diff options
Diffstat (limited to 'models/export.js')
-rw-r--r-- | models/export.js | 80 |
1 files changed, 41 insertions, 39 deletions
diff --git a/models/export.js b/models/export.js index b774cf15..7a363dd3 100644 --- a/models/export.js +++ b/models/export.js @@ -1,5 +1,5 @@ /* global JsonRoutes */ -if(Meteor.isServer) { +if (Meteor.isServer) { // todo XXX once we have a real API in place, move that route there // todo XXX also share the route definition between the client and the server // so that we could use something like @@ -14,28 +14,28 @@ if(Meteor.isServer) { * See https://blog.kayla.com.au/server-side-route-authentication-in-meteor/ * for detailed explanations */ - JsonRoutes.add('get', '/api/boards/:boardId', function (req, res) { - const boardId = req.params.boardId; - let user = null; - // todo XXX for real API, first look for token in Authentication: header - // then fallback to parameter - const loginToken = req.query.authToken; - if (loginToken) { - const hashToken = Accounts._hashLoginToken(loginToken); - user = Meteor.users.findOne({ - 'services.resume.loginTokens.hashedToken': hashToken, - }); - } + // JsonRoutes.add('get', '/api/boards/:boardId', function (req, res) { + // const boardId = req.params.boardId; + // let user = null; + // // todo XXX for real API, first look for token in Authentication: header + // // then fallback to parameter + // const loginToken = req.query.authToken; + // if (loginToken) { + // const hashToken = Accounts._hashLoginToken(loginToken); + // user = Meteor.users.findOne({ + // 'services.resume.loginTokens.hashedToken': hashToken, + // }); + // } - const exporter = new Exporter(boardId); - if(exporter.canExport(user)) { - JsonRoutes.sendResult(res, 200, exporter.build()); - } else { - // we could send an explicit error message, but on the other hand the only - // way to get there is by hacking the UI so let's keep it raw. - JsonRoutes.sendResult(res, 403); - } - }); + // const exporter = new Exporter(boardId); + // if(exporter.canExport(user)) { + // JsonRoutes.sendResult(res, 200, exporter.build()); + // } else { + // // we could send an explicit error message, but on the other hand the only + // // way to get there is by hacking the UI so let's keep it raw. + // JsonRoutes.sendResult(res, 403); + // } + // }); } class Exporter { @@ -44,13 +44,13 @@ class Exporter { } build() { - const byBoard = {boardId: this._boardId}; + const byBoard = { boardId: this._boardId }; // we do not want to retrieve boardId in related elements - const noBoardId = {fields: {boardId: 0}}; + const noBoardId = { fields: { boardId: 0 } }; const result = { _format: 'wekan-board-1.0.0', }; - _.extend(result, Boards.findOne(this._boardId, {fields: {stars: 0}})); + _.extend(result, Boards.findOne(this._boardId, { fields: { stars: 0 } })); result.lists = Lists.find(byBoard, noBoardId).fetch(); result.cards = Cards.find(byBoard, noBoardId).fetch(); result.comments = CardComments.find(byBoard, noBoardId).fetch(); @@ -69,29 +69,31 @@ class Exporter { // 1- only exports users that are linked somehow to that board // 2- do not export any sensitive information const users = {}; - result.members.forEach((member) => {users[member.userId] = true;}); - result.lists.forEach((list) => {users[list.userId] = true;}); + result.members.forEach((member) => { users[member.userId] = true; }); + result.lists.forEach((list) => { users[list.userId] = true; }); result.cards.forEach((card) => { users[card.userId] = true; if (card.members) { - card.members.forEach((memberId) => {users[memberId] = true;}); + card.members.forEach((memberId) => { users[memberId] = true; }); } }); - result.comments.forEach((comment) => {users[comment.userId] = true;}); - result.activities.forEach((activity) => {users[activity.userId] = true;}); - const byUserIds = {_id: {$in: Object.getOwnPropertyNames(users)}}; + result.comments.forEach((comment) => { users[comment.userId] = true; }); + result.activities.forEach((activity) => { users[activity.userId] = true; }); + const byUserIds = { _id: { $in: Object.getOwnPropertyNames(users) } }; // we use whitelist to be sure we do not expose inadvertently // some secret fields that gets added to User later. - const userFields = {fields: { - _id: 1, - username: 1, - 'profile.fullname': 1, - 'profile.initials': 1, - 'profile.avatarUrl': 1, - }}; + const userFields = { + fields: { + _id: 1, + username: 1, + 'profile.fullname': 1, + 'profile.initials': 1, + 'profile.avatarUrl': 1, + }, + }; result.users = Users.find(byUserIds, userFields).fetch().map((user) => { // user avatar is stored as a relative url, we export absolute - if(user.profile.avatarUrl) { + if (user.profile.avatarUrl) { user.profile.avatarUrl = FlowRouter.url(user.profile.avatarUrl); } return user; |