-
Notifications
You must be signed in to change notification settings - Fork 443
/
page.edit.route.js
70 lines (57 loc) · 1.79 KB
/
page.edit.route.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
'use strict';
// Modules
var fs = require('fs-extra');
var validator = require('validator');
var get_filepath = require('../functions/get_filepath.js');
var create_meta_info = require('../functions/create_meta_info.js');
function route_page_edit (config) {
return async function (req, res, next) {
var file_category;
var file_name;
// Handle category in file path
var req_file = req.body.file.split('/');
if (req_file.length > 2) {
file_category = req_file[1];
file_name = req_file[2];
} else {
file_name = req_file[1];
}
// Generate Filepath
// Sanitized within function
var filepath = get_filepath({
content : config.content_dir,
category : file_category,
filename : file_name
});
// No file at that filepath?
// Add ".md" extension to try again
if (!(await fs.pathExists(filepath))) {
filepath += '.md';
}
// Create content including meta information (i.e. title, description, sort)
function create_content (body) {
var meta = create_meta_info(body.meta_title, body.meta_description, body.meta_sort);
return meta + body.content;
}
var complete_content = create_content(req.body);
// Sanitize Content
// This will disallow <script> and <style> embeds
// because output will be HTML-encoded.
// If you need images, links, etc. use the Markdown format (see docs)
var sanitized_content = validator.escape(complete_content);
try {
await fs.writeFile(filepath, sanitized_content);
res.json({
status : 0,
message : config.lang.api.pageSaved
});
} catch (error) {
res.json({
status : 1,
message : error
});
}
};
}
// Exports
module.exports = route_page_edit;