wekan/models/export.js

/* global JsonRoutes */
if (Meteor.isServer) {
  // todo XXX once we have a real API in place, move that route there
  // todo XXX also  share the route definition between the client and the server
  // so that we could use something like
  // `ApiRoutes.path('boards/export', boardId)``
  // on the client instead of copy/pasting the route path manually between the
  // client and the server.
  /**
   * @operation export
   * @tag Boards
   *
   * @summary This route is used to export the board.
   *
   * @description If user is already logged-in, pass loginToken as param
   * "authToken": '/api/boards/:boardId/export?authToken=:token'
   *
   * See https://blog.kayla.com.au/server-side-route-authentication-in-meteor/
   * for detailed explanations
   *
   * @param {string} boardId the ID of the board we are exporting
   * @param {string} authToken the loginToken
   */
  JsonRoutes.add('get', '/api/boards/:boardId/export', function(req, res) {
    const boardId = req.params.boardId;
    let user = null;
    const loginToken = req.query.authToken;
    if (loginToken) {
      const hashToken = Accounts._hashLoginToken(loginToken);
      user = Meteor.users.findOne({
        'services.resume.loginTokens.hashedToken': hashToken,
      });
    } else if (!Meteor.settings.public.sandstorm) {
      Authentication.checkUserId(req.userId);
      user = Users.findOne({ _id: req.userId, isAdmin: true });
    }
    const exporter = new Exporter(boardId);
    if (exporter.canExport(user)) {
      JsonRoutes.sendResult(res, {
        code: 200,
        data: exporter.build(),
      });
    } else {
      // we could send an explicit error message, but on the other hand the only
      // way to get there is by hacking the UI so let's keep it raw.
      JsonRoutes.sendResult(res, 403);
    }
  });
}

// exporter maybe is broken since Gridfs introduced, add fs and path

export class Exporter {
  constructor(boardId) {
    this._boardId = boardId;
  }

  build() {
    const fs = Npm.require('fs');
    const os = Npm.require('os');
    const path = Npm.require('path');

    const byBoard = { boardId: this._boardId };
    const byBoardNoLinked = {
      boardId: this._boardId,
      linkedId: { $in: ['', null] },
    };
    // we do not want to retrieve boardId in related elements
    const noBoardId = {
      fields: {
        boardId: 0,
      },
    };
    const result = {
      _format: 'wekan-board-1.0.0',
    };
    _.extend(
      result,
      Boards.findOne(this._boardId, {
        fields: {
          stars: 0,
        },
      }),
    );
    result.lists = Lists.find(byBoard, noBoardId).fetch();
    result.cards = Cards.find(byBoardNoLinked, noBoardId).fetch();
    result.swimlanes = Swimlanes.find(byBoard, noBoardId).fetch();
    result.customFields = CustomFields.find(
      { boardIds: { $in: [this.boardId] } },
      { fields: { boardId: 0 } },
    ).fetch();
    result.comments = CardComments.find(byBoard, noBoardId).fetch();
    result.activities = Activities.find(byBoard, noBoardId).fetch();
    result.rules = Rules.find(byBoard, noBoardId).fetch();
    result.checklists = [];
    result.checklistItems = [];
    result.subtaskItems = [];
    result.triggers = [];
    result.actions = [];
    result.cards.forEach(card => {
      result.checklists.push(
        ...Checklists.find({
          cardId: card._id,
        }).fetch(),
      );
      result.checklistItems.push(
        ...ChecklistItems.find({
          cardId: card._id,
        }).fetch(),
      );
      result.subtaskItems.push(
        ...Cards.find({
          parentId: card._id,
        }).fetch(),
      );
    });
    result.rules.forEach(rule => {
      result.triggers.push(
        ...Triggers.find(
          {
            _id: rule.triggerId,
          },
          noBoardId,
        ).fetch(),
      );
      result.actions.push(
        ...Actions.find(
          {
            _id: rule.actionId,
          },
          noBoardId,
        ).fetch(),
      );
    });

    // [Old] for attachments we only export IDs and absolute url to original doc
    // [New] Encode attachment to base64

    const getBase64Data = function(doc, callback) {
      let buffer = Buffer.allocUnsafe(0);
      buffer.fill(0);

