NodeBB/src/controllers/api.js

'use strict';

var async = require('async');
var validator = require('validator');
var nconf = require('nconf');

var meta = require('../meta');
var user = require('../user');
var posts = require('../posts');
var topics = require('../topics');
var categories = require('../categories');
var privileges = require('../privileges');
var plugins = require('../plugins');
var translator = require('../translator');
var languages = require('../languages');

var apiController = module.exports;

apiController.loadConfig = function (req, callback) {
	var config = {};
	config.relative_path = nconf.get('relative_path');
	config.upload_url = nconf.get('upload_url');
	config.siteTitle = validator.escape(String(meta.config.title || meta.config.browserTitle || 'NodeBB'));
	config.browserTitle = validator.escape(String(meta.config.browserTitle || meta.config.title || 'NodeBB'));
	config.titleLayout = (meta.config.titleLayout || '{pageTitle} | {browserTitle}').replace(/{/g, '{').replace(/}/g, '}');
	config.showSiteTitle = meta.config.showSiteTitle === 1;
	config.minimumTitleLength = meta.config.minimumTitleLength;
	config.maximumTitleLength = meta.config.maximumTitleLength;
	config.minimumPostLength = meta.config.minimumPostLength;
	config.maximumPostLength = meta.config.maximumPostLength;
	config.minimumTagsPerTopic = meta.config.minimumTagsPerTopic || 0;
	config.maximumTagsPerTopic = meta.config.maximumTagsPerTopic || 5;
	config.minimumTagLength = meta.config.minimumTagLength || 3;
	config.maximumTagLength = meta.config.maximumTagLength || 15;
	config.useOutgoingLinksPage = meta.config.useOutgoingLinksPage === 1;
	config.allowGuestHandles = meta.config.allowGuestHandles === 1;
	config.allowFileUploads = meta.config.allowFileUploads === 1;
	config.allowTopicsThumbnail = meta.config.allowTopicsThumbnail === 1;
	config.usePagination = meta.config.usePagination === 1;
	config.disableChat = meta.config.disableChat === 1;
	config.disableChatMessageEditing = meta.config.disableChatMessageEditing === 1;
	config.maximumChatMessageLength = meta.config.maximumChatMessageLength || 1000;
	config.socketioTransports = nconf.get('socket.io:transports') || ['polling', 'websocket'];
	config.socketioOrigins = nconf.get('socket.io:origins');
	config.websocketAddress = nconf.get('socket.io:address') || '';
	config.maxReconnectionAttempts = meta.config.maxReconnectionAttempts || 5;
	config.reconnectionDelay = meta.config.reconnectionDelay || 1500;
	config.topicsPerPage = meta.config.topicsPerPage || 20;
	config.postsPerPage = meta.config.postsPerPage || 20;
	config.maximumFileSize = meta.config.maximumFileSize;
	config['theme:id'] = meta.config['theme:id'];
	config['theme:src'] = meta.config['theme:src'];
	config.defaultLang = meta.config.defaultLang || 'en-GB';
	config.userLang = req.query.lang ? validator.escape(String(req.query.lang)) : config.defaultLang;
	config.loggedIn = !!req.user;
	config.uid = req.uid;
	config['cache-buster'] = meta.config['cache-buster'] || '';
	config.requireEmailConfirmation = meta.config.requireEmailConfirmation === 1;
	config.topicPostSort = meta.config.topicPostSort || 'oldest_to_newest';
	config.categoryTopicSort = meta.config.categoryTopicSort || 'newest_to_oldest';
	config.csrf_token = req.uid >= 0 && req.csrfToken && req.csrfToken();
	config.searchEnabled = plugins.hasListeners('filter:search.query');
	config.bootswatchSkin = meta.config.bootswatchSkin || '';
	config.enablePostHistory = (meta.config.enablePostHistory || 1) === 1;
	config.notificationAlertTimeout = meta.config.notificationAlertTimeout || 5000;
	config.timeagoCodes = languages.timeagoCodes;

	if (config.useOutgoingLinksPage) {
		config.outgoingLinksWhitelist = meta.config['outgoingLinks:whitelist'];
	}

	var timeagoCutoff = meta.config.timeagoCutoff === undefined ? 30 : meta.config.timeagoCutoff;
	config.timeagoCutoff = timeagoCutoff !== '' ? Math.max(0, parseInt(timeagoCutoff, 10)) : timeagoCutoff;

