mindoc/controllers/DocumentController.go

package controllers

import (
	"context"
	"encoding/json"
	"fmt"
	"html/template"
	"image/png"
	"net/http"
	"net/url"
	"os"
	"path/filepath"
	"regexp"
	"strconv"
	"strings"
	"time"

	"github.com/beego/beego/v2/client/orm"
	"github.com/beego/beego/v2/core/logs"
	"github.com/beego/beego/v2/server/web"
	"github.com/beego/i18n"
	"github.com/boombuler/barcode"
	"github.com/boombuler/barcode/qr"
	"github.com/mindoc-org/mindoc/conf"
	"github.com/mindoc-org/mindoc/models"
	"github.com/mindoc-org/mindoc/utils"
	"github.com/mindoc-org/mindoc/utils/cryptil"
	"github.com/mindoc-org/mindoc/utils/filetil"
	"github.com/mindoc-org/mindoc/utils/gopool"
	"github.com/mindoc-org/mindoc/utils/pagination"
	"github.com/russross/blackfriday/v2"
)

// DocumentController struct
type DocumentController struct {
	BaseController
}

// 文档首页
func (c *DocumentController) Index() {
	c.Prepare()

	identify := c.Ctx.Input.Param(":key")
	token := c.GetString("token")

	if identify == "" {
		c.ShowErrorPage(404, i18n.Tr(c.Lang, "message.item_not_exist"))
	}

	// 如果没有开启匿名访问则跳转到登录
	if !c.EnableAnonymous && !c.isUserLoggedIn() {
		promptUserToLogIn(c)
		return
	}

	bookResult := c.isReadable(identify, token)

	c.TplName = "document/" + bookResult.Theme + "_read.tpl"

	selected := 0

	if bookResult.IsUseFirstDocument {
		doc, err := bookResult.FindFirstDocumentByBookId(bookResult.BookId)
		if err == nil {
			selected = doc.DocumentId
			c.Data["Title"] = doc.DocumentName
			c.Data["Content"] = template.HTML(doc.Release)
			c.Data["Description"] = utils.AutoSummary(doc.Release, 120)
			c.Data["FoldSetting"] = "first"

			if bookResult.Editor == EditorCherryMarkdown {
				c.Data["MarkdownTheme"] = doc.MarkdownTheme
			}

			if bookResult.IsDisplayComment {
				// 获取评论、分页
				comments, count, _ := models.NewComment().QueryCommentByDocumentId(doc.DocumentId, 1, conf.PageSize, c.Member)
				page := pagination.PageUtil(int(count), 1, conf.PageSize, comments)
				c.Data["Page"] = page
			}
		}
	} else {
		c.Data["Title"] = i18n.Tr(c.Lang, "blog.summary")
		c.Data["Content"] = template.HTML(blackfriday.Run([]byte(bookResult.Description)))
		c.Data["FoldSetting"] = "closed"
	}

	tree, err := models.NewDocument().CreateDocumentTreeForHtml(bookResult.BookId, selected)

	if err != nil {
		if err == orm.ErrNoRows {
			c.ShowErrorPage(404, i18n.Tr(c.Lang, "message.no_doc_in_cur_proj"))
		} else {
			logs.Error("生成项目文档树时出错 -> ", err)
			c.ShowErrorPage(500, i18n.Tr(c.Lang, "message.build_doc_tree_error"))
		}
	}
	c.Data["IS_DOCUMENT_INDEX"] = true
	c.Data["Model"] = bookResult
	c.Data["Result"] = template.HTML(tree)

}

// CheckPassword : Handles password verification for private documents,
// and front-end requests are made through Ajax.
func (c *DocumentController) CheckPassword() {
	identify := c.Ctx.Input.Param(":key")
	password := c.GetString("bPassword")

	if identify == "" || password == "" {
		c.JsonResult(http.StatusBadRequest, i18n.Tr(c.Lang, "message.param_error"))
	}

	// You have not logged in and need to log in again.
	if !c.EnableAnonymous && !c.isUserLoggedIn() {
		logs.Info("You have not logged in and need to log in again(SessionId: %s).",
			c.CruSession.SessionID(context.TODO()))
		c.JsonResult(6000, i18n.Tr(c.Lang, "message.need_relogin"))
		return
	}

	book, err := models.NewBook().FindByFieldFirst("identify", identify)

	if err != nil {
		logs.Error(err)
		c.JsonResult(500, i18n.Tr(c.Lang, "message.item_not_exist"))
	}

	if book.BookPassword != password {
		c.JsonResult(5001, i18n.Tr(c.Lang, "message.wrong_password"))
	} else {
		c.SetSession(identify, password)
		c.JsonResult(0, "OK")
	}
}