      // callback has the form function (err, res) {}
      const tmpFile = path.join(
        os.tmpdir(),
        `tmpexport${process.pid}${Math.random()}`,
      );
      const tmpWriteable = fs.createWriteStream(tmpFile);
      const readStream = fs.createReadStream(doc.path);
      readStream.on('data', function(chunk) {
        buffer = Buffer.concat([buffer, chunk]);
      });

      readStream.on('error', function(err) {
        callback(null, null);
      });
      readStream.on('end', function() {
        // done
        fs.unlink(tmpFile, () => {
          //ignored
        });

        callback(null, buffer.toString('base64'));
      });
      readStream.pipe(tmpWriteable);
    };
    const getBase64DataSync = Meteor.wrapAsync(getBase64Data);
    result.attachments = Attachments.find({ 'meta.boardId': byBoard.boardId })
      .fetch()
      .map(attachment => {
        let filebase64 = null;
        filebase64 = getBase64DataSync(attachment);

        return {
          _id: attachment._id,
          cardId: attachment.meta.cardId,
          //url: FlowRouter.url(attachment.url()),
          file: filebase64,
          name: attachment.name,
          type: attachment.type,
        };
      });

    // we also have to export some user data - as the other elements only
    // include id but we have to be careful:
    // 1- only exports users that are linked somehow to that board
    // 2- do not export any sensitive information
    const users = {};
    result.members.forEach(member => {
      users[member.userId] = true;
    });
    result.lists.forEach(list => {
      users[list.userId] = true;
    });
    result.cards.forEach(card => {
      users[card.userId] = true;
      if (card.members) {
        card.members.forEach(memberId => {
          users[memberId] = true;
        });
      }
    });
    result.comments.forEach(comment => {
      users[comment.userId] = true;
    });
    result.activities.forEach(activity => {
      users[activity.userId] = true;
    });
    result.checklists.forEach(checklist => {
      users[checklist.userId] = true;
    });
    const byUserIds = {
      _id: {
        $in: Object.getOwnPropertyNames(users),
      },
    };
    // we use whitelist to be sure we do not expose inadvertently
    // some secret fields that gets added to User later.
    const userFields = {
      fields: {
        _id: 1,
        username: 1,
        'profile.fullname': 1,
        'profile.initials': 1,
        'profile.avatarUrl': 1,
      },
    };
    result.users = Users.find(byUserIds, userFields)
      .fetch()
      .map(user => {
        // user avatar is stored as a relative url, we export absolute
        if ((user.profile || {}).avatarUrl) {
          user.profile.avatarUrl = FlowRouter.url(user.profile.avatarUrl);
        }
        return user;
      });
    return result;
  }

