src/routes/api.js

"use strict";

var path = require('path'),
	async = require('async'),
	fs = require('fs'),
	nconf = require('nconf'),
	express = require('express'),

	user = require('../user'),
	topics = require('../topics'),
	posts = require('../posts'),
	categories = require('../categories'),
	meta = require('../meta'),
	plugins = require('../plugins'),
	utils = require('../../public/src/utils'),
	image = require('../image'),
	pkg = require('../../package.json');


function deleteTempFiles(files) {
	for(var i=0; i<files.length; ++i) {
		fs.unlink(files[i].path);
	}
}

function upload(req, res, filesIterator, next) {
	var files = req.files.files;

	if (!req.user) {
		deleteTempFiles(files);
		return res.status(403).json('not allowed');
	}

	if (!Array.isArray(files)) {
		return res.status(500).json('invalid files');
	}

	if (Array.isArray(files[0])) {
		files = files[0];
	}

	async.map(files, filesIterator, function(err, images) {
		deleteTempFiles(files);

		if (err) {
			return res.status(500).send(err.message);
		}

		// IE8 - send it as text/html so browser won't trigger a file download for the json response
		// malsup.com/jquery/form/#file-upload
		res.status(200).send(req.xhr ? images : JSON.stringify(images));
	});
}

function uploadPost(req, res, next) {
	upload(req, res, function(file, next) {
		if(file.type.match(/image./)) {
			uploadImage(req.user.uid, file, next);
		} else {
			uploadFile(req.user.uid, file, next);
		}
	}, next);
}

function uploadThumb(req, res, next) {
	if (parseInt(meta.config.allowTopicsThumbnail, 10) !== 1) {
		deleteTempFiles(req.files.files);
		return next(new Error('[[error:topic-thumbnails-are-disabled]]'));
	}

	upload(req, res, function(file, next) {
		if(file.type.match(/image./)) {
			var size = meta.config.topicThumbSize || 120;
			image.resizeImage(file.path, path.extname(file.name), size, size, function(err) {
				if (err) {
					return next(err);
				}
				uploadImage(req.user.uid, file, next);
			});
		} else {
			next(new Error('[[error:invalid-file]]'));
		}
	}, next);
}


function uploadImage(uid, image, callback) {
	if (plugins.hasListeners('filter:uploadImage')) {
		plugins.fireHook('filter:uploadImage', {image: image, uid: uid}, callback);
	} else {

		if (parseInt(meta.config.allowFileUploads, 10)) {
			uploadFile(uid, image, callback);
		} else {
			callback(new Error('[[error:uploads-are-disabled]]'));
		}
	}
}

function uploadFile(uid, file, callback) {
	if (plugins.hasListeners('filter:uploadFile')) {
		plugins.fireHook('filter:uploadFile', {file: file, uid: uid}, callback);
	} else {

		if(parseInt(meta.config.allowFileUploads, 10) !== 1) {
			return callback(new Error('[[error:uploads-are-disabled]]'));
		}

		if(!file) {
			return callback(new Error('[[error:invalid-file]]'));
		}

		if(file.size > parseInt(meta.config.maximumFileSize, 10) * 1024) {
			return callback(new Error('[[error:file-too-big, ' + meta.config.maximumFileSize + ']]'));
		}

		var filename = 'upload-' + utils.generateUUID() + path.extname(file.name);
		require('../file').saveFileToLocal(filename, 'files', file.path, function(err, upload) {
			if(err) {
				return callback(err);
			}

			callback(null, {
				url: upload.url,
				name: file.name
			});
		});
	}
}


function getModerators(req, res, next) {
	categories.getModerators(req.params.cid, function(err, moderators) {
		res.json({moderators: moderators});
	});
}

var templatesListingCache = {};

function getTemplatesListing(req, res, next) {
	if (templatesListingCache.availableTemplates && templatesListingCache.templatesConfig) {
		return res.json(templatesListingCache);
	}

	async.parallel({
		views: function(next) {
			utils.walk(nconf.get('views_dir'), next);
		},
		extended: function(next) {
			plugins.fireHook('filter:templates.get_virtual', [], next);
		},
		config: function(next) {
			fs.readFile(path.join(nconf.get('views_dir'), 'config.json'), function(err, config) {
				if (err) {
					return next(err);
				}
				config = JSON.parse(config.toString());
				plugins.fireHook('filter:templates.get_config', config, next);
			});
		},
	}, function(err, results) {
		if (err) {
			return next(err);
		}

