mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-21 16:06:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 26

lint: src/node/hooks/express/importexport.js

Browse source
This commit is contained in:
John McLear 2021-01-21 21:06:52 +00:00 committed by Richard Hansen
parent 3cf6e1f015
commit 3571eb7c32
1 changed files with 14 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

24
src/node/hooks/express/importexport.js
View file

@ -1,39 +1,43 @@
const assert = require('assert').strict; 'use strict';
const hasPadAccess = require('../../padaccess'); const hasPadAccess = require('../../padaccess');
const settings = require('../../utils/Settings'); const settings = require('../../utils/Settings');
const exportHandler = require('../../handler/ExportHandler'); const exportHandler = require('../../handler/ExportHandler');
const importHandler = require('../../handler/ImportHandler'); const importHandler = require('../../handler/ImportHandler');
const padManager = require('../../db/PadManager'); const padManager = require('../../db/PadManager');
const readOnlyManager = require('../../db/ReadOnlyManager'); const readOnlyManager = require('../../db/ReadOnlyManager');
const authorManager = require('../../db/AuthorManager');
const rateLimit = require('express-rate-limit'); const rateLimit = require('express-rate-limit');
const securityManager = require('../../db/SecurityManager'); const securityManager = require('../../db/SecurityManager');
const webaccess = require('./webaccess'); const webaccess = require('./webaccess');
settings.importExportRateLimiting.onLimitReached = function (req, res, options) { settings.importExportRateLimiting.onLimitReached = (req, res, options) => {
// when the rate limiter triggers, write a warning in the logs // when the rate limiter triggers, write a warning in the logs
console.warn(`Import/Export rate limiter triggered on "${req.originalUrl}" for IP address ${req.ip}`); console.warn('Import/Export rate limiter triggered on ' +
`"${req.originalUrl}" for IP address ${req.ip}`);
}; };
const limiter = rateLimit(settings.importExportRateLimiting); const limiter = rateLimit(settings.importExportRateLimiting);
exports.expressCreateServer = function (hook_name, args, cb) { exports.expressCreateServer = (hookName, args, cb) => {
// handle export requests // handle export requests
args.app.use('/p/:pad/:rev?/export/:type', limiter); args.app.use('/p/:pad/:rev?/export/:type', limiter);
args.app.get('/p/:pad/:rev?/export/:type', async (req, res, next) => { args.app.get('/p/:pad/:rev?/export/:type', async (req, res, next) => {
const types = ['pdf', 'doc', 'txt', 'html', 'odt', 'etherpad']; const types = ['pdf', 'doc', 'txt', 'html', 'odt', 'etherpad'];
// send a 404 if we don't support this filetype // send a 404 if we don't support this filetype
if (types.indexOf(req.params.type) == -1) { if (types.indexOf(req.params.type) === -1) {
return next(); return next();
} }
// if abiword is disabled, and this is a format we only support with abiword, output a message // if abiword is disabled, and this is a format we only support with abiword, output a message
if (settings.exportAvailable() == 'no' && if (settings.exportAvailable() === 'no' &&
['odt', 'pdf', 'doc'].indexOf(req.params.type) !== -1) { ['odt', 'pdf', 'doc'].indexOf(req.params.type) !== -1) {
console.error(`Impossible to export pad "${req.params.pad}" in ${req.params.type} format. There is no converter configured`); console.error(`Impossible to export pad "${req.params.pad}" in ${req.params.type} format.` +
' There is no converter configured');
// ACHTUNG: do not include req.params.type in res.send() because there is no HTML escaping and it would lead to an XSS // ACHTUNG: do not include req.params.type in res.send() because there is
res.send('This export is not enabled at this Etherpad instance. Set the path to Abiword or soffice (LibreOffice) in settings.json to enable this feature'); // no HTML escaping and it would lead to an XSS
res.send('This export is not enabled at this Etherpad instance. Set the path to Abiword' +
' or soffice (LibreOffice) in settings.json to enable this feature');
return; return;
} }