mirror of
https://github.com/outline/outline.git
synced 2026-06-13 11:25:03 +03:00
dependabot[bot]
fc01deeefd
* chore(deps-dev): bump oxlint-tsgolint from 0.14.2 to 0.22.1 Bumps [oxlint-tsgolint](https://github.com/oxc-project/tsgolint) from 0.14.2 to 0.22.1. - [Release notes](https://github.com/oxc-project/tsgolint/releases) - [Commits](https://github.com/oxc-project/tsgolint/compare/v0.14.2...v0.22.1) --- updated-dependencies: - dependency-name: oxlint-tsgolint dependency-version: 0.22.1 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore: Switch tsconfig to bundler resolution for tsgolint 0.22.1 oxlint-tsgolint 0.22.1 removed support for moduleResolution=node10 (the alias for "node"). Switch to "bundler" with resolvePackageJsonExports disabled so packages whose exports field omits a types condition still resolve. Update markdown-it type imports to sub-paths since the package's .d.mts entry only re-exports a subset of named types. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * fix: Resolve type-aware lint errors caught by tsgolint 0.22.1 oxlint-tsgolint 0.22.1 catches several await-thenable, no-floating-promises, and no-meaningless-void-operator cases the prior 0.14.2 missed: - Drop redundant inner `await` from Promise.all([await x, await y]) call sites so the array entries are real Promises rather than already-resolved values. - Replace Promise.all wrappers around synchronous presenters (presentEvent, presentTemplate, presentPublicTeam) with plain map / direct calls. - Wrap non-promise branches of ternaries inside Promise.all with Promise.resolve so the array remains thenable across both arms. - Add `void` to the unawaited provider.connect() in the auth-failed retry chain, and remove `void` from the disconnect() call which returns void. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tom Moor <tom@getoutline.com> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
313 lines
7.8 KiB
TypeScript
313 lines
7.8 KiB
TypeScript
import Router from "koa-router";
|
|
import type { WhereOptions } from "sequelize";
|
|
import { Op } from "sequelize";
|
|
import auth from "@server/middlewares/authentication";
|
|
import { rateLimiter } from "@server/middlewares/rateLimiter";
|
|
import { transaction } from "@server/middlewares/transaction";
|
|
import validate from "@server/middlewares/validate";
|
|
import { Collection, Template } from "@server/models";
|
|
import { authorize } from "@server/policies";
|
|
import { presentPolicies, presentTemplate } from "@server/presenters";
|
|
import type { APIContext } from "@server/types";
|
|
import { RateLimiterStrategy } from "@server/utils/RateLimiter";
|
|
import pagination from "../middlewares/pagination";
|
|
import * as T from "./schema";
|
|
|
|
const router = new Router();
|
|
|
|
router.post(
|
|
"templates.create",
|
|
auth(),
|
|
rateLimiter(RateLimiterStrategy.TwentyFivePerMinute),
|
|
validate(T.TemplatesCreateSchema),
|
|
transaction(),
|
|
async (ctx: APIContext<T.TemplatesCreateReq>) => {
|
|
const { id, title, data, icon, color, collectionId } = ctx.input.body;
|
|
const editorVersion = ctx.headers["x-editor-version"] as string | undefined;
|
|
|
|
const { transaction } = ctx.state;
|
|
const { user } = ctx.state.auth;
|
|
|
|
let collection;
|
|
if (collectionId) {
|
|
