src/applinks.js

'use strict';

exports = module.exports = {
    list,
    listByUser,
    add,
    get,
    update,
    remove,
    getIcon
};

const assert = require('assert'),
    apps = require('./apps.js'),
    BoxError = require('./boxerror.js'),
    database = require('./database.js'),
    debug = require('debug')('box:applinks'),
    jsdom = require('jsdom'),
    safe = require('safetydance'),
    superagent = require('superagent'),
    uuid = require('uuid'),
    validator = require('validator');

const APPLINKS_FIELDS= [ 'id', 'accessRestrictionJson', 'creationTime', 'updateTime', 'ts', 'label', 'tagsJson', 'icon', 'upstreamUri' ].join(',');

function postProcess(result) {
    assert.strictEqual(typeof result, 'object');

    assert(result.tagsJson === null || typeof result.tagsJson === 'string');
    result.tags = safe.JSON.parse(result.tagsJson) || [];
    delete result.tagsJson;

    assert(result.accessRestrictionJson === null || typeof result.accessRestrictionJson === 'string');
    result.accessRestriction = safe.JSON.parse(result.accessRestrictionJson);
    if (result.accessRestriction && !result.accessRestriction.users) result.accessRestriction.users = [];
    delete result.accessRestrictionJson;

    result.ts = new Date(result.ts).getTime();

    result.icon = result.icon ? result.icon : null;
}

async function list() {
    const results = await database.query(`SELECT ${APPLINKS_FIELDS} FROM applinks ORDER BY upstreamUri`);

    results.forEach(postProcess);

    return results;
}

async function listByUser(user) {
    assert.strictEqual(typeof user, 'object');

    const result = await list();
    return result.filter((app) => apps.canAccess(app, user));
}

async function detectMetaInfo(applink) {
    assert.strictEqual(typeof applink, 'object');

    const [error, response] = await safe(superagent.get(applink.upstreamUri));
    if (error || !response.text) throw new BoxError(BoxError.BAD_FIELD, 'cannot fetch upstream uri for favicon and label');

    // fixup upstreamUri to match the redirect
    if (response.redirects && response.redirects.length) {
        debug(`detectMetaInfo: found redirect from ${applink.upstreamUri} to ${response.redirects[0]}`);
        applink.upstreamUri = response.redirects[0];
    }

    if (applink.favicon && applink.label) return;

    const dom = new jsdom.JSDOM(response.text);
    if (!applink.icon) {
        let favicon = '';
        if (dom.window.document.querySelector('link[rel="apple-touch-icon"]')) favicon = dom.window.document.querySelector('link[rel="apple-touch-icon"]').href ;
        if (!favicon.endsWith('.png') && dom.window.document.querySelector('meta[name="msapplication-TileImage"]')) favicon = dom.window.document.querySelector('meta[name="msapplication-TileImage"]').content ;
        if (!favicon.endsWith('.png') && dom.window.document.querySelector('link[rel="shortcut icon"]')) favicon = dom.window.document.querySelector('link[rel="shortcut icon"]').href ;
        if (!favicon.endsWith('.png') && dom.window.document.querySelector('link[rel="icon"]')) favicon = dom.window.document.querySelector('link[rel="icon"]').href ;
        if (!favicon.endsWith('.png') && dom.window.document.querySelector('meta[itemprop="image"]')) favicon = dom.window.document.querySelector('meta[itemprop="image"]').content;

        if (favicon) {
            if (favicon.startsWith('/')) favicon = applink.upstreamUri + favicon;

            const [error, response] = await safe(superagent.get(favicon));
            if (error) console.error(`Failed to fetch icon ${favicon}: `, error);
            else if (response.ok && response.headers['content-type'] === 'image/png') applink.icon = response.body;
            else console.error(`Failed to fetch icon ${favicon}: statusCode=${response.status}`);
        } else {
            console.error(`Unable to find a suitable icon for ${applink.upstreamUri}`);
        }
    }

    if (!applink.label) {
        if (dom.window.document.querySelector('meta[property="og:title"]')) applink.label = dom.window.document.querySelector('meta[property="og:title"]').content;
        else if (dom.window.document.querySelector('meta[property="og:site_name"]')) applink.label = dom.window.document.querySelector('meta[property="og:site_name"]').content;
        else if (dom.window.document.title) applink.label = dom.window.document.title;
    }
}

async function add(applink) {
    assert.strictEqual(typeof applink, 'object');
    assert.strictEqual(typeof applink.upstreamUri, 'string');

    debug(`add: ${applink.upstreamUri}`, applink);

    if (applink.icon) {
        if (!validator.isBase64(applink.icon)) throw new BoxError(BoxError.BAD_FIELD, 'icon is not base64');
        applink.icon = Buffer.from(applink.icon, 'base64');
    }

