Allow viewing diff before revision is written (#5399)

server/routes/api/revisions/index.ts

@@ -0,0 +1 @@
+export { default } from "./revisions";

server/routes/api/revisions/revisions.test.ts

@@ -0,0 +1,170 @@
+import { CollectionUser, Revision } from "@server/models";
+import { buildDocument, buildUser } from "@server/test/factories";
+import { seed, getTestServer } from "@server/test/support";
+
+const server = getTestServer();
+
+describe("#revisions.info", () => {
+  it("should return a document revision", async () => {
+    const { user, document } = await seed();
+    const revision = await Revision.createFromDocument(document);
+    const res = await server.post("/api/revisions.info", {
+      body: {
+        token: user.getJwtToken(),
+        id: revision.id,
+      },
+    });
+    const body = await res.json();
+    expect(res.status).toEqual(200);
+    expect(body.data.id).not.toEqual(document.id);
+    expect(body.data.title).toEqual(document.title);
+  });
+
+  it("should require authorization", async () => {
+    const document = await buildDocument();
+    const revision = await Revision.createFromDocument(document);
+    const user = await buildUser();
+    const res = await server.post("/api/revisions.info", {
+      body: {
+        token: user.getJwtToken(),
+        id: revision.id,
+      },
+    });
+    expect(res.status).toEqual(403);
+  });
+});
+
+describe("#revisions.diff", () => {
+  it("should return the document HTML if no previous revision", async () => {
+    const { user, document } = await seed();
+    const revision = await Revision.createFromDocument(document);
+    const res = await server.post("/api/revisions.diff", {
+      body: {
+        token: user.getJwtToken(),
+        id: revision.id,
+      },
+    });
+    const body = await res.json();
+    expect(res.status).toEqual(200);
+
+    // Can't compare entire HTML output due to generated class names
+    expect(body.data).toContain("<html");
+    expect(body.data).toContain("<style");
+    expect(body.data).toContain("<h1");
+    expect(body.data).not.toContain("<ins");
+    expect(body.data).not.toContain("<del");
+    expect(body.data).toContain(document.title);
+  });
+
+  it("should allow returning HTML directly with accept header", async () => {
+    const { user, document } = await seed();
+    const revision = await Revision.createFromDocument(document);
+    const res = await server.post("/api/revisions.diff", {
+      body: {
+        token: user.getJwtToken(),
+        id: revision.id,
+      },
+      headers: {
+        accept: "text/html",
+      },
+    });
+    const body = await res.text();
+    expect(res.status).toEqual(200);
+
+    // Can't compare entire HTML output due to generated class names
+    expect(body).toContain("<html");
+    expect(body).toContain("<style");
+    expect(body).toContain("<h1");
+    expect(body).not.toContain("<ins");
+    expect(body).not.toContain("<del");
+    expect(body).toContain(document.title);
+  });
+
+  it("should compare to previous revision by default", async () => {
+    const { user, document } = await seed();
+    await Revision.createFromDocument(document);
+
+    await document.update({ text: "New text" });
+    const revision1 = await Revision.createFromDocument(document);
+
+    const res = await server.post("/api/revisions.diff", {
+      body: {
+        token: user.getJwtToken(),
+        id: revision1.id,
+      },
+    });
+    const body = await res.json();
+    expect(res.status).toEqual(200);
+
+    // Can't compare entire HTML output due to generated class names
+    expect(body.data).toContain("<html");
+    expect(body.data).toContain("<style");
+    expect(body.data).toContain("<h1");
+    expect(body.data).toContain("<ins");
+    expect(body.data).toContain("<del");
+    expect(body.data).toContain(document.title);
+  });
+
+  it("should require authorization", async () => {
+    const document = await buildDocument();
+    const revision = await Revision.createFromDocument(document);
+    const user = await buildUser();
+    const res = await server.post("/api/revisions.diff", {
+      body: {
+        token: user.getJwtToken(),
+        id: revision.id,
+      },
+    });
+    expect(res.status).toEqual(403);
+  });
+});
+
+describe("#revisions.list", () => {
+  it("should return a document's revisions", async () => {
+    const { user, document } = await seed();
+    await Revision.createFromDocument(document);
+    const res = await server.post("/api/revisions.list", {
+      body: {
+        token: user.getJwtToken(),
+        documentId: document.id,
+      },
+    });
+    const body = await res.json();
+    expect(res.status).toEqual(200);
+    expect(body.data.length).toEqual(1);
+    expect(body.data[0].id).not.toEqual(document.id);
+    expect(body.data[0].title).toEqual(document.title);
+  });
+
+  it("should not return revisions for document in collection not a member of", async () => {
+    const { user, document, collection } = await seed();
+    await Revision.createFromDocument(document);
+    collection.permission = null;
+    await collection.save();
+    await CollectionUser.destroy({
+      where: {
+        userId: user.id,
+        collectionId: collection.id,
+      },
+    });
+    const res = await server.post("/api/revisions.list", {
+      body: {
+        token: user.getJwtToken(),
+        documentId: document.id,
+      },
+    });
+    expect(res.status).toEqual(403);
+  });
+
+  it("should require authorization", async () => {
+    const document = await buildDocument();
+    const user = await buildUser();
+    const res = await server.post("/api/revisions.list", {
+      body: {
+        token: user.getJwtToken(),
+        documentId: document.id,
+      },
+    });
+    expect(res.status).toEqual(403);
+  });
+});

