Added page create api

lib/routes/index.js

@@ -14,7 +14,7 @@ module.exports = function(crowi, app) {
     , revision  = require('./revision')(crowi, app)
     , search    = require('./search')(crowi, app)
     , loginRequired = middleware.loginRequired
-    , accessTokenParser = middleware.accessTokenParser
+    , accessTokenParser = middleware.accessTokenParser(crowi, app)
     , csrf      = middleware.csrfVerify(crowi, app)
     ;
 
@@ -81,7 +81,7 @@ module.exports = function(crowi, app) {
   app.get( '/_r/:id([0-9a-z]{24})'    , loginRequired(crowi, app) , page.api.redirector); // alias
 
   app.get( '/_search'                 , loginRequired(crowi, app) , search.searchPage);
-  app.get( '/_api/search'             , accessTokenParser(crowi, app) , loginRequired(crowi, app) , search.api.search);
+  app.get( '/_api/search'             , accessTokenParser , loginRequired(crowi, app) , search.api.search);
 
   app.get( '/_api/check_username'     , user.api.checkUsername);
   app.post('/_api/me/picture/upload'  , loginRequired(crowi, app) , me.api.uploadPicture);
@@ -91,27 +91,27 @@ module.exports = function(crowi, app) {
   app.get( '/user/:username([^/]+)/recent-create'  , loginRequired(crowi, app) , page.userRecentCreatedList);
 
   // HTTP RPC Styled API (に徐々に移行していいこうと思う)
-  app.get('/_api/users.list'          , accessTokenParser(crowi, app) , loginRequired(crowi, app) , user.api.list);
-  app.post('/_api/pages.create'        , accessTokenParser(crowi, app) , loginRequired(crowi, app) , csrf, page.api.create);
-  app.get('/_api/pages.get'           , accessTokenParser(crowi, app) , loginRequired(crowi, app) , page.api.get);
-  app.get('/_api/pages.updatePost'    , accessTokenParser(crowi, app) , loginRequired(crowi, app) , page.api.getUpdatePost);
-  app.post('/_api/pages.seen'         , accessTokenParser(crowi, app) , loginRequired(crowi, app) , page.api.seen);
-  app.post('/_api/pages.rename'       , accessTokenParser(crowi, app) , loginRequired(crowi, app) , csrf, page.api.rename);
+  app.get('/_api/users.list'          , accessTokenParser , loginRequired(crowi, app) , user.api.list);
+  app.post('/_api/pages.create'       , accessTokenParser , loginRequired(crowi, app) , csrf, page.api.create);
+  app.get('/_api/pages.get'           , accessTokenParser , loginRequired(crowi, app) , page.api.get);
+  app.get('/_api/pages.updatePost'    , accessTokenParser , loginRequired(crowi, app) , page.api.getUpdatePost);
+  app.post('/_api/pages.seen'         , accessTokenParser , loginRequired(crowi, app) , page.api.seen);
+  app.post('/_api/pages.rename'       , accessTokenParser , loginRequired(crowi, app) , csrf, page.api.rename);
   app.post('/_api/pages.remove'       , loginRequired(crowi, app) , csrf, page.api.remove); // (Avoid from API Token)
   app.post('/_api/pages.revertRemove' , loginRequired(crowi, app) , csrf, page.api.revertRemove); // (Avoid from API Token)
-  app.get('/_api/comments.get'        , accessTokenParser(crowi, app) , loginRequired(crowi, app) , comment.api.get);
-  app.post('/_api/comments.add'       , form.comment, accessTokenParser(crowi, app) , loginRequired(crowi, app) , csrf, comment.api.add);
-  app.get( '/_api/bookmarks.get'      , accessTokenParser(crowi, app) , loginRequired(crowi, app) , bookmark.api.get);
-  app.post('/_api/bookmarks.add'      , accessTokenParser(crowi, app) , loginRequired(crowi, app) , csrf, bookmark.api.add);
-  app.post('/_api/bookmarks.remove'   , accessTokenParser(crowi, app) , loginRequired(crowi, app) , csrf, bookmark.api.remove);
-  app.post('/_api/likes.add'          , accessTokenParser(crowi, app) , loginRequired(crowi, app) , csrf, page.api.like);
-  app.post('/_api/likes.remove'       , accessTokenParser(crowi, app) , loginRequired(crowi, app) , csrf, page.api.unlike);
-  app.get( '/_api/attachments.list'   , accessTokenParser(crowi, app) , loginRequired(crowi, app) , attachment.api.list);
-  app.post('/_api/attachments.add'    , accessTokenParser(crowi, app) , loginRequired(crowi, app) , csrf, attachment.api.add);
-  app.post('/_api/attachments.remove' , accessTokenParser(crowi, app) , loginRequired(crowi, app) , csrf, attachment.api.remove);
-
-  app.get( '/_api/revisions.get'      , accessTokenParser(crowi, app) , loginRequired(crowi, app) , revision.api.get);
-  app.get( '/_api/revisions.list'     , accessTokenParser(crowi, app) , loginRequired(crowi, app) ,revision.api.list);
+  app.get('/_api/comments.get'        , accessTokenParser , loginRequired(crowi, app) , comment.api.get);
+  app.post('/_api/comments.add'       , form.comment, accessTokenParser , loginRequired(crowi, app) , csrf, comment.api.add);
+  app.get( '/_api/bookmarks.get'      , accessTokenParser , loginRequired(crowi, app) , bookmark.api.get);
+  app.post('/_api/bookmarks.add'      , accessTokenParser , loginRequired(crowi, app) , csrf, bookmark.api.add);
+  app.post('/_api/bookmarks.remove'   , accessTokenParser , loginRequired(crowi, app) , csrf, bookmark.api.remove);
+  app.post('/_api/likes.add'          , accessTokenParser , loginRequired(crowi, app) , csrf, page.api.like);
+  app.post('/_api/likes.remove'       , accessTokenParser , loginRequired(crowi, app) , csrf, page.api.unlike);
+  app.get( '/_api/attachments.list'   , accessTokenParser , loginRequired(crowi, app) , attachment.api.list);
+  app.post('/_api/attachments.add'    , accessTokenParser , loginRequired(crowi, app) , csrf, attachment.api.add);
+  app.post('/_api/attachments.remove' , accessTokenParser , loginRequired(crowi, app) , csrf, attachment.api.remove);
+
+  app.get( '/_api/revisions.get'      , accessTokenParser , loginRequired(crowi, app) , revision.api.get);
+  app.get( '/_api/revisions.list'     , accessTokenParser , loginRequired(crowi, app) ,revision.api.list);
 