  canExport(user) {
    const board = Boards.findOne(this._boardId);
    return board && board.isVisibleBy(user);
  }
}
Export Wekan now server-based with proper auth 2015-12-16 21:54:35 +01:00			`/* global JsonRoutes */`
REST API - Meteor 1.4 - first step issue 2017-04-27 20:49:24 +03:00			`if (Meteor.isServer) {`
Improved doc on server-side export route 2015-12-17 13:11:33 +01:00			`// todo XXX once we have a real API in place, move that route there`
Export: improved API routes - use an explicit "boards" domain: /api/boards/:boardId - pass authToken as a request parameter: /api/boards/:boardId?authToken=:token - in the future, same route can be used with authToken set in the Authenticate: header easily 2015-12-17 23:57:28 +01:00			`// todo XXX also share the route definition between the client and the server`
Favor FlowRouter.url over Meteor.absoluteUrl It hides the leading slash treatment as an hidden implementation detail. 2016-01-05 13:37:15 +01:00			`// so that we could use something like`
			// `ApiRoutes.path('boards/export', boardId)``
			`// on the client instead of copy/pasting the route path manually between the`
			`// client and the server.`
Restore export API Commit 477d71e0b90d1 was based on an older version of export.js, which means it reverted a few changes that were made previously. Fixes #2328 2019-05-14 09:37:04 +02:00			`/**`
			`* @operation export`
			`* @tag Boards`
			`*`
			`* @summary This route is used to export the board.`
			`*`
			`* @description If user is already logged-in, pass loginToken as param`
			`* "authToken": '/api/boards/:boardId/export?authToken=:token'`
Improved doc on server-side export route 2015-12-17 13:11:33 +01:00			`*`
			`* See https://blog.kayla.com.au/server-side-route-authentication-in-meteor/`
			`* for detailed explanations`
Restore export API Commit 477d71e0b90d1 was based on an older version of export.js, which means it reverted a few changes that were made previously. Fixes #2328 2019-05-14 09:37:04 +02:00			`*`
			`* @param {string} boardId the ID of the board we are exporting`
			`* @param {string} authToken the loginToken`
Improved doc on server-side export route 2015-12-17 13:11:33 +01:00			`*/`
Export/Import done for rules 2018-09-14 19:20:24 +02:00			`JsonRoutes.add('get', '/api/boards/:boardId/export', function(req, res) {`
Reenable the export feature Fixes #1055 2017-06-12 09:30:03 +02:00			`const boardId = req.params.boardId;`
			`let user = null;`
			`const loginToken = req.query.authToken;`
			`if (loginToken) {`
			`const hashToken = Accounts._hashLoginToken(loginToken);`
			`user = Meteor.users.findOne({`
			`'services.resume.loginTokens.hashedToken': hashToken,`
			`});`
Restore export API Commit 477d71e0b90d1 was based on an older version of export.js, which means it reverted a few changes that were made previously. Fixes #2328 2019-05-14 09:37:04 +02:00			`} else if (!Meteor.settings.public.sandstorm) {`
			`Authentication.checkUserId(req.userId);`
			`user = Users.findOne({ _id: req.userId, isAdmin: true });`
Reenable the export feature Fixes #1055 2017-06-12 09:30:03 +02:00			`}`
			`const exporter = new Exporter(boardId);`
Fix lint errors. Thanks to xet7 ! 2019-04-06 09:00:13 +03:00			`if (exporter.canExport(user)) {`
Export/Import done for rules 2018-09-14 19:20:24 +02:00			`JsonRoutes.sendResult(res, {`
			`code: 200,`
Fix lint errors. 2018-09-16 01:50:36 +03:00			`data: exporter.build(),`
Export/Import done for rules 2018-09-14 19:20:24 +02:00			`});`
Reenable the export feature Fixes #1055 2017-06-12 09:30:03 +02:00			`} else {`
			`// we could send an explicit error message, but on the other hand the only`
			`// way to get there is by hacking the UI so let's keep it raw.`
			`JsonRoutes.sendResult(res, 403);`
			`}`
			`});`
Export Wekan now server-based with proper auth 2015-12-16 21:54:35 +01:00			`}`
board export now checks authentication 2015-12-13 20:02:34 +01:00
Add Features: allowing lists to be sorted by modifiedAt when not in draggable mode. Bug Fix #2093: the broken should be prior to file attachment feature introduced, and tested export board is working. Thanks to whowillcare ! ( xet7 merged this pull request manually from https://github.com/wekan/wekan/pull/2756 ) Closes #2093 2019-10-29 19:05:44 +02:00			`// exporter maybe is broken since Gridfs introduced, add fs and path`

Fixes 2019-02-12 23:40:12 +01:00			`export class Exporter {`
export board to Wekan JSON 2015-12-09 00:35:45 +01:00			`constructor(boardId) {`
			`this._boardId = boardId;`
			`}`

			`build() {`
Add Features: allowing lists to be sorted by modifiedAt when not in draggable mode. Bug Fix #2093: the broken should be prior to file attachment feature introduced, and tested export board is working. Thanks to whowillcare ! ( xet7 merged this pull request manually from https://github.com/wekan/wekan/pull/2756 ) Closes #2093 2019-10-29 19:05:44 +02:00			`const fs = Npm.require('fs');`
			`const os = Npm.require('os');`
			`const path = Npm.require('path');`

