Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
mirrors
/
wekan
zrkadlo https://github.com/wekan/wekan.git
2
0
Fork 0
Súbory Issues 0 Wiki
Branch: main
Branche Tagy
wekan
/
models
/
export.js

export.js 7.1 KB
Permanentný odkaz História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207 
  1. import { ReactiveCache } from '/imports/reactiveCache';
    2. 

  2. import { Exporter } from './exporter';
    3. 

  3. import { Meteor } from 'meteor/meteor';
    4. 

  4. 

  5. /* global JsonRoutes */
    6. 

  6. if (Meteor.isServer) {
    7. 

  7.   import { Picker } from 'meteor/communitypackages:picker';
    8. 

  8. 

  9.   // todo XXX once we have a real API in place, move that route there
    10. 

  10.   // todo XXX also  share the route definition between the client and the server
    11. 

  11.   // so that we could use something like
    12. 

  12.   // `ApiRoutes.path('boards/export', boardId)``
    13. 

  13.   // on the client instead of copy/pasting the route path manually between the
    14. 

  14.   // client and the server.
    15. 

  15.   /**
    16. 

  16.    * @operation exportJson
    17. 

  17.    * @tag Boards
    18. 

  18.    *
    19. 

  19.    * @summary This route is used to export the board to a json file format.
    20. 

  20.    *
    21. 

  21.    * @description If user is already logged-in, pass loginToken as param
    22. 

  22.    * "authToken": '/api/boards/:boardId/export?authToken=:token'
    23. 

  23.    *
    24. 

  24.    * See https://blog.kayla.com.au/server-side-route-authentication-in-meteor/
    25. 

  25.    * for detailed explanations
    26. 

  26.    *
    27. 

  27.    * @param {string} boardId the ID of the board we are exporting
    28. 

  28.    * @param {string} authToken the loginToken
    29. 

  29.    */
    30. 

  30.   JsonRoutes.add('get', '/api/boards/:boardId/export', function (req, res) {
    31. 

  31.     const boardId = req.params.boardId;
    32. 

  32.     let user = null;
    33. 

  33.     let impersonateDone = false;
    34. 

  34.     let adminId = null;
    35. 

  35.     const loginToken = req.query.authToken;
    36. 

  36.     if (loginToken) {
    37. 

  37.       const hashToken = Accounts._hashLoginToken(loginToken);
    38. 

  38.       user = ReactiveCache.getUser({
    39. 

  39.         'services.resume.loginTokens.hashedToken': hashToken,
    40. 

  40.       });
    41. 

  41.       adminId = user._id.toString();
    42. 

  42.       impersonateDone = ReactiveCache.getImpersonatedUser({ adminId: adminId });
    43. 

  43.     } else if (!Meteor.settings.public.sandstorm) {
    44. 

  44.       Authentication.checkUserId(req.userId);
    45. 

  45.       user = ReactiveCache.getUser({ _id: req.userId, isAdmin: true });
    46. 

  46.     }
    47. 

  47.     const exporter = new Exporter(boardId);
    48. 

  48.     if (exporter.canExport(user) || impersonateDone) {
    49. 

  49.       if (impersonateDone) {
    50. 

  50.         ImpersonatedUsers.insert({
    51. 

  51.           adminId: adminId,
    52. 

  52.           boardId: boardId,
    53. 

  53.           reason: 'exportJSON',
    54. 

  54.         });
    55. 

  55.       }
    56. 

  56. 

  57.       JsonRoutes.sendResult(res, {
    58. 

  58.         code: 200,
    59. 

  59.         data: exporter.build(),
    60. 

  60.       });
    61. 

  61.     } else {
    62. 

  62.       // we could send an explicit error message, but on the other hand the only
    63. 

  63.       // way to get there is by hacking the UI so let's keep it raw.
    64. 

  64.       JsonRoutes.sendResult(res, 403);
    65. 

  65.     }
    66. 

  66.   });
    67. 

  67. 

  68.   // todo XXX once we have a real API in place, move that route there
    69. 

  69.   // todo XXX also  share the route definition between the client and the server
    70. 

  70.   // so that we could use something like
    71. 

  71.   // `ApiRoutes.path('boards/export', boardId)``
    72. 

  72.   // on the client instead of copy/pasting the route path manually between the
    73. 

  73.   // client and the server.
    74. 

  74.   /**
    75. 

  75.    * @operation exportJson
    76. 

  76.    * @tag Boards
    77. 

  77.    *
    78. 

  78.    * @summary This route is used to export a attachement to a json file format.
    79. 

  79.    *
    80. 

  80.    * @description If user is already logged-in, pass loginToken as param
    81. 

  81.    * "authToken": '/api/boards/:boardId/attachments/:attachmentId/export?authToken=:token'
    82. 

  82.    *
    83. 

  83.    *
    84. 

  84.    * @param {string} boardId the ID of the board we are exporting
    85. 

  85.    * @param {string} attachmentId the ID of the attachment we are exporting
    86. 

  86.    * @param {string} authToken the loginToken
    87. 

  87.    */
    88. 

  88.   JsonRoutes.add(
    89. 

  89.     'get',
    90. 

  90.     '/api/boards/:boardId/attachments/:attachmentId/export',
    91. 

  91.     function (req, res) {
    92. 

  92.       const boardId = req.params.boardId;
    93. 

  93.       const attachmentId = req.params.attachmentId;
    94. 

  94.       let user = null;
    95. 

  95.       let impersonateDone = false;
    96. 

  96.       let adminId = null;
    97. 

  97.       const loginToken = req.query.authToken;
    98. 

  98.       if (loginToken) {
    99. 

  99.         const hashToken = Accounts._hashLoginToken(loginToken);
    100. 