    await detectMetaInfo(applink);

    const data = {
        id: uuid.v4(),
        accessRestrictionJson: applink.accessRestriction ? JSON.stringify(applink.accessRestriction) : null,
        label: applink.label || '',
        tagsJson: applink.tags ? JSON.stringify(applink.tags) : null,
        icon: applink.icon || null,
        upstreamUri: applink.upstreamUri
    };

    const query = 'INSERT INTO applinks (id, accessRestrictionJson, label, tagsJson, icon, upstreamUri) VALUES (?, ?, ?, ?, ?, ?)';
    const args = [ data.id, data.accessRestrictionJson, data.label, data.tagsJson, data.icon, data.upstreamUri ];

    const [error] = await safe(database.query(query, args));
    if (error) throw error;

    return data.id;
}

async function get(applinkId) {
    assert.strictEqual(typeof applinkId, 'string');

    const result = await database.query(`SELECT ${APPLINKS_FIELDS} FROM applinks WHERE id = ?`, [ applinkId ]);
    if (result.length === 0) throw new BoxError(BoxError.NOT_FOUND, 'Applink not found');

    postProcess(result[0]);

    return result[0];
}

async function update(applinkId, applink) {
    assert.strictEqual(typeof applinkId, 'string');
    assert.strictEqual(typeof applink, 'object');
    assert.strictEqual(typeof applink.upstreamUri, 'string');

    if (applink.icon) {
        if (!validator.isBase64(applink.icon)) throw new BoxError(BoxError.BAD_FIELD, 'icon is not base64');
        applink.icon = Buffer.from(applink.icon, 'base64');
    }

    await detectMetaInfo(applink);

    const query = 'UPDATE applinks SET label=?, icon=?, upstreamUri=?, tagsJson=?, accessRestrictionJson=? WHERE id = ?';
    const args = [ applink.label, applink.icon || null, applink.upstreamUri, applink.tags ? JSON.stringify(applink.tags) : null, applink.accessRestriction ? JSON.stringify(applink.accessRestriction) : null, applinkId ];

    const result = await database.query(query, args);
    if (result.affectedRows !== 1) throw new BoxError(BoxError.NOT_FOUND, 'Applink not found');
}

async function remove(applinkId) {
    assert.strictEqual(typeof applinkId, 'string');

    const result = await database.query('DELETE FROM applinks WHERE id = ?', [ applinkId ]);
    if (result.affectedRows !== 1) throw new BoxError(BoxError.NOT_FOUND, 'Applink not found');
}

async function getIcon(applinkId) {
    assert.strictEqual(typeof applinkId, 'string');

    const applink = await get(applinkId);

    return applink.icon;
}
Add initial applink support 2022-07-06 19:15:59 +02:00			`'use strict';`

			`exports = module.exports = {`
			`list,`
Only list applinks a user has access to 2022-07-08 15:14:48 +02:00			`listByUser,`
Add initial applink support 2022-07-06 19:15:59 +02:00			`add,`
			`get,`
			`update,`
Better applink icon support 2022-07-07 14:11:14 +02:00			`remove,`
			`getIcon`
Add initial applink support 2022-07-06 19:15:59 +02:00			`};`

			`const assert = require('assert'),`
Only list applinks a user has access to 2022-07-08 15:14:48 +02:00			`apps = require('./apps.js'),`
Add initial applink support 2022-07-06 19:15:59 +02:00			`BoxError = require('./boxerror.js'),`
lint 2022-10-06 11:22:45 +02:00			`database = require('./database.js'),`
			`debug = require('debug')('box:applinks'),`
			`jsdom = require('jsdom'),`
Add initial applink support 2022-07-06 19:15:59 +02:00			`safe = require('safetydance'),`
Attempt to fetch applink icon and label from page 2022-07-07 12:36:53 +02:00			`superagent = require('superagent'),`
lint 2022-10-06 11:22:45 +02:00			`uuid = require('uuid'),`
			`validator = require('validator');`
Add initial applink support 2022-07-06 19:15:59 +02:00
			`const APPLINKS_FIELDS= [ 'id', 'accessRestrictionJson', 'creationTime', 'updateTime', 'ts', 'label', 'tagsJson', 'icon', 'upstreamUri' ].join(',');`

			`function postProcess(result) {`
			`assert.strictEqual(typeof result, 'object');`

			`assert(result.tagsJson === null \|\| typeof result.tagsJson === 'string');`
			`result.tags = safe.JSON.parse(result.tagsJson) \|\| [];`
			`delete result.tagsJson;`

			`assert(result.accessRestrictionJson === null \|\| typeof result.accessRestrictionJson === 'string');`
			`result.accessRestriction = safe.JSON.parse(result.accessRestrictionJson);`
			`if (result.accessRestriction && !result.accessRestriction.users) result.accessRestriction.users = [];`
			`delete result.accessRestrictionJson;`