REST API - Meteor 1.4 - first step issue 2017-04-27 20:49:24 +03:00			`const byBoard = { boardId: this._boardId };`
Prettier & eslint project style update 2019-06-28 12:52:09 -05:00			`const byBoardNoLinked = {`
			`boardId: this._boardId,`
			`linkedId: { $in: ['', null] },`
			`};`
Export wekan: do not export board.stars 2015-12-16 16:30:48 +01:00			`// we do not want to retrieve boardId in related elements`
Export/Import done for rules 2018-09-14 19:20:24 +02:00			`const noBoardId = {`
			`fields: {`
Fix lint errors. 2018-09-16 01:50:36 +03:00			`boardId: 0,`
			`},`
Export/Import done for rules 2018-09-14 19:20:24 +02:00			`};`
Export: include attachments 2015-12-17 11:58:55 +01:00			`const result = {`
			`_format: 'wekan-board-1.0.0',`
			`};`
Prettier & eslint project style update 2019-06-28 12:52:09 -05:00			`_.extend(`
			`result,`
			`Boards.findOne(this._boardId, {`
			`fields: {`
			`stars: 0,`
			`},`
			`}),`
			`);`
Export wekan: do not export board.stars 2015-12-16 16:30:48 +01:00			`result.lists = Lists.find(byBoard, noBoardId).fetch();`
Refactor imported -> linked in models 2018-05-02 14:20:55 -03:00			`result.cards = Cards.find(byBoardNoLinked, noBoardId).fetch();`
Fix import wekan board with swimlanes 2018-02-02 23:04:54 -03:00			`result.swimlanes = Swimlanes.find(byBoard, noBoardId).fetch();`
Prettier & eslint project style update 2019-06-28 12:52:09 -05:00			`result.customFields = CustomFields.find(`
			`{ boardIds: { $in: [this.boardId] } },`
			`{ fields: { boardId: 0 } },`
			`).fetch();`
Export wekan: do not export board.stars 2015-12-16 16:30:48 +01:00			`result.comments = CardComments.find(byBoard, noBoardId).fetch();`
			`result.activities = Activities.find(byBoard, noBoardId).fetch();`
Export/Import done for rules 2018-09-14 19:20:24 +02:00			`result.rules = Rules.find(byBoard, noBoardId).fetch();`
Export checklists 2017-07-20 00:24:21 +01:00			`result.checklists = [];`
Fix Wekan import / Export for ChecklistItems 2018-04-28 22:17:56 +02:00			`result.checklistItems = [];`
Initial implementation for subtasks 2018-06-18 23:25:56 +03:00			`result.subtaskItems = [];`
Export/Import done for rules 2018-09-14 19:20:24 +02:00			`result.triggers = [];`
			`result.actions = [];`
Prettier & eslint project style update 2019-06-28 12:52:09 -05:00			`result.cards.forEach(card => {`
			`result.checklists.push(`
			`...Checklists.find({`
			`cardId: card._id,`
			`}).fetch(),`
			`);`
			`result.checklistItems.push(`
			`...ChecklistItems.find({`
			`cardId: card._id,`
			`}).fetch(),`
			`);`
			`result.subtaskItems.push(`
			`...Cards.find({`
Fix typo on exporting subtasks. Thanks to xiorcala ! Closes #2770 2019-10-29 22:02:30 +02:00			`parentId: card._id,`
Prettier & eslint project style update 2019-06-28 12:52:09 -05:00			`}).fetch(),`
			`);`
Export/Import done for rules 2018-09-14 19:20:24 +02:00			`});`
Prettier & eslint project style update 2019-06-28 12:52:09 -05:00			`result.rules.forEach(rule => {`
			`result.triggers.push(`
			`...Triggers.find(`
			`{`
			`_id: rule.triggerId,`
			`},`
			`noBoardId,`
			`).fetch(),`
			`);`
			`result.actions.push(`
			`...Actions.find(`
			`{`
			`_id: rule.actionId,`
			`},`
			`noBoardId,`
			`).fetch(),`
			`);`
Export checklists 2017-07-20 00:24:21 +01:00			`});`
Fix Wekan import / Export for ChecklistItems 2018-04-28 22:17:56 +02:00
Export and import attachents as base64 encoded files 2017-07-15 22:10:46 +01:00			`// [Old] for attachments we only export IDs and absolute url to original doc`
			`// [New] Encode attachment to base64`
fixed board export with attchment 2020-01-23 01:16:56 -05:00
Export and import attachents as base64 encoded files 2017-07-15 22:10:46 +01:00			`const getBase64Data = function(doc, callback) {`
fixed board export with attchment 2020-01-23 01:16:56 -05:00			`let buffer = Buffer.allocUnsafe(0);`
			`buffer.fill(0);`

