api routes as per #11321
* refactor: audit files v3 write api routes as per #11321
* refactor: audit flags v3 write api routes as per #11321
* refactor: audit posts v3 write api routes as per #11321
* refactor: audit topics v3 write api routes as per #11321
* refactor: audit users v3 write api routes as per #11321
* fix: lang string
* remove min height
* fix: empty topic/labels taking up space
* fix: tag filtering when changing filter to watched topics
or changing popular time limit to month
* chore: up harmony
* fix: closes #11354, show no post error if queued post already accepted/rejected
* test: #11354
* test: #11354
* fix(deps): bump 2factor
* fix: #11357 clear cache on thumb remove
* fix: thumb remove on windows, closes #11357
* test: openapi for thumbs
* test: fix openapi
---------
Co-authored-by: Julian Lam <julian@nodebb.org>
Co-authored-by: Opliko <opliko.reg@protonmail.com>
2023-03-17 11:58:31 -04:00
|
|
|
middleware.buildAccountData = async (req, res, next) => {
|
2024-06-11 16:24:56 -04:00
|
|
|
// use lowercase slug on api routes, or direct to the user/<lowercaseslug>
|
|
|
|
|
const lowercaseSlug = req.params.userslug.toLowerCase();
|
|
|
|
|
if (req.params.userslug !== lowercaseSlug) {
|
|
|
|
|
if (res.locals.isAPI) {
|
|
|
|
|
req.params.userslug = lowercaseSlug;
|
|
|
|
|
} else {
|
|
|
|
|
return res.redirect(`${nconf.get('relative_path')}/user/${lowercaseSlug}`);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-11 15:38:40 -04:00
|
|
|
res.locals.userData = await accountHelpers.getUserDataByUserSlug(req.params.userslug, req.uid, req.query);
|
Bootstrap5 (#10894)
* chore: up deps
* chore: up composer
* fix(deps): bump 2factor to v7
* chore: up harmony
* chore: up harmony
* fix: missing await
* feat: allow middlewares to pass in template values via res.locals
* feat: buildAccountData middleware automatically added ot all account routes
* fix: properly allow values in res.locals.templateValues to be added to the template data
* refactor: user/blocks
* refactor(accounts): categories and consent
* feat: automatically 404 if exposeUid or exposeGroupName come up empty
* refactor: remove calls to getUserDataByUserSlug for most account routes, since it is populated via middleware now
* fix: allow exposeUid and exposeGroupName to work with slugs with mixed capitalization
* fix: move reputation removal check to accountHelpers method
* test: skip i18n tests if ref branch when present is not develop
* fix(deps): bump theme versions
* fix(deps): bump ntfy and 2factor
* chore: up harmony
* fix: add missing return
* fix: #11191, only focus on search input on md environments and up
* feat: allow file uploads on mobile chat
closes https://github.com/NodeBB/NodeBB/issues/11217
* chore: up themes
* chore: add lang string
* fix(deps): bump ntfy to 1.0.15
* refactor: use new if/each syntax
* chore: up composer
* fix: regression from user helper refactor
* chore: up harmony
* chore: up composer
* chore: up harmony
* chore: up harmony
* chore: up harmony
* chore: fix composer version
* feat: add increment helper
* chore: up harmony
* fix: #11228 no timestamps in future :hourglass:
* chore: up harmony
* check config.theme as well
fire action:posts.loaded after processing dom
* chore: up harmony
* chore: up harmony
* chore: up harmony
* chore: up themes
* chore: up harmony
* remove extra class
* refactor: move these to core from harmony
* chore: up widgets
* chore: up widgets
* height auto
* fix: closes #11238
* dont focus inputs, annoying on mobile
* fix: dont focus twice, only focus on chat input on desktop
dont wrap widget footer in row
* chore: up harmony
* chore: up harmony
* update chat window
* chore: up themes
* fix cache buster for skins
* chat fixes
* chore: up harmony
* chore: up composer
* refactor: change hook logs to debug
* fix: scroll to post right after adding to dom
* fix: hash scrolling and highlighting correct post
* test: re-enable read API schema tests
* fix: add back schema changes for 179faa2270f2ad955dcc4a7b04755acce59e6ffd and c3920ccb10d8ead2dcd9914bb1784bed3f6adfd4
* fix: schema changes from 488f0978a4aa1ca1e4d2a1f2e8c7ef7a681f2f27
* fix: schema changes for f4cf482a874701ce80c0f306c49d8788cec66f87
* fix: schema update for be6bbabd0e2551fbe9571dcf3ee40ad721764543
* fix: schema changes for 69c96078ea78ee2c45885a90a6f6a59f9042a33c
* fix: schema changes for d1364c313021e48a879a818b24947e1457c062f7
* fix: schema changes for 84ff1152f7552dd866e25a90972d970b9861107e
* fix: schema changes for b860c2605c209e0650ef98f4c80d842ea23a51ce
* fix: schema changes for 23cb67a1126481848fac39aafd1e253441e76d7f
* fix: schema changes for b916e42f400dac8aa51670b15e439f87f0eb8939
* fix: schema change for a9bbb586fcb3a1c61b5fb69052236e78cdf7d743
* fix: schema changes for 4b738c8cd36c936a1dbe2bb900c694bf6c5520ec
* fix: schema changes for 58b5781cea9acb129e6604a82ab5a5bfc0d8394d
* fix: schema changes for 794bf01b21709c4be06584d576d706b3d6342057
* fix: schema changes for 80ea12c1c1963f5b39fb64841e4f3c8da3c87af2, e368feef51e0766f119c9710fb4db8f64724725c, and 52ead114bec961c62fa2eb0786540e229f6e4873
* fix: composer-default object in config?
