CalvinBackup/anonymous_github
1
0
Fork 0
mirror of https://github.com/tdurieux/anonymous_github.git synced 2026-05-16 06:49:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: gist & co-authors

Browse Source
This commit is contained in:
tdurieux
2026-05-04 13:10:44 +02:00
parent f0f6436370
commit f0bc53f093
24 changed files with 1707 additions and 158 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/core/Gist.ts
+284
View File
@@ -0,0 +1,284 @@
import { RepositoryStatus } from "./types";
import User from "./User";
import UserModel from "./model/users/users.model";
import Conference from "./Conference";
import ConferenceModel from "./model/conference/conferences.model";
import AnonymousError from "./AnonymousError";
import { IAnonymizedGistDocument } from "./model/anonymizedGists/anonymizedGists.types";
import config from "../config";
import { octokit } from "./GitHubUtils";
import { ContentAnonimizer } from "./anonymize-utils";
export default class Gist {
private _model: IAnonymizedGistDocument;
owner: User;
constructor(data: IAnonymizedGistDocument) {
this._model = data;
this.owner = new User(new UserModel({ _id: data.owner }));
this.owner.model.isNew = false;
}
async getToken() {
let owner = this.owner.model;
if (owner && !owner.accessTokens.github) {
const temp = await UserModel.findById(owner._id);
if (temp) {
owner = temp;
}
}
if (owner && owner.accessTokens && owner.accessTokens.github) {
if (owner.accessTokens.github != this._model.source.accessToken) {
this._model.source.accessToken = owner.accessTokens.github;
}
return owner.accessTokens.github;
}
if (this._model.source.accessToken) {
try {
return this._model.source.accessToken;
} catch {
console.debug("[ERROR] Token is invalid", this._model.source.gistId);
}
}
return config.GITHUB_TOKEN;
}
async download() {
console.debug("[INFO] Downloading gist", this._model.source.gistId);
const oct = octokit(await this.getToken());
const gist_id = this._model.source.gistId;
const [gistInfo, comments] = await Promise.all([
oct.rest.gists.get({ gist_id }),
oct.paginate("GET /gists/{gist_id}/comments", {
gist_id,
per_page: 100,
}),
]);
const files = Object.values(gistInfo.data.files || {})
.filter((f): f is NonNullable<typeof f> => !!f)
.map((f) => ({
filename: f.filename || "",
content: f.content || "",
language: f.language || undefined,
size: f.size || 0,
type: f.type || undefined,
}));
this._model.gist = {
description: gistInfo.data.description || "",
isPublic: gistInfo.data.public,
creationDate: gistInfo.data.created_at
? new Date(gistInfo.data.created_at)
: new Date(),
updatedDate: gistInfo.data.updated_at
? new Date(gistInfo.data.updated_at)
: new Date(),
ownerLogin: gistInfo.data.owner?.login,
files,
comments: comments.map((comment) => ({
body: comment.body || "",
creationDate: new Date(comment.created_at),
updatedDate: new Date(comment.updated_at),
author: comment.user?.login || "",
})),
};
}
/**
* Check the status of the gist
*/
async check() {
if (
this._model.options.expirationMode !== "never" &&
this.status == "ready" &&
this._model.options.expirationDate
) {
if (this._model.options.expirationDate <= new Date()) {
await this.expire();
}
}
if (
this.status == "expired" ||
this.status == "expiring" ||
this.status == "removing" ||
this.status == "removed"
) {
throw new AnonymousError("gist_expired", {
object: this,
httpStatus: 410,
});
}
const fiveMinuteAgo = new Date();
fiveMinuteAgo.setMinutes(fiveMinuteAgo.getMinutes() - 5);
if (
this.status == "preparing" ||
(this.status == "download" && this._model.statusDate > fiveMinuteAgo)
) {
throw new AnonymousError("gist_not_ready", {
object: this,
httpStatus: 503,
});
}
}
async updateIfNeeded(opt?: { force: boolean }): Promise<void> {
const yesterday = new Date();
yesterday.setDate(yesterday.getDate() - 1);
if (
opt?.force ||