Export and import attachents as base64 encoded files 2017-07-15 22:10:46 +01:00			`// callback has the form function (err, res) {}`
Add Features: allowing lists to be sorted by modifiedAt when not in draggable mode. Bug Fix #2093: the broken should be prior to file attachment feature introduced, and tested export board is working. Thanks to whowillcare ! ( xet7 merged this pull request manually from https://github.com/wekan/wekan/pull/2756 ) Closes #2093 2019-10-29 19:05:44 +02:00			`const tmpFile = path.join(`
			`os.tmpdir(),`
			`tmpexport${process.pid}${Math.random()}`,
			`);`
			`const tmpWriteable = fs.createWriteStream(tmpFile);`
Fix export attachments (not tested) 2020-05-22 14:59:56 +08:00			`const readStream = fs.createReadStream(doc.path);`
Export and import attachents as base64 encoded files 2017-07-15 22:10:46 +01:00			`readStream.on('data', function(chunk) {`
			`buffer = Buffer.concat([buffer, chunk]);`
			`});`
fixed board export with attchment 2020-01-23 01:16:56 -05:00
Export and import attachents as base64 encoded files 2017-07-15 22:10:46 +01:00			`readStream.on('error', function(err) {`
fixed board export with attchment 2020-01-23 01:16:56 -05:00			`callback(null, null);`
Export and import attachents as base64 encoded files 2017-07-15 22:10:46 +01:00			`});`
			`readStream.on('end', function() {`
			`// done`
Add Features: allowing lists to be sorted by modifiedAt when not in draggable mode. Bug Fix #2093: the broken should be prior to file attachment feature introduced, and tested export board is working. Thanks to whowillcare ! ( xet7 merged this pull request manually from https://github.com/wekan/wekan/pull/2756 ) Closes #2093 2019-10-29 19:05:44 +02:00			`fs.unlink(tmpFile, () => {`
			`//ignored`
			`});`
fixed board export with attchment 2020-01-23 01:16:56 -05:00
Export and import attachents as base64 encoded files 2017-07-15 22:10:46 +01:00			`callback(null, buffer.toString('base64'));`
			`});`
Add Features: allowing lists to be sorted by modifiedAt when not in draggable mode. Bug Fix #2093: the broken should be prior to file attachment feature introduced, and tested export board is working. Thanks to whowillcare ! ( xet7 merged this pull request manually from https://github.com/wekan/wekan/pull/2756 ) Closes #2093 2019-10-29 19:05:44 +02:00			`readStream.pipe(tmpWriteable);`
Export and import attachents as base64 encoded files 2017-07-15 22:10:46 +01:00			`};`
			`const getBase64DataSync = Meteor.wrapAsync(getBase64Data);`
Attachment upload from card done, need to fix download link 2019-11-20 10:40:09 +00:00			`result.attachments = Attachments.find({ 'meta.boardId': byBoard.boardId })`
Prettier & eslint project style update 2019-06-28 12:52:09 -05:00			`.fetch()`
			`.map(attachment => {`
fixed board export with attchment 2020-01-23 01:16:56 -05:00			`let filebase64 = null;`
			`filebase64 = getBase64DataSync(attachment);`