		var data = [];
		data = results.views.filter(function(value, index, self) {
					return self.indexOf(value) === index;
				}).map(function(el) {
					return el.replace(nconf.get('views_dir') + '/', '');
				});

		data = data.concat(results.extended);

		templatesListingCache = {
			availableTemplates: data,
			templatesConfig: results.config
		};

		res.json(templatesListingCache);
	});
}

function getRecentPosts(req, res, next) {
	var uid = (req.user) ? req.user.uid : 0;

	posts.getRecentPosts(uid, 0, 19, req.params.term, function (err, data) {
		if(err) {
			return next(err);
		}

		res.json(data);
	});
}

module.exports =  function(app, middleware, controllers) {

	var router = express.Router();
	app.use('/api', router);

	router.get('/config', middleware.applyCSRF, controllers.api.getConfig);
	router.get('/widgets/render', controllers.api.renderWidgets);

	router.get('/user/uid/:uid', middleware.checkGlobalPrivacySettings, controllers.accounts.getUserByUID);
	router.get('/get_templates_listing', getTemplatesListing);
	router.get('/categories/:cid/moderators', getModerators);
	router.get('/recent/posts/:term?', getRecentPosts);

	var multipart = require('connect-multiparty');
	var multipartMiddleware = multipart();

	router.post('/post/upload', multipartMiddleware, middleware.applyCSRF, uploadPost);
	router.post('/topic/thumb/upload', multipartMiddleware, middleware.applyCSRF, uploadThumb);
	router.post('/user/:userslug/uploadpicture', multipartMiddleware, middleware.applyCSRF, middleware.authenticate, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.uploadPicture);

};
moved api-only routes into routes/api.js, cleanup & linting 2014-03-03 00:12:25 -05:00			`"use strict";`

cleaned up requires 2013-11-30 13:35:42 -05:00			`var path = require('path'),`
			`async = require('async'),`
upload changes, show progres in composer 2014-02-13 19:41:54 -05:00			`fs = require('fs'),`
template compiling init; changing themes now finally works on this branch 2014-03-04 17:49:56 -05:00			`nconf = require('nconf'),`
first commit 2014-07-02 14:07:08 -04:00			`express = require('express'),`
cleaned up requires 2013-11-30 13:35:42 -05:00
closes #1463 2014-06-04 11:14:36 -04:00			`user = require('../user'),`
			`topics = require('../topics'),`
			`posts = require('../posts'),`
			`categories = require('../categories'),`
			`meta = require('../meta'),`
			`plugins = require('../plugins'),`
			`utils = require('../../public/src/utils'),`
			`image = require('../image'),`
			`pkg = require('../../package.json');`
cleaned up webserver.js a bit, moved api routes to its own file, closes #54 2013-07-31 15:17:03 -04:00
user selectable pagination 2014-02-10 14:15:54 -05:00
more cleanup 2014-03-11 22:31:09 -04:00			`function deleteTempFiles(files) {`
			`for(var i=0; i<files.length; ++i) {`
			`fs.unlink(files[i].path);`
			`}`
			`}`
closes #175 2013-08-15 17:03:43 -04:00
one final push, cleanup + organize + lint; made feeds/meta/plugins routes follow same pattern as other route files 2014-03-05 17:06:24 -05:00			`function upload(req, res, filesIterator, next) {`
more cleanup 2014-03-11 22:31:09 -04:00			`var files = req.files.files;`

closes #1734 2014-06-22 17:08:55 -04:00			`if (!req.user) {`
more cleanup 2014-03-11 22:31:09 -04:00			`deleteTempFiles(files);`
remove deprecated res.json usage 2014-12-09 20:07:12 -05:00			`return res.status(403).json('not allowed');`
one final push, cleanup + organize + lint; made feeds/meta/plugins routes follow same pattern as other route files 2014-03-05 17:06:24 -05:00			`}`

closes #1734 2014-06-22 17:08:55 -04:00			`if (!Array.isArray(files)) {`
remove deprecated res.json usage 2014-12-09 20:07:12 -05:00			`return res.status(500).json('invalid files');`
one final push, cleanup + organize + lint; made feeds/meta/plugins routes follow same pattern as other route files 2014-03-05 17:06:24 -05:00			`}`

closes #1734 2014-06-22 17:08:55 -04:00			`if (Array.isArray(files[0])) {`
one final push, cleanup + organize + lint; made feeds/meta/plugins routes follow same pattern as other route files 2014-03-05 17:06:24 -05:00			`files = files[0];`
			`}`

