monograph: remove links, embeds & images for non-pro users

Notesnook.API/Authorization/ProUserRequirement.cs

@@ -35,11 +35,17 @@ namespace Notesnook.API.Authorization
             ["/s3"] = "upload attachments",
             ["/s3/multipart"] = "upload attachments",
         };
-        private readonly string[] allowedClaims = ["trial", "premium", "premium_canceled"];
+        private static readonly string[] proClaims = ["premium", "premium_canceled"];
+        private static readonly string[] trialClaims = ["trial"];
+        public static bool IsUserPro(ClaimsPrincipal user)
+        => user.Claims.Any((c) => c.Type == "notesnook:status" && proClaims.Contains(c.Value));
+        public static bool IsUserTrialing(ClaimsPrincipal user)
+        => user.Claims.Any((c) => c.Type == "notesnook:status" && trialClaims.Contains(c.Value));
+
         protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ProUserRequirement requirement)
         {
             PathString path = context.Resource is DefaultHttpContext httpContext ? httpContext.Request.Path : null;
-            var isProOrTrial = context.User.Claims.Any((c) => c.Type == "notesnook:status" && allowedClaims.Contains(c.Value));
+            var isProOrTrial = IsUserPro(context.User) || IsUserTrialing(context.User);
             if (isProOrTrial) context.Succeed(requirement);
             else
             {

Notesnook.API/Controllers/MonographsController.cs

@@ -23,10 +23,13 @@ using System.Linq;
 using System.Security.Claims;
 using System.Text.Json;
 using System.Threading.Tasks;
+using AngleSharp;
+using AngleSharp.Dom;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using MongoDB.Bson;
 using MongoDB.Driver;
+using Notesnook.API.Authorization;
 using Notesnook.API.Models;
 using Notesnook.API.Services;
 using Streetwriters.Common;
@@ -110,7 +113,7 @@ namespace Notesnook.API.Controllers
                 }
 
                 if (monograph.EncryptedContent == null)
-                    monograph.CompressedContent = monograph.Content.CompressBrotli();
+                    monograph.CompressedContent = (await CleanupContentAsync(monograph.Content)).CompressBrotli();
                 monograph.UserId = userId;
                 monograph.DatePublished = DateTimeOffset.UtcNow.ToUnixTimeMilliseconds();
 
@@ -161,7 +164,7 @@ namespace Notesnook.API.Controllers
                     return base.BadRequest("Monograph is too big. Max allowed size is 15mb.");
 
                 if (monograph.EncryptedContent == null)
-                    monograph.CompressedContent = monograph.Content.CompressBrotli();
+                    monograph.CompressedContent = (await CleanupContentAsync(monograph.Content)).CompressBrotli();
                 else
                     monograph.Content = null;
 
@@ -321,5 +324,21 @@ namespace Notesnook.API.Controllers
                 }
             });
         }
+
+        private async Task<string> CleanupContentAsync(string content)
+        {
+            if (!Constants.IS_SELF_HOSTED && !ProUserRequirement.IsUserPro(User))
+            {
+                var config = Configuration.Default.WithDefaultLoader();
+                var context = BrowsingContext.New(config);
+                var document = await context.OpenAsync(r => r.Content(content));
+                foreach (var element in document.QuerySelectorAll("a,iframe,img,object,svg,button,link"))
+                {
+                    element.Remove();
+                }
+                return document.ToHtml();
+            }
+            return content;
+        }
     }
 }

Notesnook.API/Notesnook.API.csproj

@@ -6,6 +6,7 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <PackageReference Include="AngleSharp" Version="1.3.0" />
     <PackageReference Include="AWSSDK.Core" Version="3.7.304.31" />
     <PackageReference Include="DotNetEnv" Version="2.3.0" />
     <PackageReference Include="IdentityModel.AspNetCore.OAuth2Introspection" Version="6.2.0" />