Página Principal Explorar Ajuda
Iniciar Sessão
mirrors
/
wekan
mirror de https://github.com/wekan/wekan.git
2
0
Fork 0
Ficheiros Problemas 0 Wiki
Árvore: 2f95431c9b
Ramos Etiquetas
wekan
/
models
/
exportPDF.js

exportPDF.js 3.4 KB
Histórico Em bruto

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697 
  1. import { ReactiveCache } from '/imports/reactiveCache';
    2. 

  2. import { TAPi18n } from '/imports/i18n';
    3. 

  3. import { runOnServer } from './runOnServer';
    4. 

  4. 

  5. runOnServer(function() {
    6. 

  6.   // the ExporterCardPDF class is only available on server and in order to import
    7. 

  7.   // it here we use runOnServer to have it inside a function instead of an
    8. 

  8.   // if (Meteor.isServer) block
    9. 

  9.   import { ExporterCardPDF } from './server/ExporterCardPDF';
    10. 

  10.   import { Picker } from 'meteor/communitypackages:picker';
    11. 

  11. 

  12.   // todo XXX once we have a real API in place, move that route there
    13. 

  13.   // todo XXX also  share the route definition between the client and the server
    14. 

  14.   // so that we could use something like
    15. 

  15.   // `ApiRoutes.path('boards/exportExcel', boardId)``
    16. 

  16.   // on the client instead of copy/pasting the route path manually between the
    17. 

  17.   // client and the server.
    18. 

  18.   /**
    19. 

  19.    * @operation exportExcel
    20. 

  20.    * @tag Boards
    21. 

  21.    *
    22. 

  22.    * @summary This route is used to export the board Excel.
    23. 

  23.    *
    24. 

  24.    * @description If user is already logged-in, pass loginToken as param
    25. 

  25.    * "authToken": '/api/boards/:boardId/exportExcel?authToken=:token'
    26. 

  26.    *
    27. 

  27.    * See https://blog.kayla.com.au/server-side-route-authentication-in-meteor/
    28. 

  28.    * for detailed explanations
    29. 

  29.    *
    30. 

  30.    * @param {string} boardId the ID of the board we are exporting
    31. 

  31.    * @param {string} authToken the loginToken
    32. 

  32.    */
    33. 

  33.   Picker.route('/api/boards/:boardId/lists/:listId/cards/:cardId/exportPDF', function (params, req, res) {
    34. 

  34.     const boardId = params.boardId;
    35. 

  35.     const paramListId = req.params.listId;
    36. 

  36.     const paramCardId = req.params.cardId;
    37. 

  37.     let user = null;
    38. 

  38.     let impersonateDone = false;
    39. 

  39.     let adminId = null;
    40. 

  40. 

  41.     // First check if board exists and is public to avoid unnecessary authentication
    42. 

  42.     const board = ReactiveCache.getBoard(boardId);
    43. 

  43.     if (!board) {
    44. 

  44.       res.end('Board not found');
    45. 

  45.       return;
    46. 

  46.     }
    47. 

  47. 

  48.     // If board is public, skip expensive authentication operations
    49. 

  49.     if (board.isPublic()) {
    50. 

  50.       // Public boards don't require authentication - skip hash operations
    51. 

  51.       const exporterCardPDF = new ExporterCardPDF(boardId);
    52. 

  52.       exporterCardPDF.build(res);
    53. 

  53.       return;
    54. 

  54.     }
    55. 

  55. 

  56.     // Only perform expensive authentication for private boards
    57. 

  57.     const loginToken = params.query.authToken;
    58. 

  58.     if (loginToken) {
    59. 

  59.       // Validate token length to prevent resource abuse
    60. 

  60.       if (loginToken.length > 10000) {
    61. 

  61.         if (process.env.DEBUG === 'true') {
    62. 

  62.           console.warn('Suspiciously long auth token received, rejecting to prevent resource abuse');
    63. 

  63.         }
    64. 

  64.         res.end('Invalid token');
    65. 

  65.         return;
    66. 

  66.       }
    67. 

  67. 

  68.       const hashToken = Accounts._hashLoginToken(loginToken);
    69. 

  69.       user = ReactiveCache.getUser({
    70. 

  70.         'services.resume.loginTokens.hashedToken': hashToken,
    71. 

  71.       });
    72. 

  72.       adminId = user._id.toString();
    73. 

  73.       impersonateDone = ReactiveCache.getImpersonatedUser({ adminId: adminId });
    74. 

  74.     } else if (!Meteor.settings.public.sandstorm) {
    75. 

  75.       Authentication.checkUserId(req.userId);
    76. 

  76.       user = ReactiveCache.getUser({
    77. 

  77.         _id: req.userId,
    78. 

  78.         isAdmin: true,
    79. 

  79.       });
    80. 

  80.     }
    81. 

  81. 

  82.     const exporterCardPDF = new ExporterCardPDF(boardId);
    83. 

  83.     if (exporterCardPDF.canExport(user) || impersonateDone) {
    84. 

  84.       if (impersonateDone) {
    85. 

  85.         ImpersonatedUsers.insert({
    86. 

  86.           adminId: adminId,
    87. 

  87.           boardId: boardId,
    88. 

  88.           reason: 'exportCardPDF',
    89. 

  89.         });
    90. 

  90.       }
    91. 

  91. 

  92.       exporterCardPDF.build(res);
    93. 

  93.     } else {
    94. 

  94.       res.end(TAPi18n.__('user-can-not-export-card-to-pdf'));
    95. 

  95.     }
    96. 

  96.   });
    97. 

  97. });
    98.