(this._model.options.update && this._model.anonymizeDate < yesterday)
) {
await this.updateStatus(RepositoryStatus.DOWNLOAD);
await this.download();
this._model.anonymizeDate = new Date();
await this.updateStatus(RepositoryStatus.READY);
await this._model.save();
}
}
async anonymize() {
if (this.status === RepositoryStatus.READY) return;
await this.updateStatus(RepositoryStatus.PREPARING);
await this.updateIfNeeded({ force: true });
await this.updateStatus(RepositoryStatus.READY);
}
async countView() {
this._model.lastView = new Date();
this._model.pageView = (this._model.pageView || 0) + 1;
await this._model.save();
}
async updateStatus(status: RepositoryStatus, statusMessage?: string) {
this._model.status = status;
this._model.statusDate = new Date();
this._model.statusMessage = statusMessage;
await this._model.save();
}
async expire() {
await this.updateStatus(RepositoryStatus.EXPIRING);
await this.resetSate();
await this.updateStatus(RepositoryStatus.EXPIRED);
}
async remove() {
await this.updateStatus(RepositoryStatus.REMOVING);
await this.resetSate();
await this.updateStatus(RepositoryStatus.REMOVED);
}
async resetSate(status?: RepositoryStatus, statusMessage?: string) {
if (status) this._model.status = status;
if (statusMessage) this._model.statusMessage = statusMessage;
this._model.gist.comments = [];
this._model.gist.description = "";
this._model.gist.files = [];
this._model.gist.ownerLogin = "";
await this._model.save();
}
async conference(): Promise<Conference | null> {
if (!this._model.conference) {
return null;
}
const conference = await ConferenceModel.findOne({
conferenceID: this._model.conference,
});
if (conference) return new Conference(conference);
return null;
}
content() {
const output: Record<string, unknown> = {
anonymizeDate: this._model.anonymizeDate,
isPublic: this._model.gist.isPublic,
};
const anonymizer = new ContentAnonimizer({
...this.options,
repoId: this.gistId,
});
if (this.options.title) {
output.description = anonymizer.anonymize(this._model.gist.description);
}
if (this.options.username) {
output.ownerLogin = anonymizer.anonymize(
this._model.gist.ownerLogin || ""
);
}
if (this.options.content) {
output.files = (this._model.gist.files || []).map((f) => ({
filename: anonymizer.anonymize(f.filename),
content: anonymizer.anonymize(f.content),
language: f.language,
size: f.size,
type: f.type,
}));
}
if (this.options.comments) {
output.comments = this._model.gist.comments?.map((comment) => {
const o: Record<string, unknown> = {};
if (this.options.body) o.body = anonymizer.anonymize(comment.body);
if (this.options.username)
o.author = anonymizer.anonymize(comment.author);
if (this.options.date) {
o.updatedDate = comment.updatedDate;
o.creationDate = comment.creationDate;
}
return o;
});
}
if (this.options.origin) {
output.sourceGistId = this._model.source.gistId;
}
if (this.options.date) {
output.updatedDate = this._model.gist.updatedDate;
output.creationDate = this._model.gist.creationDate;
}
return output;
}
/***** Getters ********/
get gistId() {
return this._model.gistId;
}
get options() {
return this._model.options;
}
get source() {
return this._model.source;
}
get model() {
return this._model;
}
get status() {
return this._model.status;
}
toJSON() {
return {
gistId: this._model.gistId,
options: this._model.options,
conference: this._model.conference,
anonymizeDate: this._model.anonymizeDate,
status: this._model.status,
isPublic: this._model.gist.isPublic,
statusMessage: this._model.statusMessage,
source: {
gistId: this._model.source.gistId,
},
gist: this._model.gist,
lastView: this._model.lastView,
pageView: this._model.pageView,
};
}
}
src/core/Repository.ts
+9
View File
@@ -520,6 +520,10 @@ export default class Repository {
return this._model.options;
}
get coauthors() {
return this._model.coauthors || [];
