outline/server/api/documents.js

// @flow
import Router from 'koa-router';
import httpErrors from 'http-errors';
import isUUID from 'validator/lib/isUUID';

const URL_REGEX = /^[a-zA-Z0-9-]*-([a-zA-Z0-9]{10,15})$/;

import auth from './middlewares/authentication';
import { presentDocument } from '../presenters';
import { Document, Collection } from '../models';

const router = new Router();

const getDocumentForId = async id => {
  try {
    let document;
    if (isUUID(id)) {
      document = await Document.findOne({
        where: {
          id,
        },
      });
    } else if (id.match(URL_REGEX)) {
      document = await Document.findOne({
        where: {
          urlId: id.match(URL_REGEX)[1],
        },
      });
    } else {
      throw httpErrors.NotFound();
    }
    return document;
  } catch (e) {
    // Invalid UUID
    throw httpErrors.NotFound();
  }
};

// FIXME: This really needs specs :/
router.post('documents.info', auth(), async ctx => {
  const { id } = ctx.body;
  ctx.assertPresent(id, 'id is required');
  const document = await getDocumentForId(id);

  if (!document) throw httpErrors.NotFound();

  // Don't expose private documents outside the team
  if (document.private) {
    if (!ctx.state.user) throw httpErrors.NotFound();

    const user = await ctx.state.user;
    if (document.teamId !== user.teamId) {
      throw httpErrors.NotFound();
    }

    ctx.body = {
      data: await presentDocument(ctx, document, {
        includeCollection: true,
        includeCollaborators: true,
      }),
    };
  } else {
    ctx.body = {
      data: await presentDocument(ctx, document, {
        includeCollaborators: true,
      }),
    };
  }
});

router.post('documents.search', auth(), async ctx => {
  const { query } = ctx.body;
  ctx.assertPresent(query, 'query is required');

  const user = await ctx.state.user;

  const documents = await Document.searchForUser(user, query);

  const data = [];
  await Promise.all(
    documents.map(async document => {
      data.push(
        await presentDocument(ctx, document, {
          includeCollection: true,
          includeCollaborators: true,
        })
      );
    })
  );

  ctx.body = {
    pagination: ctx.state.pagination,
    data,
  };
});

router.post('documents.create', auth(), async ctx => {
  const { collection, title, text, parentDocument, index } = ctx.body;
  ctx.assertPresent(collection, 'collection is required');
  ctx.assertUuid(collection, 'collection must be an uuid');
  ctx.assertPresent(title, 'title is required');
  ctx.assertPresent(text, 'text is required');
  if (parentDocument)
    ctx.assertUuid(parentDocument, 'parentDocument must be an uuid');
  if (index) ctx.assertPositiveInteger(index, 'index must be an integer (>=0)');

  const user = ctx.state.user;
  const ownerCollection = await Collection.findOne({
    where: {
      id: collection,
      teamId: user.teamId,
    },
  });

  if (!ownerCollection) throw httpErrors.BadRequest();

  let parentDocumentObj = {};
  if (parentDocument && ownerCollection.type === 'atlas') {
    parentDocumentObj = await Document.findOne({
      where: {
        id: parentDocument,
        atlasId: ownerCollection.id,
      },
    });
  }

  const newDocument = await Document.create({
    parentDocumentId: parentDocumentObj.id,
    atlasId: ownerCollection.id,
    teamId: user.teamId,
    userId: user.id,
    lastModifiedById: user.id,
    createdById: user.id,
    title,
    text,
  });

  if (ownerCollection.type === 'atlas') {
    await ownerCollection.addDocumentToStructure(newDocument, index);
  }

  ctx.body = {
    data: await presentDocument(ctx, newDocument, {
      includeCollection: true,
      includeCollaborators: true,
      collection: ownerCollection,
    }),
  };
});

router.post('documents.update', auth(), async ctx => {
  const { id, title, text } = ctx.body;
  ctx.assertPresent(id, 'id is required');
  ctx.assertPresent(title || text, 'title or text is required');

  const user = ctx.state.user;
  const document = await getDocumentForId(id);

  if (!document || document.teamId !== user.teamId) throw httpErrors.NotFound();

