Check for existing notes on POST and dont override them
Previously one could override notes in FreeURL-mode by sending multiple POST requests to the /new/<alias> endpoint. This commit adds a check for an already existing note with the requested alias and returns a HTTP 409 Conflict error in case that happens. Signed-off-by: Erik Michelson <opensource@erik.michelson.eu>
This commit is contained in:
		
							parent
							
								
									6531ea1a21
								
							
						
					
					
						commit
						124b064252
					
				| @ -20,6 +20,9 @@ module.exports = { | |||||||
|   errorBadRequest: function (res) { |   errorBadRequest: function (res) { | ||||||
|     responseError(res, '400', 'Bad Request', 'something not right.') |     responseError(res, '400', 'Bad Request', 'something not right.') | ||||||
|   }, |   }, | ||||||
|  |   errorConflict: function (res) { | ||||||
|  |     responseError(res, '409', 'Conflict', 'This note already exists.') | ||||||
|  |   }, | ||||||
|   errorTooLong: function (res) { |   errorTooLong: function (res) { | ||||||
|     responseError(res, '413', 'Payload Too Large', 'Shorten your note!') |     responseError(res, '413', 'Payload Too Large', 'Shorten your note!') | ||||||
|   }, |   }, | ||||||
|  | |||||||
| @ -46,7 +46,7 @@ exports.checkViewPermission = function (req, note) { | |||||||
|   } |   } | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| exports.newNote = function (req, res, body) { | exports.newNote = async function (req, res, body) { | ||||||
|   let owner = null |   let owner = null | ||||||
|   const noteId = req.params.noteId ? req.params.noteId : null |   const noteId = req.params.noteId ? req.params.noteId : null | ||||||
|   if (req.isAuthenticated()) { |   if (req.isAuthenticated()) { | ||||||
| @ -60,6 +60,19 @@ exports.newNote = function (req, res, body) { | |||||||
|     } else { |     } else { | ||||||
|       return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res) |       return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res) | ||||||
|     } |     } | ||||||
|  |     try { | ||||||
|  |       const count = await models.Note.count({ | ||||||
|  |         where: { | ||||||
|  |           alias: req.alias | ||||||
|  |         } | ||||||
|  |       }) | ||||||
|  |       if (count > 0) { | ||||||
|  |         return errors.errorConflict(res) | ||||||
|  |       } | ||||||
|  |     } catch (err) { | ||||||
|  |       logger.error(err) | ||||||
|  |       return errors.errorInternalError(res) | ||||||
|  |     } | ||||||
|   } |   } | ||||||
|   models.Note.create({ |   models.Note.create({ | ||||||
|     ownerId: owner, |     ownerId: owner, | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user