}
get model() {
return this._model;
}
@@ -537,6 +541,11 @@ export default class Repository {
return {
repoId: this._model.repoId,
options: this._model.options,
coauthors: (this._model.coauthors || []).map((c) => ({
username: c.username,
githubId: c.githubId,
photo: c.photo,
})),
conference: this._model.conference,
anonymizeDate: this._model.anonymizeDate,
status: this.status,
src/core/User.ts
+28 -3
View File
@@ -5,6 +5,8 @@ import Repository from "./Repository";
import { GitHubRepository } from "./source/GitHubRepository";
import PullRequest from "./PullRequest";
import AnonymizedPullRequestModel from "./model/anonymizedPullRequests/anonymizedPullRequests.model";
import Gist from "./Gist";
import AnonymizedGistModel from "./model/anonymizedGists/anonymizedGists.model";
import { octokit } from "./GitHubUtils";
/**
@@ -119,10 +121,11 @@ export default class User {
* @returns the list of anonymized repositories
*/
async getRepositories() {
const query: Record<string, unknown> = this.username
? { $or: [{ owner: this.id }, { "coauthors.username": this.username }] }
: { owner: this.id };
const repositories = (
await AnonymizedRepositoryModel.find({
owner: this.id,
}).exec()
await AnonymizedRepositoryModel.find(query).exec()
).map((d) => new Repository(d));
const promises = [];
for (const repo of repositories) {
@@ -165,6 +168,28 @@ export default class User {
return pullRequests;
}
/**
* Get the list of anonymized gists
*/
async getGists() {
const gists = (
await AnonymizedGistModel.find({ owner: this.id }).exec()
).map((d) => new Gist(d));
const promises = [];
for (const g of gists) {
if (
g.status == "ready" &&
g.options.expirationMode != "never" &&
g.options.expirationDate != null &&
g.options.expirationDate < new Date()
) {
promises.push(g.expire());
}
}
await Promise.all(promises);
return gists;
}
get model() {
return this._model;
}
src/core/model/anonymizedGists/anonymizedGists.model.ts
+14
View File
@@ -0,0 +1,14 @@
import { model } from "mongoose";
import AnonymizedGistSchema from "./anonymizedGists.schema";
import {
IAnonymizedGistDocument,
IAnonymizedGistModel,
} from "./anonymizedGists.types";
const AnonymizedGistModel = model<IAnonymizedGistDocument>(
"AnonymizedGist",
AnonymizedGistSchema
) as IAnonymizedGistModel;
export default AnonymizedGistModel;
src/core/model/anonymizedGists/anonymizedGists.schema.ts
+68
View File
@@ -0,0 +1,68 @@
import { Schema } from "mongoose";
const AnonymizedGistSchema = new Schema({
gistId: {
type: String,
index: { unique: true },
},
status: {
type: String,
default: "preparing",
},
statusDate: Date,
statusMessage: String,
anonymizeDate: Date,
lastView: Date,
pageView: Number,
owner: Schema.Types.ObjectId,
conference: String,
source: {
gistId: String,
accessToken: String,
},
options: {
terms: [String],
expirationMode: { type: String },
expirationDate: Date,
update: Boolean,
image: Boolean,
link: Boolean,
title: Boolean,
body: Boolean,
comments: Boolean,
content: Boolean,
origin: Boolean,
username: Boolean,
date: Boolean,
},
dateOfEntry: {
type: Date,
default: new Date(),
},
gist: {
description: String,
isPublic: Boolean,
creationDate: Date,
updatedDate: Date,
ownerLogin: String,
files: [
{
filename: String,
content: String,
language: String,
size: Number,
type: String,
},
],
comments: [
{
body: String,
creationDate: Date,
updatedDate: Date,
author: String,
},
],
},
});
export default AnonymizedGistSchema;
src/core/model/anonymizedGists/anonymizedGists.types.ts
+58
View File
@@ -0,0 +1,58 @@
import { Document, Model } from "mongoose";
import { RepositoryStatus } from "../../types";
export interface IAnonymizedGist {
gistId: string;
status?: RepositoryStatus;
statusMessage?: string;
statusDate: Date;
anonymizeDate: Date;
source: {
gistId: string;
accessToken?: string;
};
owner: string;