collection = await Collection.findByPk(collectionId, {
|
|
userId: user.id,
|
|
transaction,
|
|
});
|
|
authorize(user, "createTemplate", collection);
|
|
} else {
|
|
authorize(user, "createTemplate", user.team);
|
|
}
|
|
|
|
let template = await Template.createWithCtx(ctx, {
|
|
id,
|
|
title,
|
|
icon,
|
|
color,
|
|
content: data,
|
|
collectionId: collection?.id,
|
|
publishedAt: new Date(),
|
|
createdById: user.id,
|
|
lastModifiedById: user.id,
|
|
teamId: user.teamId,
|
|
editorVersion,
|
|
});
|
|
|
|
template = await Template.findByPk(template.id, {
|
|
userId: user.id,
|
|
rejectOnEmpty: true,
|
|
transaction,
|
|
});
|
|
|
|
ctx.body = {
|
|
data: presentTemplate(template),
|
|
policies: presentPolicies(user, [template]),
|
|
};
|
|
}
|
|
);
|
|
|
|
router.post(
|
|
"templates.list",
|
|
auth(),
|
|
pagination(),
|
|
validate(T.TemplatesListSchema),
|
|
async (ctx: APIContext<T.TemplatesListReq>) => {
|
|
const { sort, direction, collectionId } = ctx.input.body;
|
|
const { user } = ctx.state.auth;
|
|
const where: WhereOptions<Template> & {
|
|
[Op.and]: WhereOptions<Template>[];
|
|
} = {
|
|
teamId: user.teamId,
|
|
[Op.and]: [
|
|
{
|
|
deletedAt: {
|
|
[Op.eq]: null,
|
|
},
|
|
},
|
|
],
|
|
};
|
|
|
|
// if a specific collection is passed then we need to check auth to view it
|
|
if (collectionId) {
|
|
where[Op.and].push({ collectionId });
|
|
const collection = await Collection.findByPk(collectionId, {
|
|
userId: user.id,
|
|
});
|
|
authorize(user, "read", collection);
|
|
} else {
|
|
where[Op.and].push({
|
|
[Op.or]: [
|
|
{
|
|
collectionId: {
|
|
[Op.eq]: null,
|
|
},
|
|
},
|
|
{
|
|
collectionId: await user.collectionIds(),
|
|
},
|
|
],
|
|
});
|
|
}
|
|
|
|
const [templates, total] = await Promise.all([
|
|
Template.scope([
|
|
"defaultScope",
|
|
{
|
|
method: ["withMembership", user.id],
|
|
},
|
|
]).findAll({
|
|
where,
|
|
order: [[sort, direction]],
|
|
offset: ctx.state.pagination.offset,
|
|
limit: ctx.state.pagination.limit,
|
|
}),
|
|
Template.count({ where }),
|
|
]);
|
|
|
|
const data = templates.map((template) => presentTemplate(template));
|
|
const policies = presentPolicies(user, templates);
|
|
|
|
ctx.body = {
|
|
pagination: { ...ctx.state.pagination, total },
|
|
data,
|
|
policies,
|
|
};
|
|
}
|
|
);
|
|
|
|
router.post(
|
|
"templates.info",
|
|
auth(),
|
|
validate(T.TemplatesInfoSchema),
|
|
async (ctx: APIContext<T.TemplatesInfoReq>) => {
|
|
const { id } = ctx.input.body;
|
|
const { user } = ctx.state.auth;
|
|
|
|
const template = await Template.findByPk(id, {
|
|
userId: user.id,
|
|
rejectOnEmpty: true,
|
|
});
|
|
authorize(user, "read", template);
|
|
|
|
ctx.body = {
|
|
data: presentTemplate(template),
|
|
policies: presentPolicies(user, [template]),
|
|
};
|
|
}
|
|
);
|
|
|
|
router.post(
|
|
"templates.delete",
|
|
auth(),
|
|
validate(T.TemplatesDeleteSchema),
|
|
transaction(),
|
|
async (ctx: APIContext<T.TemplatesDeleteReq>) => {
|
|
const { id } = ctx.input.body;
|
|
const { user } = ctx.state.auth;
|
|
const { transaction } = ctx.state;
|
|
|
|
const template = await Template.findByPk(id, {
|
|
userId: user.id,
|
|
rejectOnEmpty: true,
|
|
transaction,
|
|
});
|
|
authorize(user, "delete", template);
|
|
|
|
await template.destroyWithCtx(ctx);
|
|
|
|
ctx.body = {
|
|
success: true,
|
|
};
