Skip to content
Permalink
Browse files

fix #28

  • Loading branch information...
sunface committed Sep 12, 2019
1 parent 90d1f4b commit 636082faabd2708e295a8b5c5233ba496476f5fb
@@ -0,0 +1 @@
im.dev
@@ -3,29 +3,33 @@ package internal
import (
"github.com/labstack/echo"
"github.com/thinkindev/im.dev/internal/post"
"github.com/thinkindev/im.dev/internal/session"
"github.com/thinkindev/im.dev/internal/user"
)

func apiHandler(e *echo.Echo) {
// sign-in apis
e.POST("/web/signIn", session.SignIn)
e.POST("/web/signOut", session.SignOut)
e.GET("/web/user/get", session.GetUser)
e.POST("/web/signIn", user.SignIn)
e.POST("/web/signOut", user.SignOut)
e.GET("/web/user/card", user.Card)

// article apis
e.POST("/web/article/saveNew", post.NewArticle, session.CheckSignIn)
e.POST("/web/post/preview", post.Preview, session.CheckSignIn)
e.POST("/web/article/saveNew", post.NewArticle, user.CheckSignIn)
e.POST("/web/post/preview", post.Preview, user.CheckSignIn)
e.GET("/web/article/detail", post.GetArticleDetail)
e.GET("/web/article/beforeEdit", post.BeforeEditAr, session.CheckSignIn)
e.POST("/web/article/saveChanges", post.SaveArticleChanges, session.CheckSignIn)
e.GET("/web/article/beforeEdit", post.BeforeEditAr, user.CheckSignIn)
e.POST("/web/article/saveChanges", post.SaveArticleChanges, user.CheckSignIn)

// comment apis
e.POST("/web/comment/create", post.Comment, session.CheckSignIn)
e.POST("/web/comment/reply", post.CommentReply, session.CheckSignIn)
e.POST("/web/comment/edit", post.EditComment, session.CheckSignIn)
e.POST("/web/comment/delete", post.DeleteComment, session.CheckSignIn)
e.POST("/web/comment/revert", post.RevertComment, session.CheckSignIn)
e.POST("/web/comment/create", post.Comment, user.CheckSignIn)
e.POST("/web/comment/reply", post.CommentReply, user.CheckSignIn)
e.POST("/web/comment/edit", post.EditComment, user.CheckSignIn)
e.POST("/web/comment/delete", post.DeleteComment, user.CheckSignIn)
e.POST("/web/comment/revert", post.RevertComment, user.CheckSignIn)
e.GET("/web/comment/query", post.QueryComments)
e.POST("/web/comment/like", post.CommentLike, session.CheckSignIn)
e.POST("/web/comment/dislike", post.CommentDislike, session.CheckSignIn)
e.POST("/web/comment/like", post.CommentLike, user.CheckSignIn)
e.POST("/web/comment/dislike", post.CommentDislike, user.CheckSignIn)

// user
e.GET("/user/profile", user.Profile, user.CheckSignIn)
e.POST("/user/profile/set", user.SetProfile, user.CheckSignIn)
}
@@ -13,6 +13,9 @@ const (

NoPermission = 1004
NoPermissionMsg = "You don't have permission"

NotFound = 1005
NotFoundMsg = "404 not found"
)

// article
@@ -29,3 +32,6 @@ const (
CommentLiked = 1200
CommentLikedMsg = "You have agreed this comment before"
)

// user
const ()
@@ -9,7 +9,7 @@ import (
"github.com/labstack/echo"
"github.com/labstack/echo/middleware"
"github.com/thinkindev/im.dev/internal/misc"
"github.com/thinkindev/im.dev/internal/session"
"github.com/thinkindev/im.dev/internal/user"
)

// Start web server for im.dev ui
@@ -29,7 +29,7 @@ func Start(confPath string) {
}
}

session.InitUser()
user.InitUser()

e := echo.New()
e.Pre(middleware.RemoveTrailingSlash())
@@ -3,6 +3,7 @@ package misc
import (
"encoding/base64"

"github.com/microcosm-cc/bluemonday"
"go.uber.org/zap"
)

@@ -14,3 +15,23 @@ var Log *zap.Logger

// Base64 is the base64 handler
var Base64 = base64.NewEncoding("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/")

// Sanitizer makes outside string clean
var Sanitizer *bluemonday.Policy

func init() {
p := bluemonday.UGCPolicy()
p.AllowAttrs("class").Globally()
p.AllowAttrs("id").Globally()
p.AllowElements("input")
p.AllowAttrs("checked").OnElements("input")
p.AllowAttrs("disabled").OnElements("input")
p.AllowAttrs("type").OnElements("input")
p.AllowAttrs("style").OnElements("span")
p.AllowAttrs("style").OnElements("td")
p.AllowAttrs("style").OnElements("th")

p.AllowDataURIImages()

Sanitizer = p
}
@@ -8,7 +8,7 @@ import (
"github.com/labstack/echo"
"github.com/thinkindev/im.dev/internal/ecode"
"github.com/thinkindev/im.dev/internal/misc"
"github.com/thinkindev/im.dev/internal/session"
"github.com/thinkindev/im.dev/internal/user"
"github.com/thinkindev/im.dev/internal/utils"
"go.uber.org/zap"
)
@@ -44,7 +44,7 @@ func NewArticle(c echo.Context) error {
})
}

sess := session.Get(c)
sess := user.GetSession(c)

// generate id for article
ar.ID = misc.GenID()
@@ -152,7 +152,7 @@ func BeforeEditAr(c echo.Context) error {
})
}

sess := session.Get(c)
sess := user.GetSession(c)

