Startseite Erkunden Hilfe
Anmelden
wiki
/
weseek__growi
Mirror von https://github.com/weseek/growi
2
0
Fork 0
Dateien Issues 0 Wiki
Struktur: be5ef7f3f8
Branches Tags
weseek__growi
/
src
/
server
/
routes
/
index.js

index.js 21 KB
Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237 
  1. const multer = require('multer')
    2. 

  2. const autoReap  = require('multer-autoreap');
    3. 

  3. autoReap.options.reapOnError = true;  // continue reaping the file even if an error occurs
    4. 

  4. 

  5. module.exports = function(crowi, app) {
    6. 

  6.   const middleware = require('../util/middlewares')
    7. 

  7.     , uploads   = multer({dest: crowi.tmpDir + 'uploads'})
    8. 

  8.     , form      = require('../form')
    9. 

  9.     , page      = require('./page')(crowi, app)
    10. 

  10.     , login     = require('./login')(crowi, app)
    11. 

  11.     , loginPassport = require('./login-passport')(crowi, app)
    12. 

  12.     , logout    = require('./logout')(crowi, app)
    13. 

  13.     , me        = require('./me')(crowi, app)
    14. 

  14.     , admin     = require('./admin')(crowi, app)
    15. 

  15.     , installer = require('./installer')(crowi, app)
    16. 

  16.     , user      = require('./user')(crowi, app)
    17. 

  17.     , attachment= require('./attachment')(crowi, app)
    18. 

  18.     , comment   = require('./comment')(crowi, app)
    19. 

  19.     , bookmark  = require('./bookmark')(crowi, app)
    20. 

  20.     , revision  = require('./revision')(crowi, app)
    21. 

  21.     , search    = require('./search')(crowi, app)
    22. 

  22.     , hackmd    = require('./hackmd')(crowi, app)
    23. 

  23.     , loginRequired = middleware.loginRequired
    24. 

  24.     , accessTokenParser = middleware.accessTokenParser(crowi, app)
    25. 

  25.     , csrf      = middleware.csrfVerify(crowi, app)
    26. 

  26. 

  27.     , config    = crowi.getConfig()
    28. 

  28.     , Config    = crowi.model('Config')
    29. 

  29.     ;
    30. 

  30. 

  31.   /* eslint-disable comma-spacing */
    32. 

  32. 

  33.   app.get('/'                        , middleware.applicationInstalled(), loginRequired(crowi, app, false) , page.showTopPage);
    34. 

  34. 

  35.   app.get('/installer'               , middleware.applicationNotInstalled() , installer.index);
    36. 

  36.   app.post('/installer'              , middleware.applicationNotInstalled() , form.register , csrf, installer.install);
    37. 

  37.   //app.post('/installer/user'         , middleware.applicationNotInstalled() , installer.createFirstUser);
    38. 

  38. 

  39.   app.get('/login/error/:reason'     , login.error);
    40. 

  40.   app.get('/login'                   , middleware.applicationInstalled()    , login.login);
    41. 

  41.   app.get('/login/invited'           , login.invited);
    42. 

  42.   app.post('/login/activateInvited'  , form.invited                         , csrf, login.invited);
    43. 

  43. 

  44.   // switch POST /login route
    45. 

  45.   if (Config.isEnabledPassport(config)) {
    46. 

  46.     app.post('/login'                , form.login                           , csrf, loginPassport.loginWithLocal, loginPassport.loginWithLdap, loginPassport.loginFailure);
    47. 

  47.     app.post('/_api/login/testLdap'  , loginRequired(crowi, app) , form.login , loginPassport.testLdapCredentials);
    48. 

  48.   }
    49. 

  49.   else {
    50. 

  50.     app.post('/login'                , form.login                           , csrf, login.login);
    51. 

  51.   }
    52. 

  52. 

  53.   app.post('/register'               , form.register                        , csrf, login.register);
    54. 

  54.   app.get('/register'                , middleware.applicationInstalled()    , login.register);
    55. 

  55.   app.post('/register/google'        , login.registerGoogle);
    56. 

  56.   app.get('/google/callback'         , login.googleCallback);
    57. 

  57.   app.get('/login/google'            , login.loginGoogle);
    58. 

  58.   app.get('/logout'                  , logout.logout);
    59. 

  59. 