Prettier & eslint project style update 2019-06-28 12:52:09 -05:00			`return {`
			`_id: attachment._id,`
Fix export attachments (not tested) 2020-05-22 14:59:56 +08:00			`cardId: attachment.meta.cardId,`
fixed board export with attchment 2020-01-23 01:16:56 -05:00			`//url: FlowRouter.url(attachment.url()),`
			`file: filebase64,`
Fix export attachments (not tested) 2020-05-22 14:59:56 +08:00			`name: attachment.name,`
			`type: attachment.type,`
Prettier & eslint project style update 2019-06-28 12:52:09 -05:00			`};`
			`});`
export board to Wekan JSON 2015-12-09 00:35:45 +01:00
Favor FlowRouter.url over Meteor.absoluteUrl It hides the leading slash treatment as an hidden implementation detail. 2016-01-05 13:37:15 +01:00			`// we also have to export some user data - as the other elements only`
			`// include id but we have to be careful:`
export board to Wekan JSON 2015-12-09 00:35:45 +01:00			`// 1- only exports users that are linked somehow to that board`
			`// 2- do not export any sensitive information`
			`const users = {};`
Prettier & eslint project style update 2019-06-28 12:52:09 -05:00			`result.members.forEach(member => {`
Export/Import done for rules 2018-09-14 19:20:24 +02:00			`users[member.userId] = true;`
			`});`
Prettier & eslint project style update 2019-06-28 12:52:09 -05:00			`result.lists.forEach(list => {`
Export/Import done for rules 2018-09-14 19:20:24 +02:00			`users[list.userId] = true;`
			`});`
Prettier & eslint project style update 2019-06-28 12:52:09 -05:00			`result.cards.forEach(card => {`
export board to Wekan JSON 2015-12-09 00:35:45 +01:00			`users[card.userId] = true;`
			`if (card.members) {`
Prettier & eslint project style update 2019-06-28 12:52:09 -05:00			`card.members.forEach(memberId => {`
Export/Import done for rules 2018-09-14 19:20:24 +02:00			`users[memberId] = true;`
			`});`
export board to Wekan JSON 2015-12-09 00:35:45 +01:00			`}`
			`});`
Prettier & eslint project style update 2019-06-28 12:52:09 -05:00			`result.comments.forEach(comment => {`
Export/Import done for rules 2018-09-14 19:20:24 +02:00			`users[comment.userId] = true;`
			`});`
Prettier & eslint project style update 2019-06-28 12:52:09 -05:00			`result.activities.forEach(activity => {`
Export/Import done for rules 2018-09-14 19:20:24 +02:00			`users[activity.userId] = true;`
			`});`
Prettier & eslint project style update 2019-06-28 12:52:09 -05:00			`result.checklists.forEach(checklist => {`
Export/Import done for rules 2018-09-14 19:20:24 +02:00			`users[checklist.userId] = true;`
			`});`
			`const byUserIds = {`
			`_id: {`
Fix lint errors. 2018-09-16 01:50:36 +03:00			`$in: Object.getOwnPropertyNames(users),`
			`},`
Export/Import done for rules 2018-09-14 19:20:24 +02:00			`};`
export board to Wekan JSON 2015-12-09 00:35:45 +01:00			`// we use whitelist to be sure we do not expose inadvertently`
			`// some secret fields that gets added to User later.`
REST API - Meteor 1.4 - first step issue 2017-04-27 20:49:24 +03:00			`const userFields = {`
			`fields: {`
			`_id: 1,`
			`username: 1,`
			`'profile.fullname': 1,`
			`'profile.initials': 1,`
			`'profile.avatarUrl': 1,`
			`},`
			`};`
Prettier & eslint project style update 2019-06-28 12:52:09 -05:00			`result.users = Users.find(byUserIds, userFields)`
			`.fetch()`
			`.map(user => {`
			`// user avatar is stored as a relative url, we export absolute`
			`if ((user.profile \|\| {}).avatarUrl) {`
			`user.profile.avatarUrl = FlowRouter.url(user.profile.avatarUrl);`
			`}`
			`return user;`
			`});`
export board to Wekan JSON 2015-12-09 00:35:45 +01:00			`return result;`
			`}`
Export Wekan now server-based with proper auth 2015-12-16 21:54:35 +01:00
			`canExport(user) {`
			`const board = Boards.findOne(this._boardId);`
			`return board && board.isVisibleBy(user);`
			`}`
export board to Wekan JSON 2015-12-09 00:35:45 +01:00			`}`