wiki
/
weseek__growi
同期ミラー https://github.com/weseek/growi


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214
							/* eslint-disable no-unused-vars */
const loggerFactory = require('@alias/logger');

const logger = loggerFactory('growi:routes:apiv3:user-group');

const express = require('express');

const router = express.Router();

const { body } = require('express-validator/check');

const validator = {};

/**
 * @swagger
 *  tags:
 *    name: MarkDownSetting
 */

module.exports = (crowi) => {
  const loginRequiredStrictly = require('../../middleware/login-required')(crowi);
  const adminRequired = require('../../middleware/admin-required')(crowi);
  const csrf = require('../../middleware/csrf')(crowi);

  const {
    ErrorV3,
    Config,
  } = crowi.models;

  const { ApiV3FormValidator } = crowi.middlewares;

  validator.lineBreak = [
    body('isEnabledLinebreaks').isBoolean(),
    body('isEnabledLinebreaksInComments').isBoolean(),
  ];

  /**
   * @swagger
   *
   *  paths:
   *    /_api/v3/markdown-setting/lineBreak:
   *      put:
   *        tags: [MarkDownSetting]
   *        description: Update lineBreak
   *        parameters:
   *          - name: isEnabledLinebreaks
   *            in: query
   *            description: enable lineBreak
   *            schema:
   *              type: boolean
   *          - name: isEnabledLinebreaksInComments
   *            in: query
   *            description: enable lineBreak in comment
   *            schema:
   *              type: boolean
   *        responses:
   *          200:
   *            description: Updating lineBreak success
   *            content:
   *              application/json:
   *                schema:
   *                  properties:
   *                    xssParams:
   *                      type: object
   *                      description: new lineBreak params
   */
  router.put('/lineBreak', loginRequiredStrictly, adminRequired, csrf, validator.lineBreak, ApiV3FormValidator, async(req, res) => {

    const lineBreakParams = {
      'markdown:isEnabledLinebreaks': req.body.isEnabledLinebreaks,
      'markdown:isEnabledLinebreaksInComments': req.body.isEnabledLinebreaksInComments,
    };

    try {
      await crowi.configManager.updateConfigsInTheSameNamespace('markdown', lineBreakParams);
      return res.apiv3({ lineBreakParams });
    }
    catch (err) {
      const msg = 'Error occurred in updating lineBreak';
      logger.error('Error', err);
      return res.apiv3Err(new ErrorV3(msg, 'update-lineBreak-failed'));
    }

  });

  validator.presentationSetting = [
    body('pageBreakSeparator').isInt().not().isEmpty(),
  ];

  /**
   * @swagger
   *
   *  paths:
   *    /_api/v3/markdown-setting/presentation:
   *      put:
   *        tags: [Users]
   *        description: Update presentation
   *        parameters:
   *          - name: markdown:presentation:pageBreakSeparator
   *            in: query
   *            description: pageBreakSeparator
   *            schema:
   *              type: number
   *        responses:
   *          200:
   *            description: Updating presentation success
   *            content:
   *              application/json:
   *                schema:
   *                  properties:
   *                    presentationParams:
   *                      type: object
   *                      description: new presentation params
   */
  router.put('/presentation', loginRequiredStrictly, adminRequired, csrf, validator.presentationSetting, ApiV3FormValidator, async(req, res) => {
    if (req.body.pageBreakSeparator === 3 && req.body.pageBreakCustomSeparator === '') {
      return res.apiv3Err(new ErrorV3('customRegularExpression is required'));
    }

    const presentationParams = {
      'markdown:presentation:pageBreakSeparator': req.body.pageBreakSeparator,
      'markdown:presentation:pageBreakCustomSeparator': req.body.pageBreakCustomSeparator,
    };

    try {
      await crowi.configManager.updateConfigsInTheSameNamespace('markdown', presentationParams);
      return res.apiv3({ presentationParams });
    }
    catch (err) {
      const msg = 'Error occurred in updating presentation';
      logger.error('Error', err);
      return res.apiv3Err(new ErrorV3(msg, 'update-presentation-failed'));
    }

  });

  validator.xssSetting = [
    body('isEnabledXss').isBoolean(),
    body('tagWhiteList').isArray(),
    body('attrWhiteList').isArray(),
  ];

  /**
   * @swagger
   *
   *  paths:
   *    /_api/v3/markdown-setting/xss:
   *      put:
   *        tags: [MarkDownSetting]
   *        description: Update xss
   *        parameters:
   *          - name: isEnabledPrevention
   *            in: query
   *            description: enable xss
   *            schema:
   *              type: boolean
   *          - name: option
   *            in: query
   *            description: xss option
   *            schema:
   *              type: number
   *          - name: tagWhiteList
   *            in: query
   *            description: custom tag whitelist
   *            schema:
   *              type: array
   *              items:
   *                type: string
   *                description: tag whitelist
   *          - name: attrWhiteList
   *            in: query
   *            description: custom attr whitelist
   *            schema:
   *              type: array
   *              items:
   *                type: string
   *                description: tag whitelist
   *        responses:
   *          200:
   *            description: Updating xss success
   *            content:
   *              application/json:
   *                schema:
   *                  properties:
   *                    xssParams:
   *                      type: object
   *                      description: new xss params
   */
  router.put('/xss', loginRequiredStrictly, adminRequired, csrf, validator.xssSetting, ApiV3FormValidator, async(req, res) => {
    if (req.body.isEnabledXss && req.body.xssOption == null) {
      return res.apiv3Err(new ErrorV3('xss option is required'));
    }

    const xssParams = {
      'markdown:xss:isEnabledPrevention': req.body.isEnabledXss,
      'markdown:xss:option': req.body.xssOption,
      'markdown:xss:tagWhiteList': req.body.tagWhiteList,
      'markdown:xss:attrWhiteList': req.body.attrWhiteList,
    };

    try {
      await crowi.configManager.updateConfigsInTheSameNamespace('markdown', xssParams);
      return res.apiv3({ xssParams });
    }
    catch (err) {
      const msg = 'Error occurred in updating xss';
      logger.error('Error', err);
      return res.apiv3Err(new ErrorV3(msg, 'update-xss-failed'));
    }

  });

  return router;
};