Software: Apache. PHP/8.1.30 uname -a: Linux server1.tuhinhossain.com 5.15.0-163-generic #173-Ubuntu SMP Tue Oct 14 17:51:00 UTC uid=1002(picotech) gid=1003(picotech) groups=1003(picotech),0(root) Safe-mode: OFF (not secure) /home/picotech/domains/note.picotech.app/public_html/src/controllers/ drwxr-xr-x | |
| Viewing file: Select action/file-type: const { Note, Meeting } = require('../models');
const { AppError, catchAsync } = require('../middleware/errorHandler');
const { Op } = require('sequelize');
exports.getMeetingNotes = catchAsync(async (req, res, next) => {
try {
const { meetingId } = req.params;
const notes = await Note.findAll({
where: {
meeting_id: meetingId,
user_id: req.user.id
},
order: [['created_at', 'DESC']]
});
res.json({
success: true,
data: {notes:notes}
});
} catch (error) {
next(error);
}
});
exports.createNote = catchAsync(async (req, res, next) => {
try {
const { meetingId } = req.params;
const { content_blocks, tags = [], status = 'draft' } = req.body;
const meeting = await Meeting.findByPk(meetingId);
if (!meeting) {
throw new AppError('Meeting not found', 404);
}
const note = await Note.create({
meeting_id: meeting.id,
user_id: req.user.id,
content_blocks,
tags,
status
});
res.status(201).json({
success: true,
data: note
});
} catch (error) {
next(error);
}
});
exports.getNote = catchAsync(async (req, res, next) => {
try {
const note = await Note.findOne({
where: {
id: req.params.id,
user_id: req.user.id
}
});
if (!note) {
throw new AppError('Note not found', 404);
}
res.json({
success: true,
data: {note:note}
});
} catch (error) {
next(error);
}
});
exports.updateNote = catchAsync(async (req, res, next) => {
try {
const { content_blocks, tags, status } = req.body;
const note = await Note.findOne({
where: {
id: req.params.id,
user_id: req.user.id
}
});
if (!note) {
throw new AppError('Note not found', 404);
}
await note.update({
content_blocks,
tags,
status
});
res.json({
success: true,
data: note
});
} catch (error) {
next(error);
}
});
exports.deleteNote = catchAsync(async (req, res, next) => {
try {
const result = await Note.destroy({
where: {
id: req.params.id,
user_id: req.user.id
}
});
if (!result) {
throw new AppError('Note not found', 404);
}
res.json({
success: true,
message: 'Note deleted successfully'
});
} catch (error) {
next(error);
}
});
exports.searchNotes = catchAsync(async (req, res, next) => {
try {
const { query, meetingId, status, tags } = req.query;
const where = { user_id: req.user.id };
if (meetingId) where.meeting_id = meetingId;
if (status) where.status = status;
// Sanitize and validate search query
if (query) {
// Remove potentially dangerous characters and limit length
const sanitizedQuery = String(query)
.replace(/[<>'"&]/g, '') // Remove HTML/XML dangerous chars
.replace(/[\x00-\x1F\x7F]/g, '') // Remove control characters
.trim()
.substring(0, 100); // Limit length
if (sanitizedQuery.length > 0) {
// Use parameterized query to prevent SQL injection
where[Op.or] = [
{ content_blocks: { [Op.like]: `%${sanitizedQuery}%` } }
];
}
}
if (tags) {
where.tags = { [Op.overlap]: Array.isArray(tags) ? tags : [tags] };
}
const notes = await Note.findAll({ where });
res.json({
success: true,
data: notes
});
} catch (error) {
next(error);
}
}); |
:: Command execute :: | |
--[ c99shell v. 2.5 [PHP 8 Update] [24.05.2025] | Generation time: 0.0033 ]-- |