Lxcloud/core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(render): forhidden no access to see post

Browse Source
This commit is contained in:
Innei
2021-12-21 16:34:08 +08:00
parent 7ef2d13dfe
commit cc72bad121
2 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/modules/markdown/markdown.controller.ts
View File

@@ -2,6 +2,7 @@ import {
Body,
CacheTTL,
Controller,
ForbiddenException,
Get,
Header,
Param,
@@ -13,6 +14,7 @@ import dayjs from 'dayjs'
import { render } from 'ejs'
import { minify } from 'html-minifier'
import JSZip from 'jszip'
import { isNil } from 'lodash'
import { join } from 'path'
import { performance } from 'perf_hooks'
import { Readable } from 'stream'
@@ -22,6 +24,7 @@ import { Auth } from '~/common/decorator/auth.decorator'
import { HttpCache } from '~/common/decorator/cache.decorator'
import { HTTPDecorators } from '~/common/decorator/http.decorator'
import { ApiName } from '~/common/decorator/openapi.decorator'
import { IsMaster } from '~/common/decorator/role.decorator'
import { ArticleTypeEnum } from '~/constants/article.constant'
import { MongoIdDto } from '~/shared/dto/id.dto'
import { CategoryModel } from '../category/category.model'
@@ -164,6 +167,7 @@ export class MarkdownController {
async renderArticle(
@Param() params: MongoIdDto,
@Query('theme') theme: string,
@IsMaster() isMaster: boolean,
) {
const { id } = params
const now = performance.now()
@@ -179,6 +183,15 @@ export class MarkdownController {
this.configs.getMaster(),
])
if (!isMaster) {
if (
('hide' in document && document.hide) ||
('password' in document && !isNil(document.password))
) {
throw new ForbiddenException('该文章已隐藏或加密')
}
}
const relativePath = (() => {
switch (type.toLowerCase()) {
case 'post':

2
src/processors/database/database.service.ts
View File

@@ -39,7 +39,7 @@ export class DatabaseService {
public async findGlobalById(id: string) {
const doc = await Promise.all([
this.postModel.findById(id).populate('category').lean(),
this.noteModel.findById(id).lean(),
this.noteModel.findById(id).lean().select('+password'),
this.pageModel.findById(id).lean(),
])
const index = doc.findIndex(Boolean)