	config.cookies = {
		enabled: meta.config.cookieConsentEnabled === 1,
		message: translator.escape(validator.escape(meta.config.cookieConsentMessage || '[[global:cookies.message]]')).replace(/\\/g, '\\\\'),
		dismiss: translator.escape(validator.escape(meta.config.cookieConsentDismiss || '[[global:cookies.accept]]')).replace(/\\/g, '\\\\'),
		link: translator.escape(validator.escape(meta.config.cookieConsentLink || '[[global:cookies.learn_more]]')).replace(/\\/g, '\\\\'),
		link_url: translator.escape(validator.escape(meta.config.cookieConsentLinkUrl || 'https://www.cookiesandyou.com')).replace(/\\/g, '\\\\'),
	};

	async.waterfall([
		function (next) {
			if (!req.loggedIn) {
				return next(null, config);
			}
			user.getSettings(req.uid, next);
		},
		function (settings, next) {
			// Handle old skin configs
			const oldSkins = ['noskin', 'default'];
			settings.bootswatchSkin = oldSkins.includes(settings.bootswatchSkin) ? '' : settings.bootswatchSkin;

			config.usePagination = settings.usePagination;
			config.topicsPerPage = settings.topicsPerPage;
			config.postsPerPage = settings.postsPerPage;
			config.userLang = (req.query.lang ? validator.escape(String(req.query.lang)) : null) || settings.userLang || config.defaultLang;
			config.acpLang = (req.query.lang ? validator.escape(String(req.query.lang)) : null) || settings.acpLang;
			config.openOutgoingLinksInNewTab = settings.openOutgoingLinksInNewTab;
			config.topicPostSort = settings.topicPostSort || config.topicPostSort;
			config.categoryTopicSort = settings.categoryTopicSort || config.categoryTopicSort;
			config.topicSearchEnabled = settings.topicSearchEnabled || false;
			config.bootswatchSkin = (meta.config.disableCustomUserSkins !== 1 && settings.bootswatchSkin && settings.bootswatchSkin !== '') ? settings.bootswatchSkin : '';
			plugins.fireHook('filter:config.get', config, next);
		},
		function (config, next) {
			req.res.locals.config = config;
			process.nextTick(next, null, config);
		},
	], callback);
};

apiController.getConfig = function (req, res, next) {
	async.waterfall([
		function (next) {
			apiController.loadConfig(req, next);
		},
		function (config, next) {
			if (res.locals.isAPI) {
				res.json(config);
			} else {
				next(null, config);
			}
		},
	], next);
};

apiController.getPostData = function (pid, uid, callback) {
	async.parallel({
		privileges: function (next) {
			privileges.posts.get([pid], uid, next);
		},
		post: function (next) {
			posts.getPostData(pid, next);
		},
		voted: async.apply(posts.hasVoted, pid, uid),
	}, function (err, results) {
		if (err || !results.post) {
			return callback(err);
		}

		var post = results.post;
		Object.assign(post, results.voted);

		var privileges = results.privileges[0];
		if (!privileges.read || !privileges['topics:read']) {
			return callback();
		}

		post.ip = privileges.isAdminOrMod ? post.ip : undefined;
		var selfPost = uid && uid === parseInt(post.uid, 10);
		if (post.deleted && !(privileges.isAdminOrMod || selfPost)) {
			post.content = '[[topic:post_is_deleted]]';
		}
		callback(null, post);
	});
};

apiController.getTopicData = function (tid, uid, callback) {
	async.parallel({
		privileges: function (next) {
			privileges.topics.get(tid, uid, next);
		},
		topic: function (next) {
			topics.getTopicData(tid, next);
		},
	}, function (err, results) {
		if (err || !results.topic) {
			return callback(err);
		}

		if (!results.privileges.read || !results.privileges['topics:read'] || (results.topic.deleted && !results.privileges.view_deleted)) {
			return callback();
		}
		callback(null, results.topic);
	});
};

apiController.getCategoryData = function (cid, uid, callback) {
	async.parallel({
		privileges: function (next) {
			privileges.categories.get(cid, uid, next);
		},
		category: function (next) {
			categories.getCategoryData(cid, next);
		},
	}, function (err, results) {
		if (err || !results.category) {
			return callback(err);
		}

		if (!results.privileges.read) {
			return callback();
		}
		callback(null, results.category);
	});
};


apiController.getObject = function (req, res, next) {
	var methods = {
		post: apiController.getPostData,
		topic: apiController.getTopicData,
		category: apiController.getCategoryData,
	};
	var method = methods[req.params.type];
	if (!method) {
		return next();
	}
	method(req.params.id, req.uid, function (err, result) {
		if (err || !result) {
			return next(err);
		}

		res.json(result);
	});
};

apiController.getModerators = function (req, res, next) {
	categories.getModerators(req.params.cid, function (err, moderators) {
		if (err) {
			return next(err);
		}
		res.json({ moderators: moderators });
	});
};