  60.   app.get('/admin'                          , loginRequired(crowi, app) , middleware.adminRequired() , admin.index);
    61. 

  61.   app.get('/admin/app'                      , loginRequired(crowi, app) , middleware.adminRequired() , admin.app.index);
    62. 

  62.   app.post('/_api/admin/settings/app'       , loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.app, admin.api.appSetting);
    63. 

  63.   app.post('/_api/admin/settings/siteUrl'   , loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.siteUrl, admin.api.asyncAppSetting);
    64. 

  64.   app.post('/_api/admin/settings/mail'      , loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.mail, admin.api.appSetting);
    65. 

  65.   app.post('/_api/admin/settings/aws'       , loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.aws, admin.api.appSetting);
    66. 

  66.   app.post('/_api/admin/settings/plugin'    , loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.plugin, admin.api.appSetting);
    67. 

  67. 

  68.   // security admin
    69. 

  69.   app.get('/admin/security'                     , loginRequired(crowi, app) , middleware.adminRequired() , admin.security.index);
    70. 

  70.   app.post('/_api/admin/security/general'       , loginRequired(crowi, app) , middleware.adminRequired() , form.admin.securityGeneral, admin.api.securitySetting);
    71. 

  71.   app.post('/_api/admin/security/google'        , loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.securityGoogle, admin.api.securitySetting);
    72. 

  72.   app.post('/_api/admin/security/mechanism'     , loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.securityMechanism, admin.api.securitySetting);
    73. 

  73.   app.post('/_api/admin/security/passport-ldap' , loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.securityPassportLdap, admin.api.securityPassportLdapSetting);
    74. 

  74.   app.post('/_api/admin/security/passport-saml' , loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.securityPassportSaml, admin.api.securityPassportSamlSetting);
    75. 

  75. 

  76.   // OAuth
    77. 

  77.   app.post('/_api/admin/security/passport-google' , loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.securityPassportGoogle, admin.api.securityPassportGoogleSetting);
    78. 

  78.   app.post('/_api/admin/security/passport-github' , loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.securityPassportGitHub, admin.api.securityPassportGitHubSetting);
    79. 

  79.   app.post('/_api/admin/security/passport-twitter', loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.securityPassportTwitter, admin.api.securityPassportTwitterSetting);
    80. 

  80.   app.get('/passport/google'                      , loginPassport.loginWithGoogle);
    81. 

  81.   app.get('/passport/github'                      , loginPassport.loginWithGitHub);
    82. 

  82.   app.get('/passport/twitter'                     , loginPassport.loginWithTwitter);
    83. 

  83.   app.get('/passport/saml'                        , loginPassport.loginWithSaml);
    84. 

  84.   app.get('/passport/google/callback'             , loginPassport.loginPassportGoogleCallback);
    85. 

  85.   app.get('/passport/github/callback'             , loginPassport.loginPassportGitHubCallback);
    86. 

  86.   app.get('/passport/twitter/callback'            , loginPassport.loginPassportTwitterCallback);
    87. 

  87.   app.post('/passport/saml/callback'              , loginPassport.loginPassportSamlCallback);
    88. 

  88. 

  89.   // markdown admin
    90. 

  90.   app.get('/admin/markdown'                   , loginRequired(crowi, app) , middleware.adminRequired() , admin.markdown.index);
    91. 

  91.   app.post('/admin/markdown/lineBreaksSetting', loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.markdown, admin.markdown.lineBreaksSetting); //change form name
    92. 

  92.   app.post('/admin/markdown/xss-setting'      , loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.markdownXss, admin.markdown.xssSetting);
    93. 

  93.   app.post('/admin/markdown/presentationSetting', loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.markdownPresentation, admin.markdown.presentationSetting);
    94. 

  94. 

  95.   // markdown admin
    96. 

  96.   app.get('/admin/customize'                , loginRequired(crowi, app) , middleware.adminRequired() , admin.customize.index);
    97. 

  97.   app.post('/_api/admin/customize/css'      , loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.customcss, admin.api.customizeSetting);
    98. 

  98.   app.post('/_api/admin/customize/script'   , loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.customscript, admin.api.customizeSetting);
    99. 

  99.   app.post('/_api/admin/customize/header'   , loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.customheader, admin.api.customizeSetting);
    100. 