			`async.map(files, filesIterator, function(err, images) {`
more cleanup 2014-03-11 22:31:09 -04:00			`deleteTempFiles(files);`
hiding search buttons and route when search is not configured 2014-02-20 21:21:41 -05:00
closes #1734 2014-06-22 17:08:55 -04:00			`if (err) {`
closes #2231; see #2218 2014-10-04 18:47:56 -04:00			`return res.status(500).send(err.message);`
one final push, cleanup + organize + lint; made feeds/meta/plugins routes follow same pattern as other route files 2014-03-05 17:06:24 -05:00			`}`
express-namespaceing routes 2013-09-24 14:18:41 -04:00
one final push, cleanup + organize + lint; made feeds/meta/plugins routes follow same pattern as other route files 2014-03-05 17:06:24 -05:00			`// IE8 - send it as text/html so browser won't trigger a file download for the json response`
			`// malsup.com/jquery/form/#file-upload`
closes #2231; see #2218 2014-10-04 18:47:56 -04:00			`res.status(200).send(req.xhr ? images : JSON.stringify(images));`
one final push, cleanup + organize + lint; made feeds/meta/plugins routes follow same pattern as other route files 2014-03-05 17:06:24 -05:00			`});`
			`}`

			`function uploadPost(req, res, next) {`
			`upload(req, res, function(file, next) {`
			`if(file.type.match(/image./)) {`
closes #2248 2014-11-05 19:29:45 -05:00			`uploadImage(req.user.uid, file, next);`
one final push, cleanup + organize + lint; made feeds/meta/plugins routes follow same pattern as other route files 2014-03-05 17:06:24 -05:00			`} else {`
Pass in req.user.uid into uploadFile 2014-11-06 19:03:53 -08:00			`uploadFile(req.user.uid, file, next);`
one final push, cleanup + organize + lint; made feeds/meta/plugins routes follow same pattern as other route files 2014-03-05 17:06:24 -05:00			`}`
			`}, next);`
			`}`

			`function uploadThumb(req, res, next) {`
fixed file upload checks 2014-07-14 13:48:37 -04:00			`if (parseInt(meta.config.allowTopicsThumbnail, 10) !== 1) {`
more cleanup 2014-03-11 22:31:09 -04:00			`deleteTempFiles(req.files.files);`
closes #1463 2014-06-04 11:14:36 -04:00			`return next(new Error('[[error:topic-thumbnails-are-disabled]]'));`
more cleanup 2014-03-11 22:31:09 -04:00			`}`

one final push, cleanup + organize + lint; made feeds/meta/plugins routes follow same pattern as other route files 2014-03-05 17:06:24 -05:00			`upload(req, res, function(file, next) {`
			`if(file.type.match(/image./)) {`
closes #1463 2014-06-04 11:14:36 -04:00			`var size = meta.config.topicThumbSize \|\| 120;`
			`image.resizeImage(file.path, path.extname(file.name), size, size, function(err) {`
			`if (err) {`
			`return next(err);`
			`}`
closes #2248 2014-11-05 19:29:45 -05:00			`uploadImage(req.user.uid, file, next);`
closes #1463 2014-06-04 11:14:36 -04:00			`});`
one final push, cleanup + organize + lint; made feeds/meta/plugins routes follow same pattern as other route files 2014-03-05 17:06:24 -05:00			`} else {`
added lots of error keys 2014-04-09 22:26:23 -04:00			`next(new Error('[[error:invalid-file]]'));`
one final push, cleanup + organize + lint; made feeds/meta/plugins routes follow same pattern as other route files 2014-03-05 17:06:24 -05:00			`}`
			`}, next);`
			`}`
index topic titles too 2013-08-08 11:40:31 -04:00
more cleanup 2014-03-11 22:31:09 -04:00
closes #2248 2014-11-05 19:29:45 -05:00			`function uploadImage(uid, image, callback) {`
			`if (plugins.hasListeners('filter:uploadImage')) {`
			`plugins.fireHook('filter:uploadImage', {image: image, uid: uid}, callback);`
more cleanup 2014-03-11 22:31:09 -04:00			`} else {`