* fix: schema changes for 9acdc6808c070555352951c651921df181b10993 and 093093420027999df3c67bf0ea6024f6dbf81d2d
* fix: schema changes for c0a52924f1f7ef8caeaacda67363ac269b56042c
* fix: schema change for aba420a3f3b774e949c2539c73f3dc0e1ae79a38, move loggedInUser to optional props
* fix: schema changes for 8c67031609da30d788561459f8bb76e9a69253de
* fix: schema changes for 27e53b42f3ce48fa61d3754375715cd41ffe808d
* fix: schema changes for 28359665187b0a3b9ec6226dca1234ebdbd725a5
* fix: breaking test for email confirmation API call
* fix: schema changes for refactored search page
* fix: schema changes for user object
* fix: schema changes for 9f531f957e08eabb4bae844ddd67bde14d9b59f0
* fix: schema changes for c4042c70decd628e5b880bd109515b47e4e16164 and 23175110a29640e6fa052db1079bfedb34a61055
* fix: schema changes for 9b3616b10392e247974eb0c1e6225a1582bf6c69
* fix: schema changes for 5afd5de07d42fd33f039a6f85ded3b4992200e5a
* fix: schema change for 1d7baf12171cffbd3af8914bef4e6297d1160d49
* fix: schema changes for 57bfb37c55a839662144e684875003ab52315ecc and be6bbabd0e2551fbe9571dcf3ee40ad721764543
* fix: schema changes for 6e86b4afa20d662af8b9f1c07518df2d8c258105 and 3efad2e13b7319eb9a1f4fda7af047be43ebc11f and 68f66223e73a72f378f193c83a9b5546bede2cda
* fix: allowing optional qs prop in pagination keys (not sure why this didn't break before)
* fix: re-login on email change
* fix: schema changes for c926358d734a2fa410de87f4e4a91744215fc14a
* fix: schema changes for 388a8270c9882892bad5c8141f65da8d59eac0fd
* fix: schema change for 2658bcc821c22e137a6eeb9bb74098856a642eaf
* fix: no need to call account middlewares for chats routes
* fix: schema changes for 71743affc3e58dc85d4ffa15ce043d4d9ddd3d67
* fix: final schema changes
* test: support for anyOf and oneOf
* fix: check thumb
* dont scroll to top on back press
* remove group log
* fix: add top margin to merged and deleted alerts
* chore: up widgets
* fix: improve fix-lists mixin
* chore: up harmony/composer
* feat: allow hiding quicksearch results during search
* dont record searches made by composer
* chore: up 54
* chore: up spam be gone
* feat: add prev/next page and page count into mobile paginator
* chore: up harmony
* chore: up harmony
* use old style for IS
* fix: hide entire toolbar row if no posts or not singlePost
* fix: updated messaging for post-queue template, #11206
* fix: btn-sm on post queue back button
* fix: bump harmony, closes #11206
* fix: remove unused alert module import
* fix: bump harmony
* fix: bump harmony
* chore: up harmony
* refactor: IS scrolltop
* fix: update users:search-user-for-chat source string
* feat: support for mark-read toggle on chats dropdown and recent chats list
* feat: api v3 calls to mark chat read/unread
* feat: send event:chats.mark socket event on mark read or unread
* refactor: allow frontend to mark chats as unread, use new API v3 routes instead of socket calls, better frontend event handling
* docs: openapi schema updates for chat marking
* fix: allow unread state toggling in chats dropdown too
* fix: issue where repeated openings of the chats dropdown would continually add events for mark-read/unread
* fix: debug log
* refactor: move userSearch filter to a module
* feat(routes): allow remounting /categories (#11230)
* feat: send flags count to frontend on flags list page
* refactor: filter form client-side js to extract out some logic
* fix: applyFilters to not take any arguments, update selectedCids in updateButton instead of onHidden
* fix: use userFilter module for assignee, reporterId, targetUid
* fix(openapi): schema changes for updated flags page
* fix: dont allow adding duplicates to userFilter
* use same var
* remove log
* fix: closes #11282
* feat: lang key for x-topics
* chore: up harmony
* chore: up emoji
* chore: up harmony
* fix: update userFilter to allow new option `selectedBlock`
* fix: wrong block name passed to userFilter
* fix: https://github.com/NodeBB/NodeBB/issues/11283
* fix: chats, allow multiple dropdowns like in harmony