Convert applink ts to timestamp 2022-09-28 14:59:30 +02:00			`result.ts = new Date(result.ts).getTime();`

Better applink icon support 2022-07-07 14:11:14 +02:00			`result.icon = result.icon ? result.icon : null;`
Add initial applink support 2022-07-06 19:15:59 +02:00			`}`

			`async function list() {`
			const results = await database.query(`SELECT ${APPLINKS_FIELDS} FROM applinks ORDER BY upstreamUri`);

			`results.forEach(postProcess);`

			`return results;`
			`}`

Only list applinks a user has access to 2022-07-08 15:14:48 +02:00			`async function listByUser(user) {`
			`assert.strictEqual(typeof user, 'object');`

			`const result = await list();`
			`return result.filter((app) => apps.canAccess(app, user));`
			`}`

Some tweaks for better app link detection logic 2022-09-28 14:23:45 +02:00			`async function detectMetaInfo(applink) {`
Add initial applink support 2022-07-06 19:15:59 +02:00			`assert.strictEqual(typeof applink, 'object');`

Support applink update 2022-07-07 16:41:25 +02:00			`const [error, response] = await safe(superagent.get(applink.upstreamUri));`
improve applink businesslogic tests and fixup api 2022-09-19 20:59:48 +02:00			`if (error \|\| !response.text) throw new BoxError(BoxError.BAD_FIELD, 'cannot fetch upstream uri for favicon and label');`
Add initial applink support 2022-07-06 19:15:59 +02:00
Some tweaks for better app link detection logic 2022-09-28 14:23:45 +02:00			`// fixup upstreamUri to match the redirect`
			`if (response.redirects && response.redirects.length) {`
			debug(`detectMetaInfo: found redirect from ${applink.upstreamUri} to ${response.redirects[0]}`);
			`applink.upstreamUri = response.redirects[0];`
			`}`

			`if (applink.favicon && applink.label) return;`

Support applink update 2022-07-07 16:41:25 +02:00			`const dom = new jsdom.JSDOM(response.text);`
Attempt to fetch applink icon and label from page 2022-07-07 12:36:53 +02:00			`if (!applink.icon) {`
Improve applink meta info detection 2022-07-07 18:19:53 +02:00			`let favicon = '';`
			`if (dom.window.document.querySelector('link[rel="apple-touch-icon"]')) favicon = dom.window.document.querySelector('link[rel="apple-touch-icon"]').href ;`
Some tweaks for better app link detection logic 2022-09-28 14:23:45 +02:00			`if (!favicon.endsWith('.png') && dom.window.document.querySelector('meta[name="msapplication-TileImage"]')) favicon = dom.window.document.querySelector('meta[name="msapplication-TileImage"]').content ;`
			`if (!favicon.endsWith('.png') && dom.window.document.querySelector('link[rel="shortcut icon"]')) favicon = dom.window.document.querySelector('link[rel="shortcut icon"]').href ;`
			`if (!favicon.endsWith('.png') && dom.window.document.querySelector('link[rel="icon"]')) favicon = dom.window.document.querySelector('link[rel="icon"]').href ;`
			`if (!favicon.endsWith('.png') && dom.window.document.querySelector('meta[itemprop="image"]')) favicon = dom.window.document.querySelector('meta[itemprop="image"]').content;`
Attempt to fetch applink icon and label from page 2022-07-07 12:36:53 +02:00
Improve applink meta info detection 2022-07-07 18:19:53 +02:00			`if (favicon) {`
			`if (favicon.startsWith('/')) favicon = applink.upstreamUri + favicon;`

			`const [error, response] = await safe(superagent.get(favicon));`
			if (error) console.error(`Failed to fetch icon ${favicon}: `, error);
			`else if (response.ok && response.headers['content-type'] === 'image/png') applink.icon = response.body;`
			else console.error(`Failed to fetch icon ${favicon}: statusCode=${response.status}`);
Some tweaks for better app link detection logic 2022-09-28 14:23:45 +02:00			`} else {`
			console.error(`Unable to find a suitable icon for ${applink.upstreamUri}`);
Attempt to fetch applink icon and label from page 2022-07-07 12:36:53 +02:00			`}`
Support applink update 2022-07-07 16:41:25 +02:00			`}`
Attempt to fetch applink icon and label from page 2022-07-07 12:36:53 +02:00
Improve applink meta info detection 2022-07-07 18:19:53 +02:00			`if (!applink.label) {`
			`if (dom.window.document.querySelector('meta[property="og:title"]')) applink.label = dom.window.document.querySelector('meta[property="og:title"]').content;`
			`else if (dom.window.document.querySelector('meta[property="og:site_name"]')) applink.label = dom.window.document.querySelector('meta[property="og:site_name"]').content;`
			`else if (dom.window.document.title) applink.label = dom.window.document.title;`
Attempt to fetch applink icon and label from page 2022-07-07 12:36:53 +02:00			`}`
Support applink update 2022-07-07 16:41:25 +02:00			`}`