  // Update document
  if (title) document.title = title;
  if (text) document.text = text;
  document.lastModifiedById = user.id;
  await document.save();

  const collection = await Collection.findById(document.atlasId);
  if (collection.type === 'atlas') {
    await collection.updateDocument(document);
  }

  ctx.body = {
    data: await presentDocument(ctx, document, {
      includeCollection: true,
      includeCollaborators: true,
      collection: collection,
    }),
  };
});

router.post('documents.move', auth(), async ctx => {
  const { id, parentDocument, index } = ctx.body;
  ctx.assertPresent(id, 'id is required');
  if (parentDocument)
    ctx.assertUuid(parentDocument, 'parentDocument must be an uuid');
  if (index) ctx.assertPositiveInteger(index, 'index must be an integer (>=0)');

  const user = ctx.state.user;
  const document = await getDocumentForId(id);

  if (!document || document.teamId !== user.teamId) throw httpErrors.NotFound();

  // Set parent document
  if (parentDocument) {
    const parent = await getDocumentForId(parentDocument);
    if (parent.atlasId !== document.atlasId)
      throw httpErrors.BadRequest(
        'Invalid parentDocument (must be same collection)'
      );
  }

  if (parentDocument === id)
    throw httpErrors.BadRequest('Infinite loop detected and prevented!');

  // If no parent document is provided, set it as null (move to root level)
  document.parentDocumentId = parentDocument;
  await document.save();

  const collection = await Collection.findById(document.atlasId);
  if (collection.type === 'atlas') {
    await collection.deleteDocument(document);
    await collection.addDocumentToStructure(document, index);
  }

  ctx.body = {
    data: await presentDocument(ctx, document, {
      includeCollection: true,
      includeCollaborators: true,
      collection: collection,
    }),
  };
});

router.post('documents.delete', auth(), async ctx => {
  const { id } = ctx.body;
  ctx.assertPresent(id, 'id is required');

  const user = ctx.state.user;
  const document = await getDocumentForId(id);
  const collection = await Collection.findById(document.atlasId);

  if (!document || document.teamId !== user.teamId)
    throw httpErrors.BadRequest();

  if (collection.type === 'atlas') {
    // Don't allow deletion of root docs
    if (collection.documentStructure.length === 1) {
      throw httpErrors.BadRequest(
        "Unable to delete collection's only document"
      );
    }

    // Delete all chilren
    try {
      await collection.deleteDocument(document);
    } catch (e) {
      throw httpErrors.BadRequest('Error while deleting');
    }
  }

  // Delete the actual document
  try {
    await document.destroy();
  } catch (e) {
    throw httpErrors.BadRequest('Error while deleting document');
  }

  ctx.body = {
    success: true,
  };
});

export default router;
Changed Collection documents to documentStructure and other WIP stuff 2017-06-04 21:40:27 +00:00			`// @flow`
Saving and fetching of documents 2016-05-20 03:46:34 +00:00			`import Router from 'koa-router';`
			`import httpErrors from 'http-errors';`
Fixed locking with imports 2016-08-21 22:45:48 +00:00			`import isUUID from 'validator/lib/isUUID';`
Saving and fetching of documents 2016-05-20 03:46:34 +00:00
Fixes 2016-08-18 21:42:53 +00:00			`const URL_REGEX = /^[a-zA-Z0-9-]*-([a-zA-Z0-9]{10,15})$/;`
Use clearer urls fro documents 2016-08-15 19:41:51 +00:00
server side cleanup 2016-08-27 17:48:56 +00:00			`import auth from './middlewares/authentication';`
Saving and fetching of documents 2016-05-20 03:46:34 +00:00			`import { presentDocument } from '../presenters';`
Atlas > Collection 2017-05-27 18:08:52 +00:00			`import { Document, Collection } from '../models';`
Saving and fetching of documents 2016-05-20 03:46:34 +00:00
			`const router = new Router();`

[chore] added prettier 2017-04-27 04:47:03 +00:00			`const getDocumentForId = async id => {`
Fixed locking with imports 2016-08-21 22:45:48 +00:00			`try {`
			`let document;`
			`if (isUUID(id)) {`
Fixes 2016-08-18 21:42:53 +00:00			`document = await Document.findOne({`
			`where: {`
			`id,`
			`},`
			`});`
Fixed locking with imports 2016-08-21 22:45:48 +00:00			`} else if (id.match(URL_REGEX)) {`
			`document = await Document.findOne({`
			`where: {`
			`urlId: id.match(URL_REGEX)[1],`
			`},`
			`});`
			`} else {`
Fixes 2016-08-18 21:42:53 +00:00			`throw httpErrors.NotFound();`
			`}`
Fixed locking with imports 2016-08-21 22:45:48 +00:00			`return document;`
			`} catch (e) {`
			`// Invalid UUID`
			`throw httpErrors.NotFound();`
Use clearer urls fro documents 2016-08-15 19:41:51 +00:00			`}`
			`};`