fixed file upload checks 2014-07-14 13:48:37 -04:00			`if (parseInt(meta.config.allowFileUploads, 10)) {`
closes #2248 2014-11-05 19:29:45 -05:00			`uploadFile(uid, image, callback);`
more cleanup 2014-03-11 22:31:09 -04:00			`} else {`
added lots of error keys 2014-04-09 22:26:23 -04:00			`callback(new Error('[[error:uploads-are-disabled]]'));`
more cleanup 2014-03-11 22:31:09 -04:00			`}`
			`}`
			`}`

closes #2248 2014-11-05 19:29:45 -05:00			`function uploadFile(uid, file, callback) {`
			`if (plugins.hasListeners('filter:uploadFile')) {`
			`plugins.fireHook('filter:uploadFile', {file: file, uid: uid}, callback);`
more cleanup 2014-03-11 22:31:09 -04:00			`} else {`

fixed file upload checks 2014-07-14 13:48:37 -04:00			`if(parseInt(meta.config.allowFileUploads, 10) !== 1) {`
added lots of error keys 2014-04-09 22:26:23 -04:00			`return callback(new Error('[[error:uploads-are-disabled]]'));`
more cleanup 2014-03-11 22:31:09 -04:00			`}`

			`if(!file) {`
added lots of error keys 2014-04-09 22:26:23 -04:00			`return callback(new Error('[[error:invalid-file]]'));`
more cleanup 2014-03-11 22:31:09 -04:00			`}`

			`if(file.size > parseInt(meta.config.maximumFileSize, 10) * 1024) {`
added lots of error keys 2014-04-09 22:26:23 -04:00			`return callback(new Error('[[error:file-too-big, ' + meta.config.maximumFileSize + ']]'));`
more cleanup 2014-03-11 22:31:09 -04:00			`}`

			`var filename = 'upload-' + utils.generateUUID() + path.extname(file.name);`
closes #2157 2014-10-08 13:46:36 -04:00			`require('../file').saveFileToLocal(filename, 'files', file.path, function(err, upload) {`
more cleanup 2014-03-11 22:31:09 -04:00			`if(err) {`
			`return callback(err);`
			`}`

			`callback(null, {`
			`url: upload.url,`
			`name: file.name`
			`});`
			`});`
			`}`
			`}`


one final push, cleanup + organize + lint; made feeds/meta/plugins routes follow same pattern as other route files 2014-03-05 17:06:24 -05:00			`function getModerators(req, res, next) {`
			`categories.getModerators(req.params.cid, function(err, moderators) {`
			`res.json({moderators: moderators});`
			`});`
			`}`

do one api call for template configs rather than two on cold load 2014-08-05 17:16:18 -04:00			`var templatesListingCache = {};`
closes #1654 2014-06-09 02:32:32 -04:00
one final push, cleanup + organize + lint; made feeds/meta/plugins routes follow same pattern as other route files 2014-03-05 17:06:24 -05:00			`function getTemplatesListing(req, res, next) {`
do one api call for template configs rather than two on cold load 2014-08-05 17:16:18 -04:00			`if (templatesListingCache.availableTemplates && templatesListingCache.templatesConfig) {`
fixed typo 2014-06-09 02:34:21 -04:00			`return res.json(templatesListingCache);`
removed timing #1654 2014-06-09 02:33:07 -04:00			`}`
filter:templates.get_virtual for ajaxifying to virtual templates 2014-06-06 17:30:14 -04:00
			`async.parallel({`
			`views: function(next) {`
closes #1654 2014-06-09 02:32:32 -04:00			`utils.walk(nconf.get('views_dir'), next);`
filter:templates.get_virtual for ajaxifying to virtual templates 2014-06-06 17:30:14 -04:00			`},`
			`extended: function(next) {`
closes #1654 2014-06-09 02:32:32 -04:00			`plugins.fireHook('filter:templates.get_virtual', [], next);`
do one api call for template configs rather than two on cold load 2014-08-05 17:16:18 -04:00			`},`
			`config: function(next) {`
filter:templates.get_config, allows you to modify template config as found here https://github.com/NodeBB/nodebb-theme-vanilla/blob/master/templates/config.json @Schamper 2014-08-05 17:17:05 -04:00			`fs.readFile(path.join(nconf.get('views_dir'), 'config.json'), function(err, config) {`
check err 2014-09-24 21:37:26 -04:00			`if (err) {`
			`return next(err);`
			`}`
filter:templates.get_config, allows you to modify template config as found here https://github.com/NodeBB/nodebb-theme-vanilla/blob/master/templates/config.json @Schamper 2014-08-05 17:17:05 -04:00			`config = JSON.parse(config.toString());`
			`plugins.fireHook('filter:templates.get_config', config, next);`
			`});`
do one api call for template configs rather than two on cold load 2014-08-05 17:16:18 -04:00			`},`
closes #1654 2014-06-09 02:32:32 -04:00			`}, function(err, results) {`
			`if (err) {`
			`return next(err);`
filter:templates.get_virtual for ajaxifying to virtual templates 2014-06-06 17:30:14 -04:00			`}`
check err 2014-09-24 21:37:26 -04:00
closes #1654 2014-06-09 02:32:32 -04:00			`var data = [];`
			`data = results.views.filter(function(value, index, self) {`
			`return self.indexOf(value) === index;`
			`}).map(function(el) {`
			`return el.replace(nconf.get('views_dir') + '/', '');`
			`});`

