Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
mirrors
/
wekan
-ын хуулбар https://github.com/wekan/wekan.git
2
0
Салаа 0
Файлууд Асуудлууд 0 Мэдлэгийн сан
Мод: 1a26f9fb82
Салаанууд Тагууд
wekan
/
models
/
export.js

export.js 6.2 KB
Түүх Анхны өгөгдөл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194 
  1. /* global JsonRoutes */
    2. 

  2. if (Meteor.isServer) {
    3. 

  3.   // todo XXX once we have a real API in place, move that route there
    4. 

  4.   // todo XXX also  share the route definition between the client and the server
    5. 

  5.   // so that we could use something like
    6. 

  6.   // `ApiRoutes.path('boards/export', boardId)``
    7. 

  7.   // on the client instead of copy/pasting the route path manually between the
    8. 

  8.   // client and the server.
    9. 

  9.   /**
    10. 

  10.    * @operation export
    11. 

  11.    * @tag Boards
    12. 

  12.    *
    13. 

  13.    * @summary This route is used to export the board.
    14. 

  14.    *
    15. 

  15.    * @description If user is already logged-in, pass loginToken as param
    16. 

  16.    * "authToken": '/api/boards/:boardId/export?authToken=:token'
    17. 

  17.    *
    18. 

  18.    * See https://blog.kayla.com.au/server-side-route-authentication-in-meteor/
    19. 

  19.    * for detailed explanations
    20. 

  20.    *
    21. 

  21.    * @param {string} boardId the ID of the board we are exporting
    22. 

  22.    * @param {string} authToken the loginToken
    23. 

  23.    */
    24. 

  24.   JsonRoutes.add('get', '/api/boards/:boardId/export', function(req, res) {
    25. 

  25.     const boardId = req.params.boardId;
    26. 

  26.     let user = null;
    27. 

  27. 

  28.     const loginToken = req.query.authToken;
    29. 

  29.     if (loginToken) {
    30. 

  30.       const hashToken = Accounts._hashLoginToken(loginToken);
    31. 

  31.       user = Meteor.users.findOne({
    32. 

  32.         'services.resume.loginTokens.hashedToken': hashToken,
    33. 

  33.       });
    34. 

  34.     } else if (!Meteor.settings.public.sandstorm) {
    35. 

  35.       Authentication.checkUserId(req.userId);
    36. 

  36.       user = Users.findOne({ _id: req.userId, isAdmin: true });
    37. 

  37.     }
    38. 

  38. 

  39.     const exporter = new Exporter(boardId);
    40. 

  40.     if (exporter.canExport(user)) {
    41. 

  41.       JsonRoutes.sendResult(res, {
    42. 

  42.         code: 200,
    43. 

  43.         data: exporter.build(),
    44. 

  44.       });
    45. 

  45.     } else {
    46. 

  46.       // we could send an explicit error message, but on the other hand the only
    47. 

  47.       // way to get there is by hacking the UI so let's keep it raw.
    48. 

  48.       JsonRoutes.sendResult(res, 403);
    49. 

  49.     }
    50. 

  50.   });
    51. 

  51. }
    52. 

  52. 

  53. class Exporter {
    54. 

  54.   constructor(boardId) {
    55. 

  55.     this._boardId = boardId;
    56. 

  56.   }
    57. 

  57. 

  58.   build() {
    59. 

  59.     const byBoard = { boardId: this._boardId };
    60. 

  60.     const byBoardNoLinked = { boardId: this._boardId, linkedId: {$in: ['', null] } };
    61. 

  61.     // we do not want to retrieve boardId in related elements
    62. 

  62.     const noBoardId = {
    63. 

  63.       fields: {
    64. 

  64.         boardId: 0,
    65. 

  65.       },
    66. 

  66.     };
    67. 

  67.     const result = {
    68. 

  68.       _format: 'wekan-board-1.0.0',
    69. 

  69.     };
    70. 

  70.     _.extend(result, Boards.findOne(this._boardId, {
    71. 

  71.       fields: {
    72. 

  72.         stars: 0,
    73. 

  73.       },
    74. 

  74.     }));
    75. 

  75.     result.lists = Lists.find(byBoard, noBoardId).fetch();
    76. 

  76.     result.cards = Cards.find(byBoardNoLinked, noBoardId).fetch();
    77. 

  77.     result.swimlanes = Swimlanes.find(byBoard, noBoardId).fetch();
    78. 

  78.     result.customFields = CustomFields.find({boardIds: {$in: [this.boardId]}}, {fields: {boardId: 0}}).fetch();
    79. 

  79.     result.comments = CardComments.find(byBoard, noBoardId).fetch();
    80. 

  80.     result.activities = Activities.find(byBoard, noBoardId).fetch();
    81. 

  81.     result.rules = Rules.find(byBoard, noBoardId).fetch();
    82. 

  82.     result.checklists = [];
    83. 

  83.     result.checklistItems = [];
    84. 

  84.     result.subtaskItems = [];
    85. 

  85.     result.triggers = [];
    86. 

  86.     result.actions = [];
    87. 

  87.     result.cards.forEach((card) => {
    88. 

  88.       result.checklists.push(...Checklists.find({
    89. 