  100.   app.post('/_api/admin/customize/theme'    , loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.customtheme, admin.api.customizeSetting);
    101. 

  101.   app.post('/_api/admin/customize/title'    , loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.customtitle, admin.api.customizeSetting);
    102. 

  102.   app.post('/_api/admin/customize/behavior' , loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.custombehavior, admin.api.customizeSetting);
    103. 

  103.   app.post('/_api/admin/customize/layout'   , loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.customlayout, admin.api.customizeSetting);
    104. 

  104.   app.post('/_api/admin/customize/features' , loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.customfeatures, admin.api.customizeSetting);
    105. 

  105.   app.post('/_api/admin/customize/highlightJsStyle' , loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.customhighlightJsStyle, admin.api.customizeSetting);
    106. 

  106. 

  107.   // search admin
    108. 

  108.   app.get('/admin/search'              , loginRequired(crowi, app) , middleware.adminRequired() , admin.search.index);
    109. 

  109.   app.post('/_api/admin/search/build'  , loginRequired(crowi, app) , middleware.adminRequired() , csrf, admin.api.searchBuildIndex);
    110. 

  110. 

  111.   // notification admin
    112. 

  112.   app.get('/admin/notification'              , loginRequired(crowi, app) , middleware.adminRequired() , admin.notification.index);
    113. 

  113.   app.post('/admin/notification/slackIwhSetting', loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.slackIwhSetting, admin.notification.slackIwhSetting);
    114. 

  114.   app.post('/admin/notification/slackSetting', loginRequired(crowi, app) , middleware.adminRequired() , csrf, form.admin.slackSetting, admin.notification.slackSetting);
    115. 

  115.   app.get('/admin/notification/slackAuth'    , loginRequired(crowi, app) , middleware.adminRequired() , admin.notification.slackAuth);
    116. 

  116.   app.get('/admin/notification/slackSetting/disconnect', loginRequired(crowi, app) , middleware.adminRequired() , admin.notification.disconnectFromSlack);
    117. 

  117.   app.post('/_api/admin/notification.add'    , loginRequired(crowi, app) , middleware.adminRequired() , csrf, admin.api.notificationAdd);
    118. 

  118.   app.post('/_api/admin/notification.remove' , loginRequired(crowi, app) , middleware.adminRequired() , csrf, admin.api.notificationRemove);
    119. 

  119.   app.get('/_api/admin/users.search'         , loginRequired(crowi, app) , middleware.adminRequired() , admin.api.usersSearch);
    120. 

  120.   app.get('/admin/global-notification/new'   , loginRequired(crowi, app) , middleware.adminRequired() , admin.globalNotification.detail);
    121. 

  121.   app.get('/admin/global-notification/:id'   , loginRequired(crowi, app) , middleware.adminRequired() , admin.globalNotification.detail);
    122. 

  122.   app.post('/admin/global-notification/new'  , loginRequired(crowi, app) , middleware.adminRequired() , form.admin.notificationGlobal, admin.globalNotification.create);
    123. 

  123.   app.post('/_api/admin/global-notification/toggleIsEnabled', loginRequired(crowi, app) , middleware.adminRequired() , admin.api.toggleIsEnabledForGlobalNotification);
    124. 

  124.   app.post('/admin/global-notification/:id/update', loginRequired(crowi, app) , middleware.adminRequired() , form.admin.notificationGlobal, admin.globalNotification.update);
    125. 

  125.   app.post('/admin/global-notification/:id/remove', loginRequired(crowi, app) , middleware.adminRequired() , admin.globalNotification.remove);
    126. 

  126. 

  127.   app.get('/admin/users'                , loginRequired(crowi, app) , middleware.adminRequired() , admin.user.index);
    128. 

  128.   app.post('/admin/user/invite'         , form.admin.userInvite ,  loginRequired(crowi, app) , middleware.adminRequired() , csrf, admin.user.invite);
    129. 

  129.   app.post('/admin/user/:id/makeAdmin'  , loginRequired(crowi, app) , middleware.adminRequired() , csrf, admin.user.makeAdmin);
    130. 

  130.   app.post('/admin/user/:id/removeFromAdmin', loginRequired(crowi, app) , middleware.adminRequired() , admin.user.removeFromAdmin);
    131. 

  131.   app.post('/admin/user/:id/activate'   , loginRequired(crowi, app) , middleware.adminRequired() , csrf, admin.user.activate);
    132. 