added a todo item 2016-05-30 19:37:07 +00:00			`// FIXME: This really needs specs :/`
[chore] added prettier 2017-04-27 04:47:03 +00:00			`router.post('documents.info', auth(), async ctx => {`
Automate revision creation 2016-08-12 13:36:48 +00:00			`const { id } = ctx.body;`
Saving and fetching of documents 2016-05-20 03:46:34 +00:00			`ctx.assertPresent(id, 'id is required');`
Use clearer urls fro documents 2016-08-15 19:41:51 +00:00			`const document = await getDocumentForId(id);`
Saving and fetching of documents 2016-05-20 03:46:34 +00:00
Implement 404 for documents 2016-08-03 12:36:50 +00:00			`if (!document) throw httpErrors.NotFound();`

Prepping /document.info for public docs 2016-05-30 19:36:37 +00:00			`// Don't expose private documents outside the team`
			`if (document.private) {`
			`if (!ctx.state.user) throw httpErrors.NotFound();`
Saving and fetching of documents 2016-05-20 03:46:34 +00:00
New database with migrations 2016-06-20 07:18:03 +00:00			`const user = await ctx.state.user;`
			`if (document.teamId !== user.teamId) {`
Fixed authentication issues 2016-05-31 05:56:49 +00:00			`throw httpErrors.NotFound();`
Prepping /document.info for public docs 2016-05-30 19:36:37 +00:00			`}`

			`ctx.body = {`
Added collaborators to document API 2016-08-15 12:52:07 +00:00			`data: await presentDocument(ctx, document, {`
			`includeCollection: true,`
			`includeCollaborators: true,`
			`}),`
Prepping /document.info for public docs 2016-05-30 19:36:37 +00:00			`};`
			`} else {`
			`ctx.body = {`
Added collaborators to document API 2016-08-15 12:52:07 +00:00			`data: await presentDocument(ctx, document, {`
			`includeCollaborators: true,`
			`}),`
Prepping /document.info for public docs 2016-05-30 19:36:37 +00:00			`};`
			`}`
Saving and fetching of documents 2016-05-20 03:46:34 +00:00			`});`

[chore] added prettier 2017-04-27 04:47:03 +00:00			`router.post('documents.search', auth(), async ctx => {`
More linting 2016-08-01 07:12:55 +00:00			`const { query } = ctx.body;`
Added search indexing for documents 2016-07-13 06:43:41 +00:00			`ctx.assertPresent(query, 'query is required');`

			`const user = await ctx.state.user;`

Initial code for Slack based search 2016-08-23 06:37:01 +00:00			`const documents = await Document.searchForUser(user, query);`
Added search indexing for documents 2016-07-13 06:43:41 +00:00
Automate revision creation 2016-08-12 13:36:48 +00:00			`const data = [];`
[chore] added prettier 2017-04-27 04:47:03 +00:00			`await Promise.all(`
			`documents.map(async document => {`
			`data.push(`
			`await presentDocument(ctx, document, {`
			`includeCollection: true,`
			`includeCollaborators: true,`
			`})`
			`);`
			`})`
			`);`
Added search indexing for documents 2016-07-13 06:43:41 +00:00
			`ctx.body = {`
			`pagination: ctx.state.pagination,`
More linting 2016-08-01 07:12:55 +00:00			`data,`
Added search indexing for documents 2016-07-13 06:43:41 +00:00			`};`
			`});`

[chore] added prettier 2017-04-27 04:47:03 +00:00			`router.post('documents.create', auth(), async ctx => {`
Changed Collection documents to documentStructure and other WIP stuff 2017-06-04 21:40:27 +00:00			`const { collection, title, text, parentDocument, index } = ctx.body;`
Renaming atlases to collections 2016-08-05 15:09:14 +00:00			`ctx.assertPresent(collection, 'collection is required');`
Changed Collection documents to documentStructure and other WIP stuff 2017-06-04 21:40:27 +00:00			`ctx.assertUuid(collection, 'collection must be an uuid');`
Saving and fetching of documents 2016-05-20 03:46:34 +00:00			`ctx.assertPresent(title, 'title is required');`
			`ctx.assertPresent(text, 'text is required');`
Changed Collection documents to documentStructure and other WIP stuff 2017-06-04 21:40:27 +00:00			`if (parentDocument)`
			`ctx.assertUuid(parentDocument, 'parentDocument must be an uuid');`
			`if (index) ctx.assertPositiveInteger(index, 'index must be an integer (>=0)');`
Saving and fetching of documents 2016-05-20 03:46:34 +00:00
Added document previews and fixed saving 2016-05-22 21:31:21 +00:00			`const user = ctx.state.user;`
Atlas > Collection 2017-05-27 18:08:52 +00:00			`const ownerCollection = await Collection.findOne({`
Saving and fetching of documents 2016-05-20 03:46:34 +00:00			`where: {`
Renaming atlases to collections 2016-08-05 15:09:14 +00:00			`id: collection,`
New database with migrations 2016-06-20 07:18:03 +00:00			`teamId: user.teamId,`
Saving and fetching of documents 2016-05-20 03:46:34 +00:00			`},`
			`});`

