4 سال پیش · 0c0ec0b67e
--- a/packages/app/src/server/routes/index.js
+++ b/packages/app/src/server/routes/index.js
@@ -165,8 +165,8 @@ module.exports = function(crowi, app) {
 
				   app.get('/_api/pages.updatePost'    , accessTokenParser, loginRequired, page.api.getUpdatePost);
			
 
				   app.get('/_api/pages.getPageTag'    , accessTokenParser , loginRequired , page.api.getPageTag);
			
 
				   // allow posting to guests because the client doesn't know whether the user logged in
			
 
				-  app.post('/_api/pages.remove'       , loginRequiredStrictly , csrf, page.api.remove); // (Avoid from API Token)
			
 
				-  app.post('/_api/pages.revertRemove' , loginRequiredStrictly , csrf, page.api.revertRemove); // (Avoid from API Token)
			
 
				+  app.post('/_api/pages.remove'       , loginRequiredStrictly , csrf, page.validator.remove, page.api.remove); // (Avoid from API Token)
			
 
				+  app.post('/_api/pages.revertRemove' , loginRequiredStrictly , csrf, page.validator.revertRemove, page.api.revertRemove); // (Avoid from API Token)
			
 
				   app.post('/_api/pages.unlink'       , loginRequiredStrictly , csrf, page.api.unlink); // (Avoid from API Token)
			
 
				   app.post('/_api/pages.duplicate'    , accessTokenParser, loginRequiredStrictly, csrf, page.api.duplicate);
			
 
				   app.get('/tags'                     , loginRequired, tag.showPage);
			
--- a/packages/app/src/server/routes/page.js
+++ b/packages/app/src/server/routes/page.js
@@ -1,7 +1,8 @@
 
				 import { pagePathUtils } from '@growi/core';
			
 
				 import urljoin from 'url-join';
			
 
				-import loggerFactory from '~/utils/logger';
			
 
				+import { body } from 'express-validator';
			
 
				 
			
 
				+import loggerFactory from '~/utils/logger';
			
 
				 import UpdatePost from '../models/update-post';
			
 
				 
			
 
				 const { isCreatablePage, isTopPage } = pagePathUtils;
			
@@ -650,7 +651,10 @@ module.exports = function(crowi, app) {
 
				 
			
 
				 
			
 
				   const api = {};
			
 
				+  const validator = {};
			
 
				+
			
 
				   actions.api = api;
			
 
				+  actions.validator = validator;
			
 
				 
			
 
				   /**
			
 
				    * @swagger
			
@@ -1143,6 +1147,11 @@ module.exports = function(crowi, app) {
 
				       });
			
 
				   };
			
 
				 
			
 
				+  validator.remove = [
			
 
				+    body('completely').optional().custom(v => v === 'true' || v === true).withMessage('The body property "completely" must be "true" or true.'),
			
 
				+    body('recursively').optional().custom(v => v === 'true' || v === true).withMessage('The body property "recursively" must be "true" or true.'),
			
 
				+  ];
			
 
				+
			
 
				   /**
			
 
				    * @api {post} /pages.remove Remove page
			
 
				    * @apiName RemovePage
			
@@ -1205,6 +1214,10 @@ module.exports = function(crowi, app) {
 
				     }
			
 
				   };
			
 
				 
			
 
				+  validator.revertRemove = [
			
 
				+    body('recursively').optional().custom(v => v === 'true' || v === true).withMessage('The body property "recursively" must be "true" or true.'),
			
 
				+  ];
			
 
				+
			
 
				   /**
			
 
				    * @api {post} /pages.revertRemove Revert removed page
			
 
				    * @apiName RevertRemovePage