   //app.get('/_api/revision/:id'     , user.useUserData()         , revision.api.get);
   //app.get('/_api/r/:revisionId'    , user.useUserData()         , page.api.get);

lib/routes/page.js

@@ -529,28 +529,30 @@ module.exports = function(crowi, app) {
    * @apiParam {String} grant
    */
   api.create = function(req, res){
-    var pageForm = req.body.pageForm;
-    var body = pageForm.body;
-    var currentRevision = pageForm.currentRevision;
-
-    var grant = pageForm.grant;
-    var path = pageForm.path;
-    var body = req.body.page_id || null;
+    var body = req.body.body || null;
     var pagePath = req.body.path || null;
     var grant = req.body.grant || null;
+
     if (body === null || pagePath === null) {
       return res.json(ApiResponse.error('Parameters body and path are required.'));
     }
 
     var ignoreNotFound = true;
-    Page.findPage(path, req.user, null, ignoreNotFound)
+    Page.findPage(pagePath, req.user, null, ignoreNotFound)
     .then(function(data) {
-      pageData = data;
-      if (pageData !== null) {
+      if (data !== null) {
         throw new Error('Page exists');
       }
 
-      return Page.create(path, body, req.user, {grant: grant});
+      return Page.create(pagePath, body, req.user, {grant: grant});
+    }).then(function(data) {
+      if (!data) {
+        throw new Error('Failed to create page.');
+      }
+
+      data.lastUpdateUser = User.filterToPublicFields(data.lastUpdateUser);
+      data.creator = User.filterToPublicFields(data.creator);
+      return res.json(ApiResponse.success(data));
     }).catch(function(err) {
       return res.json(ApiResponse.error(err));
     });;

lib/util/middlewares.js

@@ -33,7 +33,9 @@ exports.csrfVerify = function(crowi, app) {
     var token = req.body._csrf || req.query._csrf || null;
     var csrfKey = (req.session && req.session.id) || 'anon';
 
+    debug('req.skipCsrfVerify', req.skipCsrfVerify);
     if (req.skipCsrfVerify) {
+      debug('csrf verify skipped');
       return next();
     }
 
@@ -193,10 +195,12 @@ exports.accessTokenParser = function(crowi, app) {
 
     var User = crowi.model('User')
 
+    debug('accessToken is', accessToken);
     User.findUserByApiToken(accessToken)
     .then(function(userData) {
       req.user = userData;
       req.skipCsrfVerify = true;
+      debug('Access token parsed: skipCsrfVerify');
 
       next();
     }).catch(function(err) {