  89.         cardId: card._id,
    90. 

  90.       }).fetch());
    91. 

  91.       result.checklistItems.push(...ChecklistItems.find({
    92. 

  92.         cardId: card._id,
    93. 

  93.       }).fetch());
    94. 

  94.       result.subtaskItems.push(...Cards.find({
    95. 

  95.         parentid: card._id,
    96. 

  96.       }).fetch());
    97. 

  97.     });
    98. 

  98.     result.rules.forEach((rule) => {
    99. 

  99.       result.triggers.push(...Triggers.find({
    100. 

  100.         _id: rule.triggerId,
    101. 

  101.       }, noBoardId).fetch());
    102. 

  102.       result.actions.push(...Actions.find({
    103. 

  103.         _id: rule.actionId,
    104. 

  104.       }, noBoardId).fetch());
    105. 

  105.     });
    106. 

  106. 

  107.     // [Old] for attachments we only export IDs and absolute url to original doc
    108. 

  108.     // [New] Encode attachment to base64
    109. 

  109.     const getBase64Data = function(doc, callback) {
    110. 

  110.       let buffer = new Buffer(0);
    111. 

  111.       // callback has the form function (err, res) {}
    112. 

  112.       const readStream = doc.createReadStream();
    113. 

  113.       readStream.on('data', function(chunk) {
    114. 

  114.         buffer = Buffer.concat([buffer, chunk]);
    115. 

  115.       });
    116. 

  116.       readStream.on('error', function(err) {
    117. 

  117.         callback(err, null);
    118. 

  118.       });
    119. 

  119.       readStream.on('end', function() {
    120. 

  120.         // done
    121. 

  121.         callback(null, buffer.toString('base64'));
    122. 

  122.       });
    123. 

  123.     };
    124. 

  124.     const getBase64DataSync = Meteor.wrapAsync(getBase64Data);
    125. 

  125.     result.attachments = Attachments.find(byBoard).fetch().map((attachment) => {
    126. 

  126.       return {
    127. 

  127.         _id: attachment._id,
    128. 

  128.         cardId: attachment.cardId,
    129. 

  129.         // url: FlowRouter.url(attachment.url()),
    130. 

  130.         file: getBase64DataSync(attachment),
    131. 

  131.         name: attachment.original.name,
    132. 

  132.         type: attachment.original.type,
    133. 

  133.       };
    134. 

  134.     });
    135. 

  135. 

  136.     // we also have to export some user data - as the other elements only
    137. 

  137.     // include id but we have to be careful:
    138. 

  138.     // 1- only exports users that are linked somehow to that board
    139. 

  139.     // 2- do not export any sensitive information
    140. 

  140.     const users = {};
    141. 

  141.     result.members.forEach((member) => {
    142. 

  142.       users[member.userId] = true;
    143. 

  143.     });
    144. 

  144.     result.lists.forEach((list) => {
    145. 

  145.       users[list.userId] = true;
    146. 

  146.     });
    147. 

  147.     result.cards.forEach((card) => {
    148. 

  148.       users[card.userId] = true;
    149. 

  149.       if (card.members) {
    150. 

  150.         card.members.forEach((memberId) => {
    151. 

  151.           users[memberId] = true;
    152. 

  152.         });
    153. 

  153.       }
    154. 

  154.     });
    155. 

  155.     result.comments.forEach((comment) => {
    156. 

  156.       users[comment.userId] = true;
    157. 

  157.     });
    158. 

  158.     result.activities.forEach((activity) => {
    159. 

  159.       users[activity.userId] = true;
    160. 

  160.     });
    161. 

  161.     result.checklists.forEach((checklist) => {
    162. 

  162.       users[checklist.userId] = true;
    163. 

  163.     });
    164. 

  164.     const byUserIds = {
    165. 

  165.       _id: {
    166. 

  166.         $in: Object.getOwnPropertyNames(users),
    167. 

  167.       },
    168. 

  168.     };
    169. 

  169.     // we use whitelist to be sure we do not expose inadvertently
    170. 

  170.     // some secret fields that gets added to User later.
    171. 

  171.     const userFields = {
    172. 

  172.       fields: {
    173. 

  173.         _id: 1,
    174. 

  174.         username: 1,
    175. 

  175.         'profile.fullname': 1,
    176. 

  176.         'profile.initials': 1,
    177. 

  177.         'profile.avatarUrl': 1,
    178. 

  178.       },
    179. 

  179.     };
    180. 

  180.     result.users = Users.find(byUserIds, userFields).fetch().map((user) => {
    181. 

  181.       // user avatar is stored as a relative url, we export absolute
    182. 

  182.       if (user.profile.avatarUrl) {
    183. 

  183.         user.profile.avatarUrl = FlowRouter.url(user.profile.avatarUrl);
    184. 

  184.       }
    185. 

  185.       return user;
    186. 

  186.     });
    187. 

  187.     return result;
    188. 

  188.   }
    189. 

  189. 

  190.   canExport(user) {
    191. 

  191.     const board = Boards.findOne(this._boardId);
    192. 

  192.     return board && board.isVisibleBy(user);
    193. 

  193.   }
    194. 

  194. }
    195.