conference: string;
options: {
terms: string[];
expirationMode: "never" | "redirect" | "remove";
expirationDate?: Date;
update: boolean;
image: boolean;
link: boolean;
title: boolean;
body: boolean;
comments: boolean;
content: boolean;
origin: boolean;
username: boolean;
date: boolean;
};
pageView: number;
lastView: Date;
gist: {
description: string;
isPublic?: boolean;
creationDate: Date;
updatedDate: Date;
ownerLogin?: string;
files?: {
filename: string;
content: string;
language?: string;
size?: number;
type?: string;
}[];
comments?: {
body: string;
creationDate: Date;
updatedDate: Date;
author: string;
}[];
};
}
export interface IAnonymizedGistDocument extends IAnonymizedGist, Document {
setLastUpdated: (this: IAnonymizedGistDocument) => Promise<void>;
}
export interface IAnonymizedGistModel extends Model<IAnonymizedGistDocument> {}
src/core/model/anonymizedRepositories/anonymizedRepositories.schema.ts
+8
View File
@@ -20,6 +20,14 @@ const AnonymizedRepositorySchema = new Schema({
ref: "user",
index: true,
},
coauthors: [
{
username: { type: String, index: true },
githubId: { type: String },
photo: { type: String },
addedAt: { type: Date, default: Date.now },
},
],
conference: String,
source: {
type: { type: String },
src/core/model/anonymizedRepositories/anonymizedRepositories.types.ts
+6
View File
@@ -17,6 +17,12 @@ export interface IAnonymizedRepository {
accessToken?: string;
};
owner: string;
coauthors?: {
username: string;
githubId?: string;
photo?: string;
addedAt?: Date;
}[];
truncatedFolders: string[];
conference: string;
options: {
src/server/database.ts
+19
View File
@@ -5,6 +5,8 @@ import AnonymizedRepositoryModel from "../core/model/anonymizedRepositories/anon
import AnonymousError from "../core/AnonymousError";
import AnonymizedPullRequestModel from "../core/model/anonymizedPullRequests/anonymizedPullRequests.model";
import PullRequest from "../core/PullRequest";
import AnonymizedGistModel from "../core/model/anonymizedGists/anonymizedGists.model";
import Gist from "../core/Gist";
const MONGO_URL = `mongodb://${config.DB_USERNAME}:${config.DB_PASSWORD}@${config.DB_HOSTNAME}:27017/`;
@@ -59,3 +61,20 @@ export async function getPullRequest(pullRequestId: string) {
});
return new PullRequest(data);
}
export async function getGist(gistId: string) {
if (!gistId || gistId == "undefined") {
throw new AnonymousError("gist_not_found", {
object: gistId,
httpStatus: 404,
});
}
const data = await AnonymizedGistModel.findOne({
gistId,
});
if (!data)
throw new AnonymousError("gist_not_found", {
object: gistId,
httpStatus: 404,
});
return new Gist(data);
}
src/server/index.ts
+2
View File
@@ -161,6 +161,8 @@ export default async function start() {
apiRouter.use("/repo", speedLimiter, router.repositoryPrivate);
apiRouter.use("/pr", speedLimiter, router.pullRequestPublic);
apiRouter.use("/pr", speedLimiter, router.pullRequestPrivate);
apiRouter.use("/gist", speedLimiter, router.gistPublic);
apiRouter.use("/gist", speedLimiter, router.gistPrivate);
apiRouter.use("/anonymize-preview", speedLimiter, router.anonymizePreview);
apiRouter.get("/message", async (_, res) => {
src/server/routes/gist-private.ts
+224
View File
@@ -0,0 +1,224 @@
import * as express from "express";
import { ensureAuthenticated } from "./connection";
import { getGist, getUser, handleError, isOwnerOrAdmin } from "./route-utils";
import AnonymousError from "../../core/AnonymousError";
import { IAnonymizedGistDocument } from "../../core/model/anonymizedGists/anonymizedGists.types";
import Gist from "../../core/Gist";
import AnonymizedGistModel from "../../core/model/anonymizedGists/anonymizedGists.model";
import { RepositoryStatus } from "../../core/types";
const router = express.Router();
// user needs to be connected for all user API
router.use(ensureAuthenticated);
// refresh gist