  132.   app.post('/admin/user/:id/suspend'    , loginRequired(crowi, app) , middleware.adminRequired() , csrf, admin.user.suspend);
    133. 

  133.   app.post('/admin/user/:id/remove'     , loginRequired(crowi, app) , middleware.adminRequired() , csrf, admin.user.remove);
    134. 

  134.   app.post('/admin/user/:id/removeCompletely' , loginRequired(crowi, app) , middleware.adminRequired() , csrf, admin.user.removeCompletely);
    135. 

  135.   // new route patterns from here:
    136. 

  136.   app.post('/_api/admin/users.resetPassword'  , loginRequired(crowi, app) , middleware.adminRequired() , csrf, admin.user.resetPassword);
    137. 

  137. 

  138.   app.get('/admin/users/external-accounts'               , loginRequired(crowi, app) , middleware.adminRequired() , admin.externalAccount.index);
    139. 

  139.   app.post('/admin/users/external-accounts/:id/remove'   , loginRequired(crowi, app) , middleware.adminRequired() , admin.externalAccount.remove);
    140. 

  140. 

  141.   // user-groups admin
    142. 

  142.   app.get('/admin/user-groups'             , loginRequired(crowi, app), middleware.adminRequired(), admin.userGroup.index);
    143. 

  143.   app.get('/admin/user-group-detail/:id'          , loginRequired(crowi, app), middleware.adminRequired(), admin.userGroup.detail);
    144. 

  144.   app.post('/admin/user-group/create'      , form.admin.userGroupCreate, loginRequired(crowi, app), middleware.adminRequired(), csrf, admin.userGroup.create);
    145. 

  145.   app.post('/admin/user-group/:userGroupId/update', loginRequired(crowi, app), middleware.adminRequired(), csrf, admin.userGroup.update);
    146. 

  146.   app.post('/admin/user-group.remove' , loginRequired(crowi, app), middleware.adminRequired(), csrf, admin.userGroup.removeCompletely);
    147. 

  147. 

  148.   // user-group-relations admin
    149. 

  149.   app.post('/admin/user-group-relation/create', loginRequired(crowi, app), middleware.adminRequired(), csrf, admin.userGroupRelation.create);
    150. 

  150.   app.post('/admin/user-group-relation/:id/remove-relation/:relationId', loginRequired(crowi, app), middleware.adminRequired(), csrf, admin.userGroupRelation.remove);
    151. 

  151. 

  152.   // importer management for admin
    153. 

  153.   app.get('/admin/importer'                , loginRequired(crowi, app) , middleware.adminRequired() , admin.importer.index);
    154. 

  154.   app.post('/_api/admin/settings/importerEsa' , loginRequired(crowi, app) , middleware.adminRequired() , csrf , form.admin.importerEsa , admin.api.importerSettingEsa);
    155. 

  155.   app.post('/_api/admin/settings/importerQiita' , loginRequired(crowi, app) , middleware.adminRequired() , csrf , form.admin.importerQiita , admin.api.importerSettingQiita);
    156. 

  156.   app.post('/_api/admin/import/esa'        , loginRequired(crowi, app) , middleware.adminRequired() , admin.api.importDataFromEsa);
    157. 

  157.   app.post('/_api/admin/import/testEsaAPI' , loginRequired(crowi, app) , middleware.adminRequired() , csrf , form.admin.importerEsa , admin.api.testEsaAPI);
    158. 

  158.   app.post('/_api/admin/import/qiita'        , loginRequired(crowi, app) , middleware.adminRequired() , admin.api.importDataFromQiita);
    159. 

  159.   app.post('/_api/admin/import/testQiitaAPI' , loginRequired(crowi, app) , middleware.adminRequired() , csrf , form.admin.importerQiita , admin.api.testQiitaAPI);
    160. 

  160. 

  161.   app.get('/me'                       , loginRequired(crowi, app) , me.index);
    162. 

  162.   app.get('/me/password'              , loginRequired(crowi, app) , me.password);
    163. 

  163.   app.get('/me/apiToken'              , loginRequired(crowi, app) , me.apiToken);
    164. 

  164.   app.post('/me'                      , form.me.user              , loginRequired(crowi, app) , me.index);
    165. 

  165.   // external-accounts
    166. 