|
|
}
|
|
);
|
|
|
|
router.post(
|
|
"templates.restore",
|
|
auth(),
|
|
validate(T.TemplatesInfoSchema),
|
|
transaction(),
|
|
async (ctx: APIContext<T.TemplatesInfoReq>) => {
|
|
const { id } = ctx.input.body;
|
|
const { user } = ctx.state.auth;
|
|
const { transaction } = ctx.state;
|
|
|
|
const template = await Template.findByPk(id, {
|
|
userId: user.id,
|
|
rejectOnEmpty: true,
|
|
transaction,
|
|
paranoid: false,
|
|
});
|
|
authorize(user, "restore", template);
|
|
|
|
await template.restoreWithCtx(ctx);
|
|
|
|
ctx.body = {
|
|
data: presentTemplate(template),
|
|
policies: presentPolicies(user, [template]),
|
|
};
|
|
}
|
|
);
|
|
|
|
router.post(
|
|
"templates.duplicate",
|
|
auth(),
|
|
validate(T.TemplatesDuplicateSchema),
|
|
transaction(),
|
|
async (ctx: APIContext<T.TemplatesDuplicateReq>) => {
|
|
const { transaction } = ctx.state;
|
|
const { id, title, collectionId } = ctx.input.body;
|
|
const { user } = ctx.state.auth;
|
|
|
|
const original = await Template.findByPk(id, {
|
|
userId: user.id,
|
|
rejectOnEmpty: true,
|
|
transaction,
|
|
});
|
|
authorize(user, "duplicate", original);
|
|
|
|
const targetCollectionId =
|
|
collectionId === undefined ? original.collectionId : collectionId;
|
|
if (targetCollectionId) {
|
|
const collection = await Collection.findByPk(targetCollectionId, {
|
|
userId: user.id,
|
|
transaction,
|
|
});
|
|
authorize(user, "createTemplate", collection);
|
|
} else {
|
|
authorize(user, "createTemplate", user.team);
|
|
}
|
|
|
|
let template = await Template.createWithCtx(ctx, {
|
|
title: title ?? original.title,
|
|
createdById: user.id,
|
|
lastModifiedById: user.id,
|
|
teamId: user.teamId,
|
|
collectionId: targetCollectionId,
|
|
publishedAt: new Date(),
|
|
content: original.content,
|
|
icon: original.icon,
|
|
color: original.color,
|
|
fullWidth: original.fullWidth,
|
|
});
|
|
|
|
// reload to get all of the data needed to present (user, collection etc)
|
|
template = await Template.findByPk(template.id, {
|
|
userId: user.id,
|
|
rejectOnEmpty: true,
|
|
transaction,
|
|
});
|
|
|
|
ctx.body = {
|
|
data: presentTemplate(template),
|
|
policies: presentPolicies(user, [template]),
|
|
};
|
|
}
|
|
);
|
|
|
|
router.post(
|
|
"templates.update",
|
|
auth(),
|
|
validate(T.TemplatesUpdateSchema),
|
|
transaction(),
|
|
async (ctx: APIContext<T.TemplatesUpdateReq>) => {
|
|
const { transaction } = ctx.state;
|
|
const { id, data, ...updatedFields } = ctx.input.body;
|
|
const { user } = ctx.state.auth;
|
|
|
|
const template = await Template.findByPk(id, {
|
|
userId: user.id,
|
|
rejectOnEmpty: true,
|
|
transaction,
|
|
});
|
|
authorize(user, "update", template);
|
|
|
|
if (updatedFields.collectionId !== undefined) {
|
|
if (updatedFields.collectionId) {
|
|
const collection = await Collection.findByPk(
|
|
updatedFields.collectionId,
|
|
{
|
|
userId: user.id,
|
|
transaction,
|
|
}
|
|
);
|
|
authorize(user, "createTemplate", collection);
|
|
} else {
|
|
authorize(user, "createTemplate", user.team);
|
|
}
|
|
}
|
|
|
|
if (data) {
|
|
template.content = data;
|
|
}
|
|
|
|
await template.updateWithCtx(ctx, updatedFields);
|
|
|
|
ctx.body = {
|
|
data: presentTemplate(template),
|
|
policies: presentPolicies(user, [template]),
|
|
};
|
|
}
|
|
);
|
|
|
|
export default router;
|