router.post(
"/:gistId/refresh",
async (req: express.Request, res: express.Response) => {
try {
const gist = await getGist(req, res, { nocheck: true });
if (!gist) return;
const user = await getUser(req);
isOwnerOrAdmin([gist.owner.id], user);
await gist.updateIfNeeded({ force: true });
res.json({ status: gist.status });
} catch (error) {
handleError(error, res, req);
}
}
);
// delete a gist
router.delete(
"/:gistId/",
async (req: express.Request, res: express.Response) => {
const gist = await getGist(req, res, { nocheck: true });
if (!gist) return;
try {
if (gist.status == "removed")
throw new AnonymousError("is_removed", {
object: req.params.gistId,
httpStatus: 410,
});
const user = await getUser(req);
isOwnerOrAdmin([gist.owner.id], user);
await gist.remove();
return res.json({ status: gist.status });
} catch (error) {
handleError(error, res, req);
}
}
);
// fetch GitHub gist details (used by anonymize form)
router.get(
"/source/:gistId",
async (req: express.Request, res: express.Response) => {
const user = await getUser(req);
try {
const gist = new Gist(
new AnonymizedGistModel({
owner: user.id,
source: {
gistId: req.params.gistId,
},
})
);
gist.owner = user;
await gist.download();
res.json(gist.toJSON());
} catch (error) {
handleError(error, res, req);
}
}
);
// get gist information
router.get(
"/:gistId/",
async (req: express.Request, res: express.Response) => {
try {
const gist = await getGist(req, res, { nocheck: true });
if (!gist) return;
const user = await getUser(req);
isOwnerOrAdmin([gist.owner.id], user);
res.json(gist.toJSON());
} catch (error) {
handleError(error, res, req);
}
}
);
// eslint-disable-next-line @typescript-eslint/no-explicit-any
function validateNewGist(gistUpdate: any): void {
const validCharacters = /^[0-9a-zA-Z\-_]+$/;
if (
!gistUpdate.gistId ||
!gistUpdate.gistId.match(validCharacters) ||
gistUpdate.gistId.length < 3
) {
throw new AnonymousError("invalid_gistId", {
object: gistUpdate,
httpStatus: 400,
});
}
if (!gistUpdate.source || !gistUpdate.source.gistId) {
throw new AnonymousError("gistId_not_specified", {
object: gistUpdate,
httpStatus: 400,
});
}
if (!gistUpdate.options) {
throw new AnonymousError("options_not_provided", {
object: gistUpdate,
httpStatus: 400,
});
}
if (!Array.isArray(gistUpdate.terms)) {
throw new AnonymousError("invalid_terms_format", {
object: gistUpdate,
httpStatus: 400,
});
}
}
function updateGistModel(
model: IAnonymizedGistDocument,
// eslint-disable-next-line @typescript-eslint/no-explicit-any
gistUpdate: any
) {
model.options = {
terms: gistUpdate.terms,
expirationMode: gistUpdate.options.expirationMode,
expirationDate: gistUpdate.options.expirationDate
? new Date(gistUpdate.options.expirationDate)
: undefined,
update: gistUpdate.options.update,
image: gistUpdate.options.image,
link: gistUpdate.options.link,
body: gistUpdate.options.body,
title: gistUpdate.options.title,
username: gistUpdate.options.username,
origin: gistUpdate.options.origin,
content: gistUpdate.options.content,
comments: gistUpdate.options.comments,
date: gistUpdate.options.date,
};
}
// update a gist
router.post(
"/:gistId/",
async (req: express.Request, res: express.Response) => {
try {
const gist = await getGist(req, res, { nocheck: true });
if (!gist) return;
const user = await getUser(req);
isOwnerOrAdmin([gist.owner.id], user);
const gistUpdate = req.body;
validateNewGist(gistUpdate);
gist.model.anonymizeDate = new Date();
updateGistModel(gist.model, gistUpdate);
gist.model.conference = gistUpdate.conference;
await gist.updateStatus(RepositoryStatus.PREPARING);
await gist.updateIfNeeded({ force: true });
res.json(gist.toJSON());
} catch (error) {
return handleError(error, res, req);
}
}
);
// add gist
router.post("/", async (req: express.Request, res: express.Response) => {