* chore: up harmony
* refactor: flag note adding/editing, closes #11285
* fix: remove old prepareEdit logic
* chore: add caveat about hacky code block in userFilter module
* fix: placeholders for userFilter module
* refactor: navigator so it works with multiple thumbs/navigators
* chore: up harmony
* fix: closes #11287, destroy quick reply autocomplete
on navigation
* fix: filter disabled categories on user categories page count
* chore: up harmony
* docs: update openapi spec to include info about passing in timestamps for topic creation, removing timestamp as valid request param for topic replying
* fix: send back null values on ACP search dashboard for startDate and endDate if not expicitly passed in, fix tests
* fix: tweak table order in ACP dash searches
* fix: only invoke navigator click drag on left mouse button
* feat: add back unread indicator to navigator
* clear bookmark on mark unread
* fix: navigator crash on ajaxify
* better thumb top calculation
* fix: reset user bookmark when topic is marked unread
* Revert "fix: reset user bookmark when topic is marked unread"
This reverts commit 9bcd85c2c6848c3d325d32027261809da6e11c9e.
* fix: update unread indicator on scroll, add unread count
* chore: bump harmony
* fix: crash on navigator unread update when backing out of a topic
* fix: closes #11183
* fix: update topics:recent zset when rescheduling a topic
* fix: dupe quote button, increase delay, hide immediately on empty selection
* fix: navigator not showing up on first load
* refactor: remove glance
assorted fixes to navigator
dont reduce remaning count if user scrolls down and up quickly
only call topic.navigatorCallback when index changes
* more sanity checks for bookmark
dont allow setting bookmark higher than topic postcount
* closes #11218, :train:
* Revert "fix: update topics:recent zset when rescheduling a topic"
This reverts commit 737973cca9e94b6cb3867492a09e1e0b1af391d5.
* fix: #11306, show proper error if queued post doesn't exist
was showing no-privileges if someone else accepted the post
* https://github.com/NodeBB/NodeBB/issues/11307
dont use li
* chore: up harmony
* chore: bump version string
* fix: copy paste fail
* feat: closes #7382, tag filtering
add client side support for filtering by tags on /category, /recent and /unread
* chore: up harmony
* chore: up harmony
* Revert "fix: add back req.query fallback for backwards compatibility" [breaking]
This reverts commit cf6cc2c454dc35c330393c62ee8ce67b42d8eefb.
This commit is no longer required as passing in a CSRF token via query parameter is no longer supported as of NodeBB v3.x
This is a breaking change.
* fix: pass csrf token in form data, re: NodeBB/NodeBB#11309
* chore: up deps
* fix: tests, use x-csrf-token query param removed
* test: fix csrf_token
* lint: remove unused
* feat: add itemprop="image" to avatar helper
* fix: get chat upload button in chat modal
* breaking: remove deprecated socket.io methods
* test: update messaging tests to not use sockets
* fix: parent post links
* fix: prevent post tooltip if mouse leaves before data/tpl is loaded
* chore: up harmony
* chore: up harmony
* chore: up harmony
* chore: up harmony
* fix: nested replies indices
* fix(deps): bump 2factor
* feat: add loggedIn user to all api routes
* chore: up themes
* refactor: audit admin v3 write api routes as per #11321
* refactor: audit category v3 write api routes as per #11321 [breaking]
docs: fix open api spec for #11321
* refactor: audit chat v3 write api routes as per #11321
* refactor: audit files v3 write api routes as per #11321
* refactor: audit flags v3 write api routes as per #11321
* refactor: audit posts v3 write api routes as per #11321
* refactor: audit topics v3 write api routes as per #11321
* refactor: audit users v3 write api routes as per #11321
* fix: lang string
* remove min height
* fix: empty topic/labels taking up space
* fix: tag filtering when changing filter to watched topics
or changing popular time limit to month
* chore: up harmony