Automate revision creation 2016-08-12 13:36:48 +00:00			`if (!ownerCollection) throw httpErrors.BadRequest();`
Saving and fetching of documents 2016-05-20 03:46:34 +00:00
Changed Collection documents to documentStructure and other WIP stuff 2017-06-04 21:40:27 +00:00			`let parentDocumentObj = {};`
			`if (parentDocument && ownerCollection.type === 'atlas') {`
			`parentDocumentObj = await Document.findOne({`
			`where: {`
			`id: parentDocument,`
			`atlasId: ownerCollection.id,`
			`},`
lock 2016-08-21 18:12:24 +00:00			`});`
Changed Collection documents to documentStructure and other WIP stuff 2017-06-04 21:40:27 +00:00			`}`

			`const newDocument = await Document.create({`
			`parentDocumentId: parentDocumentObj.id,`
			`atlasId: ownerCollection.id,`
			`teamId: user.teamId,`
			`userId: user.id,`
			`lastModifiedById: user.id,`
			`createdById: user.id,`
			`title,`
			`text,`
			`});`

Added deletion of documents 2017-06-05 07:36:50 +00:00			`if (ownerCollection.type === 'atlas') {`
			`await ownerCollection.addDocumentToStructure(newDocument, index);`
Changed Collection documents to documentStructure and other WIP stuff 2017-06-04 21:40:27 +00:00			`}`
Fixed locking with imports 2016-08-21 22:45:48 +00:00
			`ctx.body = {`
Changed Collection documents to documentStructure and other WIP stuff 2017-06-04 21:40:27 +00:00			`data: await presentDocument(ctx, newDocument, {`
Fixed locking with imports 2016-08-21 22:45:48 +00:00			`includeCollection: true,`
			`includeCollaborators: true,`
Added deletion of documents 2017-06-05 07:36:50 +00:00			`collection: ownerCollection,`
Fixed locking with imports 2016-08-21 22:45:48 +00:00			`}),`
			`};`
Saving and fetching of documents 2016-05-20 03:46:34 +00:00			`});`

[chore] added prettier 2017-04-27 04:47:03 +00:00			`router.post('documents.update', auth(), async ctx => {`
			`const { id, title, text } = ctx.body;`
Document editing 2016-05-26 04:26:06 +00:00			`ctx.assertPresent(id, 'id is required');`
Fixed Collection#updateDocument 2017-06-05 05:12:36 +00:00			`ctx.assertPresent(title \|\| text, 'title or text is required');`
Document editing 2016-05-26 04:26:06 +00:00
			`const user = ctx.state.user;`
Use clearer urls fro documents 2016-08-15 19:41:51 +00:00			`const document = await getDocumentForId(id);`
Document editing 2016-05-26 04:26:06 +00:00
Fixed Collection#updateDocument 2017-06-05 05:12:36 +00:00			`if (!document \|\| document.teamId !== user.teamId) throw httpErrors.NotFound();`
Document editing 2016-05-26 04:26:06 +00:00
Update nav tree after document update 2016-07-01 06:47:49 +00:00			`// Update document`
Fixed Collection#updateDocument 2017-06-05 05:12:36 +00:00			`if (title) document.title = title;`
			`if (text) document.text = text;`
Added revisions 2016-06-26 18:23:03 +00:00			`document.lastModifiedById = user.id;`
Document editing 2016-05-26 04:26:06 +00:00			`await document.save();`

Atlas > Collection 2017-05-27 18:08:52 +00:00			`const collection = await Collection.findById(document.atlasId);`
Renaming atlases to collections 2016-08-05 15:09:14 +00:00			`if (collection.type === 'atlas') {`
Changed Collection documents to documentStructure and other WIP stuff 2017-06-04 21:40:27 +00:00			`await collection.updateDocument(document);`
Update nav tree after document update 2016-07-01 06:47:49 +00:00			`}`

Added endpoint for moving documents 2017-06-06 06:50:32 +00:00			`ctx.body = {`
			`data: await presentDocument(ctx, document, {`
			`includeCollection: true,`
			`includeCollaborators: true,`
			`collection: collection,`
			`}),`
			`};`
			`});`