const user = await getUser(req);
const gistUpdate = req.body;
try {
validateNewGist(gistUpdate);
const gist = new Gist(
new AnonymizedGistModel({
owner: user.id,
options: gistUpdate.options,
})
);
gist.model.gistId = gistUpdate.gistId;
gist.model.anonymizeDate = new Date();
gist.model.owner = user.id;
updateGistModel(gist.model, gistUpdate);
gist.source.accessToken = user.accessToken;
gist.source.gistId = gistUpdate.source.gistId;
gist.model.conference = gistUpdate.conference;
await gist.anonymize();
res.send(gist.toJSON());
} catch (error) {
if (
error instanceof Error &&
error.message.indexOf(" duplicate key") > -1
) {
return handleError(
new AnonymousError("gistId_already_used", {
httpStatus: 400,
cause: error,
object: gistUpdate,
}),
res,
req
);
}
return handleError(error, res, req);
}
});
export default router;
src/server/routes/gist-public.ts
+85
View File
@@ -0,0 +1,85 @@
import * as express from "express";
import { getGist, handleError } from "./route-utils";
import AnonymousError from "../../core/AnonymousError";
const router = express.Router();
router.get(
"/:gistId/options",
async (req: express.Request, res: express.Response) => {
try {
res.header("Cache-Control", "no-cache");
const gist = await getGist(req, res, { nocheck: true });
if (!gist) return;
let redirectURL = null;
if (
gist.status == "expired" &&
gist.options.expirationMode == "redirect"
) {
redirectURL = `https://gist.github.com/${gist.source.gistId}`;
} else {
if (
gist.status == "expired" ||
gist.status == "expiring" ||
gist.status == "removing" ||
gist.status == "removed"
) {
throw new AnonymousError("gist_expired", {
object: gist,
httpStatus: 410,
});
}
const fiveMinuteAgo = new Date();
fiveMinuteAgo.setMinutes(fiveMinuteAgo.getMinutes() - 5);
if (gist.status != "ready") {
if (gist.model.statusDate < fiveMinuteAgo) {
await gist.updateIfNeeded({ force: true });
}
if (gist.status == "error") {
throw new AnonymousError(
gist.model.statusMessage
? gist.model.statusMessage
: "gist_not_available",
{
object: gist,
httpStatus: 500,
}
);
}
throw new AnonymousError("gist_not_ready", {
httpStatus: 404,
object: gist,
});
}
await gist.updateIfNeeded();
}
res.json({
url: redirectURL,
lastUpdateDate: gist.model.statusDate,
});
} catch (error) {
handleError(error, res, req);
}
}
);
router.get(
"/:gistId/content",
async (req: express.Request, res: express.Response) => {
const gist = await getGist(req, res);
if (!gist) return;
try {
await gist.countView();
res.header("Cache-Control", "no-cache");
res.json(gist.content());
} catch (error) {
handleError(error, res, req);
}
}
);
export default router;
src/server/routes/index.ts
+4
View File
@@ -1,5 +1,7 @@
import pullRequestPrivate from "./pullRequest-private";
import pullRequestPublic from "./pullRequest-public";
import gistPrivate from "./gist-private";
import gistPublic from "./gist-public";
import repositoryPrivate from "./repository-private";
import repositoryPublic from "./repository-public";
import conference from "./conference";
@@ -13,6 +15,8 @@ import anonymizePreview from "./anonymize-preview";
export default {
pullRequestPrivate,
pullRequestPublic,
gistPrivate,
gistPublic,
repositoryPrivate,
repositoryPublic,
file,
src/server/routes/repository-private.ts
+125 -6
View File
@@ -2,7 +2,13 @@ import * as express from "express";
import { ensureAuthenticated } from "./connection";
import * as db from "../database";
import { getRepo, getUser, handleError, isOwnerOrAdmin } from "./route-utils";
import {
getRepo,
getUser,
handleError,
isOwnerOrAdmin,
isOwnerCoauthorOrAdmin,
} from "./route-utils";
import { getRepositoryFromGitHub } from "../../core/source/GitHubRepository";
import gh = require("parse-github-url");
import AnonymizedRepositoryModel from "../../core/model/anonymizedRepositories/anonymizedRepositories.model";