  100.         user = ReactiveCache.getUser({
    101. 

  101.           'services.resume.loginTokens.hashedToken': hashToken,
    102. 

  102.         });
    103. 

  103.         adminId = user._id.toString();
    104. 

  104.         impersonateDone = ReactiveCache.getImpersonatedUser({ adminId: adminId });
    105. 

  105.       } else if (!Meteor.settings.public.sandstorm) {
    106. 

  106.         Authentication.checkUserId(req.userId);
    107. 

  107.         user = ReactiveCache.getUser({ _id: req.userId, isAdmin: true });
    108. 

  108.       }
    109. 

  109.       const exporter = new Exporter(boardId, attachmentId);
    110. 

  110.       if (exporter.canExport(user) || impersonateDone) {
    111. 

  111.         if (impersonateDone) {
    112. 

  112.           ImpersonatedUsers.insert({
    113. 

  113.             adminId: adminId,
    114. 

  114.             boardId: boardId,
    115. 

  115.             attachmentId: attachmentId,
    116. 

  116.             reason: 'exportJSONattachment',
    117. 

  117.           });
    118. 

  118.         }
    119. 

  119.         JsonRoutes.sendResult(res, {
    120. 

  120.           code: 200,
    121. 

  121.           data: exporter.build(),
    122. 

  122.         });
    123. 

  123.       } else {
    124. 

  124.         // we could send an explicit error message, but on the other hand the only
    125. 

  125.         // way to get there is by hacking the UI so let's keep it raw.
    126. 

  126.         JsonRoutes.sendResult(res, 403);
    127. 

  127.       }
    128. 

  128.     },
    129. 

  129.   );
    130. 

  130. 

  131.   /**
    132. 

  132.    * @operation exportCSV/TSV
    133. 

  133.    * @tag Boards
    134. 

  134.    *
    135. 

  135.    * @summary This route is used to export the board to a CSV or TSV file format.
    136. 

  136.    *
    137. 

  137.    * @description If user is already logged-in, pass loginToken as param
    138. 

  138.    *
    139. 

  139.    * See https://blog.kayla.com.au/server-side-route-authentication-in-meteor/
    140. 

  140.    * for detailed explanations
    141. 

  141.    *
    142. 

  142.    * @param {string} boardId the ID of the board we are exporting
    143. 

  143.    * @param {string} authToken the loginToken
    144. 

  144.    * @param {string} delimiter delimiter to use while building export. Default is comma ','
    145. 

  145.    */
    146. 

  146.   Picker.route('/api/boards/:boardId/export/csv', function (params, req, res) {
    147. 

  147.     const boardId = params.boardId;
    148. 

  148.     let user = null;
    149. 

  149.     let impersonateDone = false;
    150. 

  150.     let adminId = null;
    151. 

  151.     const loginToken = params.query.authToken;
    152. 

  152.     if (loginToken) {
    153. 

  153.       const hashToken = Accounts._hashLoginToken(loginToken);
    154. 

  154.       user = ReactiveCache.getUser({
    155. 

  155.         'services.resume.loginTokens.hashedToken': hashToken,
    156. 

  156.       });
    157. 

  157.       adminId = user._id.toString();
    158. 

  158.       impersonateDone = ReactiveCache.getImpersonatedUser({ adminId: adminId });
    159. 

  159.     } else if (!Meteor.settings.public.sandstorm) {
    160. 

  160.       Authentication.checkUserId(req.userId);
    161. 

  161.       user = ReactiveCache.getUser({
    162. 

  162.         _id: req.userId,
    163. 

  163.         isAdmin: true,
    164. 

  164.       });
    165. 

  165.     }
    166. 

  166.     const exporter = new Exporter(boardId);
    167. 

  167.     if (exporter.canExport(user) || impersonateDone) {
    168. 

  168.       if (impersonateDone) {
    169. 

  169.         let exportType = 'exportCSV';
    170. 

  170.         if( params.query.delimiter == "\t" ) {
    171. 

  171.           exportType = 'exportTSV';
    172. 

  172.         }
    173. 

  173.         ImpersonatedUsers.insert({
    174. 

  174.           adminId: adminId,
    175. 

  175.           boardId: boardId,
    176. 

  176.           reason: exportType,
    177. 

  177.         });
    178. 

  178.       }
    179. 

  179.       
    180. 

  180.       let userLanguage = 'en';
    181. 

  181.       if (user && user.profile) {
    182. 

  182.         userLanguage = user.profile.language
    183. 

  183.       }
    184. 

  184.       
    185. 

  185.       if( params.query.delimiter == "\t" ) {
    186. 

  186.         // TSV file
    187. 

  187.         res.writeHead(200, {
    188. 

  188.           'Content-Type': 'text/tsv',
    189. 

  189.         });
    190. 

  190.       }
    191. 

  191.       else {
    192. 

  192.         // CSV file (comma or semicolon)
    193. 

  193.         res.writeHead(200, {
    194. 

  194.           'Content-Type': 'text/csv; charset=utf-8',
    195. 

  195.         });
    196. 

  196.         // Adding UTF8 BOM to quick fix MS Excel issue
    197. 

  197.         // use Uint8Array to prevent from converting bytes to string
    198. 

  198.         res.write(new Uint8Array([0xEF, 0xBB, 0xBF]));
    199. 

  199.       }
    200. 

  200.       res.write(exporter.buildCsv(params.query.delimiter, userLanguage));
    201. 

  201.       res.end();
    202. 

  202.     } else {
    203. 

  203.       res.writeHead(403);
    204. 

  204.       res.end('Permission Error');
    205. 

  205.     }
    206. 

  206.   });
    207. 

  207. }
    208.