			`router.post('documents.move', auth(), async ctx => {`
			`const { id, parentDocument, index } = ctx.body;`
			`ctx.assertPresent(id, 'id is required');`
			`if (parentDocument)`
			`ctx.assertUuid(parentDocument, 'parentDocument must be an uuid');`
			`if (index) ctx.assertPositiveInteger(index, 'index must be an integer (>=0)');`

			`const user = ctx.state.user;`
			`const document = await getDocumentForId(id);`

			`if (!document \|\| document.teamId !== user.teamId) throw httpErrors.NotFound();`

			`// Set parent document`
			`if (parentDocument) {`
			`const parent = await getDocumentForId(parentDocument);`
			`if (parent.atlasId !== document.atlasId)`
			`throw httpErrors.BadRequest(`
			`'Invalid parentDocument (must be same collection)'`
			`);`
			`}`

			`if (parentDocument === id)`
			`throw httpErrors.BadRequest('Infinite loop detected and prevented!');`

			`// If no parent document is provided, set it as null (move to root level)`
			`document.parentDocumentId = parentDocument;`
			`await document.save();`

			`const collection = await Collection.findById(document.atlasId);`
			`if (collection.type === 'atlas') {`
			`await collection.deleteDocument(document);`
			`await collection.addDocumentToStructure(document, index);`
			`}`

Document editing 2016-05-26 04:26:06 +00:00			`ctx.body = {`
Added collaborators to document API 2016-08-15 12:52:07 +00:00			`data: await presentDocument(ctx, document, {`
			`includeCollection: true,`
			`includeCollaborators: true,`
Fixed Collection#updateDocument 2017-06-05 05:12:36 +00:00			`collection: collection,`
Added collaborators to document API 2016-08-15 12:52:07 +00:00			`}),`
Document editing 2016-05-26 04:26:06 +00:00			`};`
			`});`

[chore] added prettier 2017-04-27 04:47:03 +00:00			`router.post('documents.delete', auth(), async ctx => {`
			`const { id } = ctx.body;`
Added document deletion API 2016-05-30 18:15:35 +00:00			`ctx.assertPresent(id, 'id is required');`

			`const user = ctx.state.user;`
Use clearer urls fro documents 2016-08-15 19:41:51 +00:00			`const document = await getDocumentForId(id);`
Atlas > Collection 2017-05-27 18:08:52 +00:00			`const collection = await Collection.findById(document.atlasId);`
Added document deletion API 2016-05-30 18:15:35 +00:00
[chore] added prettier 2017-04-27 04:47:03 +00:00			`if (!document \|\| document.teamId !== user.teamId)`
			`throw httpErrors.BadRequest();`
Added document deletion API 2016-05-30 18:15:35 +00:00
Renaming atlases to collections 2016-08-05 15:09:14 +00:00			`if (collection.type === 'atlas') {`
Fixes to atlas document deletion 2016-07-11 00:02:45 +00:00			`// Don't allow deletion of root docs`
Added deletion of documents 2017-06-05 07:36:50 +00:00			`if (collection.documentStructure.length === 1) {`
			`throw httpErrors.BadRequest(`
			`"Unable to delete collection's only document"`
			`);`
Fixes to atlas document deletion 2016-07-11 00:02:45 +00:00			`}`
Fixes 2016-06-23 07:19:45 +00:00
Fixes to atlas document deletion 2016-07-11 00:02:45 +00:00			`// Delete all chilren`
			`try {`
Renaming atlases to collections 2016-08-05 15:09:14 +00:00			`await collection.deleteDocument(document);`
Fixes to atlas document deletion 2016-07-11 00:02:45 +00:00			`} catch (e) {`
			`throw httpErrors.BadRequest('Error while deleting');`
lint 2016-08-01 07:11:28 +00:00			`}`
Added paranoid, debugging and fixes to document deleting on atlas collections 2016-08-14 08:50:42 +00:00			`}`

			`// Delete the actual document`
			`try {`
			`await document.destroy();`
			`} catch (e) {`
			`throw httpErrors.BadRequest('Error while deleting document');`
Backend fixes 2016-07-07 04:36:50 +00:00			`}`

Added document deletion API 2016-05-30 18:15:35 +00:00			`ctx.body = {`
Implemented api key deletion 2016-08-27 05:04:28 +00:00			`success: true,`
Added document deletion API 2016-05-30 18:15:35 +00:00			`};`
			`});`

Update nav tree after document update 2016-07-01 06:47:49 +00:00			`export default router;`