			`async function add(applink) {`
			`assert.strictEqual(typeof applink, 'object');`
			`assert.strictEqual(typeof applink.upstreamUri, 'string');`

			debug(`add: ${applink.upstreamUri}`, applink);

improve applink businesslogic tests and fixup api 2022-09-19 20:59:48 +02:00			`if (applink.icon) {`
			`if (!validator.isBase64(applink.icon)) throw new BoxError(BoxError.BAD_FIELD, 'icon is not base64');`
			`applink.icon = Buffer.from(applink.icon, 'base64');`
			`}`

Some tweaks for better app link detection logic 2022-09-28 14:23:45 +02:00			`await detectMetaInfo(applink);`
Add initial applink support 2022-07-06 19:15:59 +02:00
			`const data = {`
			`id: uuid.v4(),`
			`accessRestrictionJson: applink.accessRestriction ? JSON.stringify(applink.accessRestriction) : null,`
			`label: applink.label \|\| '',`
			`tagsJson: applink.tags ? JSON.stringify(applink.tags) : null,`
			`icon: applink.icon \|\| null,`
			`upstreamUri: applink.upstreamUri`
			`};`

			`const query = 'INSERT INTO applinks (id, accessRestrictionJson, label, tagsJson, icon, upstreamUri) VALUES (?, ?, ?, ?, ?, ?)';`
			`const args = [ data.id, data.accessRestrictionJson, data.label, data.tagsJson, data.icon, data.upstreamUri ];`

			`const [error] = await safe(database.query(query, args));`
			`if (error) throw error;`

			`return data.id;`
			`}`

			`async function get(applinkId) {`
			`assert.strictEqual(typeof applinkId, 'string');`

			const result = await database.query(`SELECT ${APPLINKS_FIELDS} FROM applinks WHERE id = ?`, [ applinkId ]);
			`if (result.length === 0) throw new BoxError(BoxError.NOT_FOUND, 'Applink not found');`

			`postProcess(result[0]);`

			`return result[0];`
			`}`

			`async function update(applinkId, applink) {`
			`assert.strictEqual(typeof applinkId, 'string');`
			`assert.strictEqual(typeof applink, 'object');`
			`assert.strictEqual(typeof applink.upstreamUri, 'string');`

Ensure we don't put empty applink icon buffers in db 2022-09-28 15:10:17 +02:00			`if (applink.icon) {`
			`if (!validator.isBase64(applink.icon)) throw new BoxError(BoxError.BAD_FIELD, 'icon is not base64');`
			`applink.icon = Buffer.from(applink.icon, 'base64');`
applinks icon improvements 2022-07-08 17:47:53 +02:00			`}`

Some tweaks for better app link detection logic 2022-09-28 14:23:45 +02:00			`await detectMetaInfo(applink);`
Support applink update 2022-07-07 16:41:25 +02:00
Support accessRestriction for visibility of applinks 2022-07-07 19:44:59 +02:00			`const query = 'UPDATE applinks SET label=?, icon=?, upstreamUri=?, tagsJson=?, accessRestrictionJson=? WHERE id = ?';`
Ensure we don't put empty applink icon buffers in db 2022-09-28 15:10:17 +02:00			`const args = [ applink.label, applink.icon \|\| null, applink.upstreamUri, applink.tags ? JSON.stringify(applink.tags) : null, applink.accessRestriction ? JSON.stringify(applink.accessRestriction) : null, applinkId ];`
Support applink update 2022-07-07 16:41:25 +02:00
			`const result = await database.query(query, args);`
			`if (result.affectedRows !== 1) throw new BoxError(BoxError.NOT_FOUND, 'Applink not found');`
Add initial applink support 2022-07-06 19:15:59 +02:00			`}`

			`async function remove(applinkId) {`
			`assert.strictEqual(typeof applinkId, 'string');`

lint 2022-10-06 11:22:45 +02:00			`const result = await database.query('DELETE FROM applinks WHERE id = ?', [ applinkId ]);`
Add initial applink support 2022-07-06 19:15:59 +02:00			`if (result.affectedRows !== 1) throw new BoxError(BoxError.NOT_FOUND, 'Applink not found');`
			`}`
Better applink icon support 2022-07-07 14:11:14 +02:00
			`async function getIcon(applinkId) {`
			`assert.strictEqual(typeof applinkId, 'string');`

			`const applink = await get(applinkId);`

			`return applink.icon;`
			`}`