@@ -16,7 +22,7 @@ import RepositoryModel from "../../core/model/repositories/repositories.model";
import User from "../../core/User";
import { RepositoryStatus } from "../../core/types";
import { IUserDocument } from "../../core/model/users/users.types";
import { checkToken } from "../../core/GitHubUtils";
import { checkToken, octokit } from "../../core/GitHubUtils";
const router = express.Router();
@@ -142,7 +148,7 @@ router.post(
return;
const user = await getUser(req);
isOwnerOrAdmin([repo.owner.id], user);
isOwnerCoauthorOrAdmin(repo, user);
await repo.updateIfNeeded({ force: true });
res.json({ status: repo.status });
} catch (error) {
@@ -273,8 +279,17 @@ router.get("/:repoId/", async (req: express.Request, res: express.Response) => {
if (!repo) return;
const user = await getUser(req);
isOwnerOrAdmin([repo.owner.id], user);
res.json((await db.getRepository(req.params.repoId)).toJSON());
isOwnerCoauthorOrAdmin(repo, user);
const fullRepo = await db.getRepository(req.params.repoId);
const json = fullRepo.toJSON() as Record<string, unknown>;
json.ownerId = fullRepo.owner.id;
json.role =
user.isAdmin && fullRepo.owner.id !== user.model.id
? "admin"
: fullRepo.owner.id === user.model.id
? "owner"
: "coauthor";
res.json(json);
} catch (error) {
handleError(error, res, req);
}
@@ -359,7 +374,7 @@ router.post(
if (!repo) return;
const user = await getUser(req);
isOwnerOrAdmin([repo.owner.id], user);
isOwnerCoauthorOrAdmin(repo, user);
const repoUpdate = req.body;
@@ -567,4 +582,108 @@ router.post("/", async (req: express.Request, res: express.Response) => {
}
});
// list coauthors
router.get(
"/:repoId/coauthors",
async (req: express.Request, res: express.Response) => {
try {
const repo = await getRepo(req, res, { nocheck: true });
if (!repo) return;
const user = await getUser(req);
isOwnerCoauthorOrAdmin(repo, user);
res.json(repo.coauthors);
} catch (error) {
handleError(error, res, req);
}
}
);
// add a coauthor (owner/admin only)
router.post(
"/:repoId/coauthors",
async (req: express.Request, res: express.Response) => {
try {
const repo = await getRepo(req, res, { nocheck: true });
if (!repo) return;
const user = await getUser(req);
isOwnerOrAdmin([repo.owner.id], user);
const username = (req.body.username || "").trim();
if (!username) {
throw new AnonymousError("username_not_defined", {
object: req.body,
httpStatus: 400,
});
}
// verify the GitHub user exists and capture identity fields
const oct = octokit(user.accessToken);
let ghUser;
try {
const r = await oct.users.getByUsername({ username });
ghUser = r.data;
} catch (e) {
throw new AnonymousError("github_user_not_found", {
object: { username },
httpStatus: 404,
});
}
if (ghUser.login.toLowerCase() === user.username.toLowerCase()) {
throw new AnonymousError("cannot_coauthor_self", {
httpStatus: 400,
});
}
const list = repo.model.coauthors || [];
if (
list.some(
(c) => c.username.toLowerCase() === ghUser.login.toLowerCase()
)
) {
return res.json(list);
}
list.push({
username: ghUser.login,
githubId: String(ghUser.id),
photo: ghUser.avatar_url,
addedAt: new Date(),
});
repo.model.coauthors = list;
await repo.model.save();
res.json(repo.model.coauthors);
} catch (error) {
handleError(error, res, req);
}
}
);
// remove a coauthor (owner/admin only, or the coauthor themselves)
router.delete(
"/:repoId/coauthors/:username",
async (req: express.Request, res: express.Response) => {
try {
const repo = await getRepo(req, res, { nocheck: true });
if (!repo) return;
const user = await getUser(req);
const target = req.params.username;
const isOwner = repo.owner.id === user.model.id;
const isSelf =
!!user.username &&
user.username.toLowerCase() === target.toLowerCase();
if (!isOwner && !isSelf && !user.isAdmin) {
throw new AnonymousError("not_authorized", { httpStatus: 401 });
}
repo.model.coauthors = (repo.model.coauthors || []).filter(