  166.   if (Config.isEnabledPassport(config)) {
    167. 

  167.     app.get('/me/external-accounts'                         , loginRequired(crowi, app) , me.externalAccounts.list);
    168. 

  168.     app.post('/me/external-accounts/disassociate'           , loginRequired(crowi, app) , me.externalAccounts.disassociate);
    169. 

  169.     app.post('/me/external-accounts/associateLdap'          , loginRequired(crowi, app) , form.login , me.externalAccounts.associateLdap);
    170. 

  170.   }
    171. 

  171.   app.post('/me/password'             , form.me.password          , loginRequired(crowi, app) , me.password);
    172. 

  172.   app.post('/me/imagetype'            , form.me.imagetype         , loginRequired(crowi, app) , me.imagetype);
    173. 

  173.   app.post('/me/apiToken'             , form.me.apiToken          , loginRequired(crowi, app) , me.apiToken);
    174. 

  174.   app.post('/me/auth/google'          , loginRequired(crowi, app) , me.authGoogle);
    175. 

  175.   app.get( '/me/auth/google/callback' , loginRequired(crowi, app) , me.authGoogleCallback);
    176. 

  176. 

  177.   app.get( '/:id([0-9a-z]{24})'       , loginRequired(crowi, app, false) , page.redirector);
    178. 

  178.   app.get( '/_r/:id([0-9a-z]{24})'    , loginRequired(crowi, app, false) , page.redirector); // alias
    179. 

  179.   app.get( '/attachment/:pageId/:fileName'  , loginRequired(crowi, app, false), attachment.api.obsoletedGetForMongoDB); // DEPRECATED: remains for backward compatibility for v3.3.x or below
    180. 

  180.   app.get( '/attachment/:id([0-9a-z]{24})'  , loginRequired(crowi, app, false), attachment.api.get);
    181. 

  181.   app.get( '/download/:id([0-9a-z]{24})'    , loginRequired(crowi, app, false), attachment.api.download);
    182. 

  182. 

  183.   app.get( '/_search'                 , loginRequired(crowi, app, false) , search.searchPage);
    184. 

  184.   app.get( '/_api/search'             , accessTokenParser , loginRequired(crowi, app, false) , search.api.search);
    185. 

  185. 

  186.   app.get( '/_api/check_username'           , user.api.checkUsername);
    187. 

  187.   app.get( '/_api/me/user-group-relations'  , accessTokenParser , loginRequired(crowi, app) , me.api.userGroupRelations);
    188. 

  188.   app.get( '/_api/user/bookmarks'           , loginRequired(crowi, app, false) , user.api.bookmarks);
    189. 

  189. 

  190.   // HTTP RPC Styled API (に徐々に移行していいこうと思う)
    191. 

  191.   app.get('/_api/users.list'          , accessTokenParser , loginRequired(crowi, app, false) , user.api.list);
    192. 

  192.   app.get('/_api/pages.list'          , accessTokenParser , loginRequired(crowi, app, false) , page.api.list);
    193. 

  193.   app.get('/_api/pages.recentCreated' , accessTokenParser , loginRequired(crowi, app, false) , page.api.recentCreated);
    194. 

  194.   app.post('/_api/pages.create'       , accessTokenParser , loginRequired(crowi, app) , csrf, page.api.create);
    195. 

  195.   app.post('/_api/pages.update'       , accessTokenParser , loginRequired(crowi, app) , csrf, page.api.update);
    196. 

  196.   app.get('/_api/pages.get'           , accessTokenParser , loginRequired(crowi, app, false) , page.api.get);
    197. 

  197.   app.get('/_api/pages.updatePost'    , accessTokenParser , loginRequired(crowi, app, false) , page.api.getUpdatePost);
    198. 

  198.   // allow posting to guests because the client doesn't know whether the user logged in
    199. 

  199.   app.post('/_api/pages.seen'         , accessTokenParser , loginRequired(crowi, app, false) , page.api.seen);
    200. 

  200.   app.post('/_api/pages.rename'       , accessTokenParser , loginRequired(crowi, app) , csrf, page.api.rename);
    201. 

  201.   app.post('/_api/pages.remove'       , loginRequired(crowi, app) , csrf, page.api.remove); // (Avoid from API Token)
    202. 

  202.   app.post('/_api/pages.revertRemove' , loginRequired(crowi, app) , csrf, page.api.revertRemove); // (Avoid from API Token)
    203. 