* fix: closes #11354, show no post error if queued post already accepted/rejected
* test: #11354
* test: #11354
* fix(deps): bump 2factor
* fix: #11357 clear cache on thumb remove
* fix: thumb remove on windows, closes #11357
* test: openapi for thumbs
* test: fix openapi
---------
Co-authored-by: Julian Lam <julian@nodebb.org>
Co-authored-by: Opliko <opliko.reg@protonmail.com>
2023-03-17 11:58:31 -04:00
|
|
|
next();
|
|
|
|
|
};
|
|
|
|
|
|
2021-01-25 16:01:10 -05:00
|
|
|
middleware.registrationComplete = async function registrationComplete(req, res, next) {
|
2023-05-03 13:42:28 -04:00
|
|
|
/**
|
|
|
|
|
* Redirect the user to complete registration if:
|
|
|
|
|
* * user's session contains registration data
|
|
|
|
|
* * email is required and they have no confirmed email (pending doesn't count, but admins are OK)
|
|
|
|
|
*/
|
|
|
|
|
const path = req.path.startsWith('/api/') ? req.path.replace('/api', '') : req.path;
|
|
|
|
|
|
2023-09-25 14:35:26 -04:00
|
|
|
if (meta.config.requireEmailAddress && await requiresEmailConfirmation(req)) {
|
|
|
|
|
req.session.registration = {
|
|
|
|
|
...req.session.registration,
|
|
|
|
|
uid: req.uid,
|
|
|
|
|
updateEmail: true,
|
|
|
|
|
};
|
2023-05-11 11:34:24 -04:00
|
|
|
}
|
2023-05-03 13:42:28 -04:00
|
|
|
|
2023-05-11 11:34:24 -04:00
|
|
|
if (!req.session.hasOwnProperty('registration')) {
|
2018-11-12 00:20:44 -05:00
|
|
|
return setImmediate(next);
|
2017-02-18 14:27:26 -07:00
|
|
|
}
|
2021-01-25 16:01:10 -05:00
|
|
|
|
|
|
|
|
const { allowed } = await plugins.hooks.fire('filter:middleware.registrationComplete', {
|
2023-05-11 11:34:24 -04:00
|
|
|
allowed: ['/register/complete', '/confirm/'],
|
2021-01-25 16:01:10 -05:00
|
|
|
});
|
2023-05-11 11:34:24 -04:00
|
|
|
if (allowed.includes(path) || allowed.some(p => path.startsWith(p))) {
|
|
|
|
|
return setImmediate(next);
|
2016-08-26 18:50:37 +03:00
|
|
|
}
|
2023-05-11 11:34:24 -04:00
|
|
|
|
|
|
|
|
// Append user data if present
|
|
|
|
|
req.session.registration.uid = req.session.registration.uid || req.uid;
|
|
|
|
|
|
|
|
|
|
controllers.helpers.redirect(res, '/register/complete');
|
2016-08-26 18:50:37 +03:00
|
|
|
};
|
2023-09-25 14:35:26 -04:00
|
|
|
|
|
|
|
|
async function requiresEmailConfirmation(req) {
|
|
|
|
|
/**
|
|
|
|
|
* N.B. THIS IS NOT AN AUTHENTICATION MECHANISM
|
|
|
|
|
*
|
|
|
|
|
* It merely decides whether or not the accessed category is restricted to
|
|
|
|
|
* verified users only, and renders a decision (Boolean) based on whether
|
|
|
|
|
* the calling user is verified or not.
|
|
|
|
|
*/
|
|
|
|
|
if (req.uid <= 0) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Extract tid or cid
|
|
|
|
|
const [confirmed, isAdmin] = await Promise.all([
|
|
|
|
|
groups.isMember(req.uid, 'verified-users'),
|
|
|
|
|
user.isAdministrator(req.uid),
|
|
|
|
|
]);
|
|
|
|
|
if (confirmed || isAdmin) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let cid;
|
2023-09-26 13:37:43 -04:00
|
|
|
let privilege;
|
2023-09-25 14:35:26 -04:00
|
|
|
if (req.params.hasOwnProperty('category_id')) {
|
|
|
|
|
cid = req.params.category_id;
|
2023-09-26 13:37:43 -04:00
|
|
|
privilege = 'read';
|
2023-09-25 14:35:26 -04:00
|
|
|
} else if (req.params.hasOwnProperty('topic_id')) {
|
|
|
|
|
cid = await topics.getTopicField(req.params.topic_id, 'cid');
|
2023-09-26 13:37:43 -04:00
|
|
|
privilege = 'topics:read';
|
2023-09-25 14:35:26 -04:00
|
|
|
} else {
|
|
|
|
|
return false; // not a category or topic url, no check required
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const [registeredAllowed, verifiedAllowed] = await Promise.all([
|
2023-09-26 13:37:43 -04:00
|
|
|
privilegeHelpers.isAllowedTo([privilege], 'registered-users', cid),
|
|
|
|
|
privilegeHelpers.isAllowedTo([privilege], 'verified-users', cid),
|
2023-09-25 14:35:26 -04:00
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
return !registeredAllowed.pop() && verifiedAllowed.pop();
|
|
|
|
|
}
|
2016-08-26 18:50:37 +03:00
|
|
|
};
|
