Remove and replace all note id compression in LZString with base64url

Signed-off-by: Max Wu <jackymaxj@gmail.com>

Author: jackycute

lib/models/note.js

@@ -3,6 +3,7 @@
 var fs = require('fs')
 var path = require('path')
 var LZString = require('lz-string')
+var base64url = require('base64url')
 var md = require('markdown-it')()
 var metaMarked = require('meta-marked')
 var cheerio = require('cheerio')
@@ -114,6 +115,22 @@ module.exports = function (sequelize, DataTypes) {
           return false
         }
       },
+      encodeNoteId: function (id) {
+        // remove dashes in UUID and encode in url-safe base64
+        return base64url.encode(id.replace(/-/g, ''))
+      },
+      decodeNoteId: function (encodedId) {
+        // decode from url-safe base64
+        let id = base64url.decode(encodedId)
+        // add dashes between the UUID string parts
+        let idParts = []
+        idParts.push(id.substr(0, 8))
+        idParts.push(id.substr(8, 4))
+        idParts.push(id.substr(12, 4))
+        idParts.push(id.substr(16, 4))
+        idParts.push(id.substr(20, 12))
+        return idParts.join('-')
+      },
       checkNoteIdValid: function (id) {
         var uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i
         var result = id.match(uuidRegex)
@@ -190,6 +207,16 @@ module.exports = function (sequelize, DataTypes) {
               return _callback(err, null)
             })
           },
+          parseNoteIdByBase64Url: function (_callback) {
+            // try to parse note id by base64url
+            try {
+              var id = Note.decodeNoteId(noteId)
+              if (id && Note.checkNoteIdValid(id)) { return callback(null, id) } else { return _callback(null, null) }
+            } catch (err) {
+              return _callback(err, null)
+            }
+          },
+          // parse note id by LZString is deprecated, here for compability
           parseNoteIdByLZString: function (_callback) {
             // try to parse note id by LZString Base64
             try {

lib/realtime.js

@@ -5,7 +5,6 @@ var cookie = require('cookie')
 var cookieParser = require('cookie-parser')
 var url = require('url')
 var async = require('async')
-var LZString = require('lz-string')
 var randomcolor = require('randomcolor')
 var Chance = require('chance')
 var chance = new Chance()
@@ -703,7 +702,7 @@ function operationCallback (socket, operation) {
 }
 
 function updateHistory (userId, note, time) {
-  var noteId = note.alias ? note.alias : LZString.compressToBase64(note.id)
+  var noteId = note.alias ? note.alias : models.Note.encodeNoteId(note.id)
   if (note.server) history.updateHistory(userId, noteId, note.server.document, time)
 }
 

lib/response.js

@@ -3,7 +3,6 @@
 // external modules
 var fs = require('fs')
 var markdownpdf = require('markdown-pdf')
-var LZString = require('lz-string')
 var shortId = require('shortid')
 var querystring = require('querystring')
 var request = require('request')
@@ -124,7 +123,7 @@ function newNote (req, res, next) {
     alias: req.alias ? req.alias : null,
     content: req.body ? req.body : ''
   }).then(function (note) {
-    return res.redirect(config.serverurl + '/' + LZString.compressToBase64(note.id))
+    return res.redirect(config.serverurl + '/' + models.Note.encodeNoteId(note.id))
   }).catch(function (err) {
     logger.error(err)
     return response.errorInternalError(res)
@@ -179,7 +178,7 @@ function showNote (req, res, next) {
   findNote(req, res, function (note) {
     // force to use note id
     var noteId = req.params.noteId
-    var id = LZString.compressToBase64(note.id)
+    var id = models.Note.encodeNoteId(note.id)
     if ((note.alias && noteId !== note.alias) || (!note.alias && noteId !== id)) { return res.redirect(config.serverurl + '/' + (note.alias || id)) }
     return responseHackMD(res, note)
   })
@@ -321,7 +320,7 @@ function actionPDF (req, res, note) {
 function actionGist (req, res, note) {
   var data = {
     client_id: config.github.clientID,
-    redirect_uri: config.serverurl + '/auth/github/callback/' + LZString.compressToBase64(note.id) + '/gist',
+    redirect_uri: config.serverurl + '/auth/github/callback/' + models.Note.encodeNoteId(note.id) + '/gist',
     scope: 'gist',
     state: shortId.generate()
   }
@@ -418,7 +417,7 @@ function publishNoteActions (req, res, next) {
     var action = req.params.action
     switch (action) {
       case 'edit':
-        res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id)))
+        res.redirect(config.serverurl + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)))
         break
       default:
         res.redirect(config.serverurl + '/s/' + note.shortid)
@@ -432,7 +431,7 @@ function publishSlideActions (req, res, next) {
     var action = req.params.action
     switch (action) {
       case 'edit':
-        res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id)))
+        res.redirect(config.serverurl + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)))
         break
       default:
         res.redirect(config.serverurl + '/p/' + note.shortid)

package.json

@@ -18,6 +18,7 @@
     "Idle.Js": "git+https://github.com/shawnmclean/Idle.js",
     "async": "^2.1.4",
     "aws-sdk": "^2.7.20",
+    "base64url": "^2.0.0",
     "blueimp-md5": "^2.6.0",
     "body-parser": "^1.15.2",
     "bootstrap": "^3.3.7",