(c) => c.username.toLowerCase() !== target.toLowerCase()
);
await repo.model.save();
res.json(repo.model.coauthors);
} catch (error) {
handleError(error, res, req);
}
}
);
export default router;
src/server/routes/route-utils.ts
+40
View File
@@ -3,9 +3,35 @@ import AnonymousError from "../../core/AnonymousError";
import * as db from "../database";
import UserModel from "../../core/model/users/users.model";
import User from "../../core/User";
import Repository from "../../core/Repository";
import { HTTPError } from "got";
import { RepositoryStatus } from "../../core/types";
export async function getGist(
req: express.Request,
res: express.Response,
opt?: { nocheck?: boolean }
) {
try {
const gist = await db.getGist(req.params.gistId);
if (opt?.nocheck !== true) {
if (
gist.status == "expired" &&
gist.options.expirationMode == "redirect"
) {
res.redirect(`https://gist.github.com/${gist.source.gistId}`);
return null;
}
await gist.check();
}
return gist;
} catch (error) {
handleError(error, res, req);
return null;
}
}
export async function getPullRequest(
req: express.Request,
res: express.Response,
@@ -71,6 +97,20 @@ export function isOwnerOrAdmin(authorizedUsers: string[], user: User) {
}
}
export function isCoauthor(repo: Repository, user: User): boolean {
if (!user.username) return false;
return (repo.model.coauthors || []).some((c) => c.username === user.username);
}
export function isOwnerCoauthorOrAdmin(repo: Repository, user: User) {
if (user.isAdmin) return;
if (repo.owner.id === user.model.id) return;
if (isCoauthor(repo, user)) return;
throw new AnonymousError("not_authorized", {
httpStatus: 401,
});
}
// eslint-disable-next-line @typescript-eslint/no-explicit-any
function printError(error: any, req?: express.Request) {
if (error instanceof AnonymousError) {
src/server/routes/user.ts
+46 -1
View File
@@ -6,6 +6,7 @@ import UserModel from "../../core/model/users/users.model";
import User from "../../core/User";
import FileModel from "../../core/model/files/files.model";
import { isConnected } from "../database";
import { octokit } from "../../core/GitHubUtils";
const router = express.Router();
@@ -41,7 +42,9 @@ router.get("/", async (req: express.Request, res: express.Response) => {
router.get("/quota", async (req: express.Request, res: express.Response) => {
try {
const user = await getUser(req);
const repositories = await user.getRepositories();
const repositories = (await user.getRepositories()).filter(
(r) => r.owner.id === user.model.id
);
const ready = repositories.filter((r) => r.status == "ready");
let totalStorage = 0;
@@ -138,6 +141,23 @@ router.get(
const user = await getUser(req);
res.json(
(await user.getRepositories()).map((x) => {
const json = x.toJSON() as Record<string, unknown>;
json.role = x.owner.id === user.model.id ? "owner" : "coauthor";
return json;
})
);
} catch (error) {
handleError(error, res, req);
}
}
);
router.get(
"/anonymized_gists",
async (req: express.Request, res: express.Response) => {
try {
const user = await getUser(req);
res.json(
(await user.getGists()).map((x) => {
return x.toJSON();
})
);
@@ -162,6 +182,31 @@ router.get(
}
);
// search GitHub users (used by the coauthor picker)
router.get(
"/search/github-users",
async (req: express.Request, res: express.Response) => {
try {
const user = await getUser(req);
const q = (req.query.q as string) || "";
if (!q || q.length < 2) {
return res.json([]);
}
const oct = octokit(user.accessToken);
const r = await oct.search.users({ q, per_page: 10 });
res.json(
r.data.items.map((u) => ({
username: u.login,
githubId: String(u.id),
photo: u.avatar_url,
}))
);
} catch (error) {
handleError(error, res, req);
}
}
);
async function getAllRepositories(user: User, force: boolean) {
const repos = await user.getGitHubRepositories({
force,