server/routes/api/revisions/revisions.ts

@@ -0,0 +1,154 @@
+import Router from "koa-router";
+import { Op } from "sequelize";
+import { RevisionHelper } from "@shared/utils/RevisionHelper";
+import { ValidationError } from "@server/errors";
+import auth from "@server/middlewares/authentication";
+import validate from "@server/middlewares/validate";
+import { Document, Revision } from "@server/models";
+import DocumentHelper from "@server/models/helpers/DocumentHelper";
+import { authorize } from "@server/policies";
+import { presentRevision } from "@server/presenters";
+import { APIContext } from "@server/types";
+import slugify from "@server/utils/slugify";
+import pagination from "../middlewares/pagination";
+import * as T from "./schema";
+
+const router = new Router();
+
+router.post(
+  "revisions.info",
+  auth(),
+  validate(T.RevisionsInfoSchema),
+  async (ctx: APIContext<T.RevisionsInfoReq>) => {
+    const { id, documentId } = ctx.input.body;
+    const { user } = ctx.state.auth;
+    let before: Revision | null, after: Revision;
+
+    if (id) {
+      const revision = await Revision.findByPk(id, {
+        rejectOnEmpty: true,
+      });
+
+      const document = await Document.findByPk(revision.documentId, {
+        userId: user.id,
+      });
+      authorize(user, "read", document);
+      after = revision;
+      before = await revision.previous();
+    } else if (documentId) {
+      const document = await Document.findByPk(documentId, {
+        userId: user.id,
+      });
+      authorize(user, "read", document);
+      after = Revision.buildFromDocument(document);
+      after.id = RevisionHelper.latestId(document.id);
+      after.user = document.updatedBy;
+
+      before = await Revision.findLatest(documentId);
+    } else {
+      throw ValidationError("Either id or documentId must be provided");
+    }
+
+    ctx.body = {
+      data: await presentRevision(
+        after,
+        await DocumentHelper.diff(before, after, {
+          includeTitle: false,
+          includeStyles: false,
+        })
+      ),
+    };
+  }
+);
+
+router.post(
+  "revisions.diff",
+  auth(),
+  validate(T.RevisionsDiffSchema),
+  async (ctx: APIContext<T.RevisionsDiffReq>) => {
+    const { id, compareToId } = ctx.input.body;
+    const { user } = ctx.state.auth;
+
+    const revision = await Revision.findByPk(id, {
+      rejectOnEmpty: true,
+    });
+    const document = await Document.findByPk(revision.documentId, {
+      userId: user.id,
+    });
+    authorize(user, "read", document);
+
+    let before;
+    if (compareToId) {
+      before = await Revision.findOne({
+        where: {
+          id: compareToId,
+          documentId: revision.documentId,
+          createdAt: {
+            [Op.lt]: revision.createdAt,
+          },
+        },
+      });
+      if (!before) {
+        throw ValidationError(
+          "Revision could not be found, compareToId must be a revision of the same document before the provided revision"
+        );
+      }
+    } else {
+      before = await revision.previous();
+    }
+
+    const accept = ctx.request.headers["accept"];
+    const content = await DocumentHelper.diff(before, revision);
+
+    if (accept?.includes("text/html")) {
+      ctx.set("Content-Type", "text/html");
+      ctx.set(
+        "Content-Disposition",
+        `attachment; filename="${slugify(document.titleWithDefault)}-${
+          revision.id
+        }.html"`
+      );
+      ctx.body = content;
+      return;
+    }
+
+    ctx.body = {
+      data: content,
+    };
+  }
+);
+
+router.post(
+  "revisions.list",
+  auth(),
+  pagination(),
+  validate(T.RevisionsListSchema),
+  async (ctx: APIContext<T.RevisionsListReq>) => {
+    const { direction, documentId, sort } = ctx.input.body;
+    const { user } = ctx.state.auth;
+
+    const document = await Document.findByPk(documentId, {
+      userId: user.id,
+    });
+    authorize(user, "read", document);
+
+    const revisions = await Revision.findAll({
+      where: {
+        documentId: document.id,
+      },
+      order: [[sort, direction]],
+      offset: ctx.state.pagination.offset,
+      limit: ctx.state.pagination.limit,
+    });
+    const data = await Promise.all(
+      revisions.map((revision) => presentRevision(revision))
+    );
+
+    ctx.body = {
+      pagination: ctx.state.pagination,
+      data,
+    };
+  }
+);
+
+export default router;

server/routes/api/revisions/schema.ts

@@ -0,0 +1,46 @@
+import { isEmpty } from "lodash";
+import { z } from "zod";
+import { Revision } from "@server/models";
+import BaseSchema from "@server/routes/api/BaseSchema";
+
+export const RevisionsInfoSchema = BaseSchema.extend({
+  body: z
+    .object({
+      id: z.string().uuid().optional(),
+      documentId: z.string().uuid().optional(),
+    })
+    .refine((req) => !(isEmpty(req.id) && isEmpty(req.documentId)), {
+      message: "id or documentId is required",
+    }),
+});
+
+export type RevisionsInfoReq = z.infer<typeof RevisionsInfoSchema>;
+
+export const RevisionsDiffSchema = BaseSchema.extend({
+  body: z.object({
+    id: z.string().uuid(),
+    compareToId: z.string().uuid().optional(),
+  }),
+});
+
+export type RevisionsDiffReq = z.infer<typeof RevisionsDiffSchema>;
+
+export const RevisionsListSchema = z.object({
+  body: z.object({
+    direction: z
+      .string()
+      .optional()
+      .transform((val) => (val !== "ASC" ? "DESC" : val)),
+
+    sort: z
+      .string()
+      .refine((val) => Object.keys(Revision.getAttributes()).includes(val), {
+        message: "Invalid sort parameter",
+      })
+      .default("createdAt"),
+
+    documentId: z.string().uuid(),
+  }),
+});
+
+export type RevisionsListReq = z.infer<typeof RevisionsListSchema>;