// check whether user has permission to do so
if uid != sess.ID {
@@ -204,7 +204,7 @@ func SaveArticleChanges(c echo.Context) error {
Message: ecode.CommonErrorMsg,
})
}
sess := session.Get(c)
sess := user.GetSession(c)
if sess.ID != uid {
return c.JSON(http.StatusInternalServerError, misc.HTTPResp{
ErrCode: ecode.NoPermission,
@@ -13,7 +13,7 @@ import (
"github.com/labstack/echo"
"github.com/thinkindev/im.dev/internal/ecode"
"github.com/thinkindev/im.dev/internal/misc"
"github.com/thinkindev/im.dev/internal/session"
"github.com/thinkindev/im.dev/internal/user"
"github.com/thinkindev/im.dev/internal/utils"
"go.uber.org/zap"
)
@@ -96,7 +96,7 @@ func Comment(c echo.Context) error {
})
}

sess := session.Get(c)
sess := user.GetSession(c)

cc.UID = sess.ID
// generate id for article
@@ -176,7 +176,7 @@ func CommentReply(c echo.Context) error {
})
}

sess := session.Get(c)
sess := user.GetSession(c)

cc.UID = sess.ID
// generate id for article
@@ -224,7 +224,7 @@ func EditComment(c echo.Context) error {
})
}

sess := session.Get(c)
sess := user.GetSession(c)

// check permission
q := misc.CQL.Query(`SELECT uid FROM comment WHERE id=?`, id)
@@ -281,7 +281,7 @@ func DeleteComment(c echo.Context) error {
})
}

sess := session.Get(c)
sess := user.GetSession(c)
// check comment exists and this user has permission
var uid string
q := misc.CQL.Query(`SELECT uid FROM comment WHERE id=?`, id)
@@ -326,7 +326,7 @@ func RevertComment(c echo.Context) error {
})
}

sess := session.Get(c)
sess := user.GetSession(c)
// check comment exists and this user has permission
var uid, md, render string

@@ -361,7 +361,7 @@ func RevertComment(c echo.Context) error {
comment := &CommentContent{}
comment.MD = md
comment.Render = render
u := session.GetUserByID(uid)
u := user.GetUserByID(uid)
if u == nil {
comment.UName = "[404]"
comment.UNickname = "[404]"
@@ -409,7 +409,7 @@ func QueryComments(c echo.Context) error {
editDate: edate,
Status: status,
}
u := session.GetUserByID(comment.UID)
u := user.GetUserByID(comment.UID)
if u == nil {
continue
}
@@ -470,7 +470,7 @@ func QueryComments(c echo.Context) error {
b.WriteString(`SELECT id,likes FROM comment_counter WHERE id in (`)

var b1 strings.Builder
sess := session.Get(c)
sess := user.GetSession(c)
if sess != nil {
b1.WriteString(`SELECT comment_id,type FROM comment_like WHERE uid=? and comment_id in (`)
}
@@ -563,7 +563,7 @@ func CommentLike(c echo.Context) error {
})
}

sess := session.Get(c)
sess := user.GetSession(c)

// check whether you already liked this comment
status, err := commentLikeStatus(postID, sess.ID)
@@ -613,7 +613,7 @@ func CommentDislike(c echo.Context) error {
})
}

sess := session.Get(c)
sess := user.GetSession(c)

// check whether you already liked this comment
status, err := commentLikeStatus(postID, sess.ID)
@@ -5,9 +5,8 @@ import (
"net/http"

"github.com/labstack/echo"
"github.com/microcosm-cc/bluemonday"
"github.com/thinkindev/im.dev/internal/misc"
"github.com/thinkindev/im.dev/internal/session"
"github.com/thinkindev/im.dev/internal/user"
"github.com/thinkindev/im.dev/internal/utils"
)

@@ -27,19 +26,8 @@ func Preview(c echo.Context) error {
// @user -> <a href="UserPage">@user</a>
// remove js,iframe such html tags and attributes
func modify(s string) string {
p := bluemonday.UGCPolicy()
p.AllowAttrs("class").Globally()
p.AllowAttrs("id").Globally()
p.AllowElements("input")
p.AllowAttrs("checked").OnElements("input")
p.AllowAttrs("disabled").OnElements("input")
p.AllowAttrs("type").OnElements("input")
p.AllowAttrs("style").OnElements("span")
p.AllowAttrs("style").OnElements("td")
p.AllowAttrs("style").OnElements("th")
// The policy can then be used to sanitize lots of input and it is safe to use the policy in multiple goroutines
render := p.Sanitize(s)

render := misc.Sanitizer.Sanitize(s)
afterRender := make([]rune, 0, len(render))
idParseFlag := false
tempName := make([]rune, 0)
@@ -57,7 +45,7 @@ func modify(s string) string {
idParseFlag = false

// check name exist
if session.CheckUserExist(string(tempName)) {
if user.CheckUserExist(string(tempName)) {
// converse @name -> <a href="UserPage">@user</a>
afterRender = append(afterRender, []rune(fmt.Sprintf("<a href='http://localhost:9532/%s'>%s</a>", string(tempName), string(tempName)))...)
} else {

This file was deleted.

@@ -1,4 +1,4 @@
package session
package user

import (
"net/http"
@@ -55,8 +55,8 @@ func CheckSignIn(f echo.HandlerFunc) echo.HandlerFunc {
}
}

// Get return the session for given user
func Get(c echo.Context) *Session {
// GetSession return the session for given user
func GetSession(c echo.Context) *Session {
token := c.Request().Header.Get("token")
s, ok := sessions.Load(token)
if !ok {

0 comments on commit 636082f

Please sign in to comment.
You can’t perform that action at this time.