			`data = data.concat(results.extended);`
do one api call for template configs rather than two on cold load 2014-08-05 17:16:18 -04:00
			`templatesListingCache = {`
			`availableTemplates: data,`
			`templatesConfig: results.config`
			`};`

			`res.json(templatesListingCache);`
one final push, cleanup + organize + lint; made feeds/meta/plugins routes follow same pattern as other route files 2014-03-05 17:06:24 -05:00			`});`
			`}`
index topic titles too 2013-08-08 11:40:31 -04:00
Merge remote-tracking branch 'origin/master' into webserver.js-refactor Conflicts: src/routes/api.js 2014-03-05 17:35:41 -05:00			`function getRecentPosts(req, res, next) {`
			`var uid = (req.user) ? req.user.uid : 0;`
added topics thumbnails support 2014-02-20 02:05:49 -05:00
Merge remote-tracking branch 'origin/master' into webserver.js-refactor Conflicts: src/routes/api.js 2014-03-05 17:35:41 -05:00			`posts.getRecentPosts(uid, 0, 19, req.params.term, function (err, data) {`
			`if(err) {`
			`return next(err);`
			`}`
upload changes, show progres in composer 2014-02-13 19:41:54 -05:00
Merge remote-tracking branch 'origin/master' into webserver.js-refactor Conflicts: src/routes/api.js 2014-03-05 17:35:41 -05:00			`res.json(data);`
			`});`
			`}`
upload changes, show progres in composer 2014-02-13 19:41:54 -05:00
one final push, cleanup + organize + lint; made feeds/meta/plugins routes follow same pattern as other route files 2014-03-05 17:06:24 -05:00			`module.exports = function(app, middleware, controllers) {`
upload changes, show progres in composer 2014-02-13 19:41:54 -05:00
first commit 2014-07-02 14:07:08 -04:00			`var router = express.Router();`
use router for relative path 2014-07-02 15:44:09 -04:00			`app.use('/api', router);`
upload changes, show progres in composer 2014-02-13 19:41:54 -05:00
closed #2424 2014-11-18 14:54:54 -05:00			`router.get('/config', middleware.applyCSRF, controllers.api.getConfig);`
optimized widget call by bundling all queries into one for #1428; fixes active users widget crash also fixes b3819fd0766bd3b2a83771fcbf7078635833a3ee properly 2014-07-09 19:23:03 -04:00			`router.get('/widgets/render', controllers.api.renderWidgets);`
first commit 2014-07-02 14:07:08 -04:00
			`router.get('/user/uid/:uid', middleware.checkGlobalPrivacySettings, controllers.accounts.getUserByUID);`
			`router.get('/get_templates_listing', getTemplatesListing);`
			`router.get('/categories/:cid/moderators', getModerators);`
			`router.get('/recent/posts/:term?', getRecentPosts);`

only use multipart on upload routes, delete temp files if there is an error in admin, admin/mods should see topic reply 2014-10-22 18:25:57 -04:00			`var multipart = require('connect-multiparty');`
			`var multipartMiddleware = multipart();`

			`router.post('/post/upload', multipartMiddleware, middleware.applyCSRF, uploadPost);`
			`router.post('/topic/thumb/upload', multipartMiddleware, middleware.applyCSRF, uploadThumb);`
			`router.post('/user/:userslug/uploadpicture', multipartMiddleware, middleware.applyCSRF, middleware.authenticate, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.uploadPicture);`
moved api-only routes into routes/api.js, cleanup & linting 2014-03-03 00:12:25 -05:00
Merge remote-tracking branch 'origin/master' into webserver.js-refactor Conflicts: src/routes/api.js 2014-03-05 17:35:41 -05:00			`};`