  203.   app.post('/_api/pages.unlink'       , loginRequired(crowi, app) , csrf, page.api.unlink); // (Avoid from API Token)
    204. 

  204.   app.post('/_api/pages.duplicate'    , accessTokenParser, loginRequired(crowi, app), csrf, page.api.duplicate);
    205. 

  205.   app.get('/_api/comments.get'        , accessTokenParser , loginRequired(crowi, app, false) , comment.api.get);
    206. 

  206.   app.post('/_api/comments.add'       , form.comment, accessTokenParser , loginRequired(crowi, app) , csrf, comment.api.add);
    207. 

  207.   app.post('/_api/comments.remove'    , accessTokenParser , loginRequired(crowi, app) , csrf, comment.api.remove);
    208. 

  208.   app.get( '/_api/bookmarks.get'      , accessTokenParser , loginRequired(crowi, app, false) , bookmark.api.get);
    209. 

  209.   app.post('/_api/bookmarks.add'      , accessTokenParser , loginRequired(crowi, app) , csrf, bookmark.api.add);
    210. 

  210.   app.post('/_api/bookmarks.remove'   , accessTokenParser , loginRequired(crowi, app) , csrf, bookmark.api.remove);
    211. 

  211.   app.post('/_api/likes.add'          , accessTokenParser , loginRequired(crowi, app) , csrf, page.api.like);
    212. 

  212.   app.post('/_api/likes.remove'       , accessTokenParser , loginRequired(crowi, app) , csrf, page.api.unlike);
    213. 

  213.   app.get( '/_api/attachments.list'   , accessTokenParser , loginRequired(crowi, app, false) , attachment.api.list);
    214. 

  214.   app.post('/_api/attachments.add'                  , uploads.single('file'), autoReap, accessTokenParser, loginRequired(crowi, app) ,csrf, attachment.api.add);
    215. 

  215.   app.post('/_api/attachments.uploadProfileImage'   , uploads.single('file'), autoReap, accessTokenParser, loginRequired(crowi, app) ,csrf, attachment.api.uploadProfileImage);
    216. 

  216.   app.post('/_api/attachments.remove' , accessTokenParser , loginRequired(crowi, app) , csrf, attachment.api.remove);
    217. 

  217.   app.get( '/_api/attachments.limit'  , accessTokenParser , loginRequired(crowi, app) , csrf, attachment.api.limit);
    218. 

  218. 

  219.   app.get( '/_api/revisions.get'      , accessTokenParser , loginRequired(crowi, app, false) , revision.api.get);
    220. 

  220.   app.get( '/_api/revisions.ids'      , accessTokenParser , loginRequired(crowi, app, false) , revision.api.ids);
    221. 

  221.   app.get( '/_api/revisions.list'     , accessTokenParser , loginRequired(crowi, app, false) , revision.api.list);
    222. 

  222. 

  223.   app.get('/trash$'                  , loginRequired(crowi, app, false) , page.trashPageShowWrapper);
    224. 

  224.   app.get('/trash/$'                 , loginRequired(crowi, app, false) , page.trashPageListShowWrapper);
    225. 

  225.   app.get('/trash/*/$'               , loginRequired(crowi, app, false) , page.deletedPageListShowWrapper);
    226. 

  226. 

  227.   app.get('/_hackmd/load-agent'        , hackmd.loadAgent);
    228. 

  228.   app.get('/_hackmd/load-styles'       , hackmd.loadStyles);
    229. 

  229.   app.post('/_api/hackmd.integrate'    , accessTokenParser , loginRequired(crowi, app) , csrf, hackmd.validateForApi, hackmd.integrate);
    230. 

  230.   app.post('/_api/hackmd.saveOnHackmd' , accessTokenParser , loginRequired(crowi, app) , csrf, hackmd.validateForApi, hackmd.saveOnHackmd);
    231. 

  231. 

  232.   // API v3
    233. 

  233.   app.use('/_api/v3', require('./apiv3')(crowi));
    234. 

  234. 

  235.   app.get('/*/$'                   , loginRequired(crowi, app, false) , page.showPageWithEndOfSlash, page.notFound);
    236. 

  236.   app.get('/*'                     , loginRequired(crowi, app, false) , page.showPage, page.notFound);
    237. 

  237. };
    238.