// 阅读文档
func (c *DocumentController) Read() {
	identify := c.Ctx.Input.Param(":key")
	token := c.GetString("token")
	id := c.GetString(":id")

	if identify == "" || id == "" {
		c.ShowErrorPage(404, i18n.Tr(c.Lang, "message.item_not_exist"))
	}

	// 如果没有开启匿名访问则跳转到登录
	if !c.EnableAnonymous && !c.isUserLoggedIn() {
		promptUserToLogIn(c)
		return
	}

	bookResult := c.isReadable(identify, token)

	c.TplName = fmt.Sprintf("document/%s_read.tpl", bookResult.Theme)

	doc := models.NewDocument()
	if docId, err := strconv.Atoi(id); err == nil {
		doc, err = doc.FromCacheById(docId)
		if err != nil || doc == nil {
			logs.Error("从缓存中读取文档时失败 ->", err)
			c.ShowErrorPage(404, i18n.Tr(c.Lang, "message.doc_not_exist"))
			return
		}
	} else {
		doc, err = doc.FromCacheByIdentify(id, bookResult.BookId)
		if err != nil || doc == nil {
			if err == orm.ErrNoRows {
				c.ShowErrorPage(404, i18n.Tr(c.Lang, "message.doc_not_exist"))
			} else {
				logs.Error("从数据库查询文档时出错 ->", err)
				c.ShowErrorPage(500, i18n.Tr(c.Lang, "message.unknown_exception"))
			}
			return
		}
	}

	if doc.BookId != bookResult.BookId {
		c.ShowErrorPage(404, i18n.Tr(c.Lang, "message.doc_not_exist"))
	}
	doc.Lang = c.Lang
	doc.Processor()

	attach, err := models.NewAttachment().FindListByDocumentId(doc.DocumentId)
	if err == nil {
		doc.AttachList = attach
	}

	doc.IncrViewCount(doc.DocumentId)
	doc.ViewCount = doc.ViewCount + 1
	doc.PutToCache()

	if c.IsAjax() {
		var data struct {
			DocId         int    `json:"doc_id"`
			DocIdentify   string `json:"doc_identify"`
			DocTitle      string `json:"doc_title"`
			Body          string `json:"body"`
			Title         string `json:"title"`
			Version       int64  `json:"version"`
			ViewCount     int    `json:"view_count"`
			MarkdownTheme string `json:"markdown_theme"`
			IsMarkdown    bool   `json:"is_markdown"`
		}
		data.DocId = doc.DocumentId
		data.DocIdentify = doc.Identify
		data.DocTitle = doc.DocumentName
		data.Body = doc.Release
		data.Title = doc.DocumentName + " - Powered by MinDoc"
		data.Version = doc.Version
		data.ViewCount = doc.ViewCount
		data.MarkdownTheme = doc.MarkdownTheme
		if bookResult.Editor == EditorCherryMarkdown {
			data.IsMarkdown = true
		}
		c.JsonResult(0, "ok", data)
	} else {
		c.Data["DocumentId"] = doc.DocumentId
		c.Data["DocIdentify"] = doc.Identify
		if bookResult.IsDisplayComment {
			// 获取评论、分页
			comments, count, _ := models.NewComment().QueryCommentByDocumentId(doc.DocumentId, 1, conf.PageSize, c.Member)
			page := pagination.PageUtil(int(count), 1, conf.PageSize, comments)
			c.Data["Page"] = page
		}
	}

	tree, err := models.NewDocument().CreateDocumentTreeForHtml(bookResult.BookId, doc.DocumentId)

	if err != nil && err != orm.ErrNoRows {
		logs.Error("生成项目文档树时出错 ->", err)

		c.ShowErrorPage(500, i18n.Tr(c.Lang, "message.build_doc_tree_error"))
	}

	c.Data["Description"] = utils.AutoSummary(doc.Release, 120)

	c.Data["Model"] = bookResult
	c.Data["Result"] = template.HTML(tree)
	c.Data["Title"] = doc.DocumentName
	c.Data["Content"] = template.HTML(doc.Release)
	c.Data["ViewCount"] = doc.ViewCount
	c.Data["FoldSetting"] = "closed"
	if bookResult.Editor == EditorCherryMarkdown {
		c.Data["MarkdownTheme"] = doc.MarkdownTheme
	}
	if doc.IsOpen == 1 {
		c.Data["FoldSetting"] = "open"
	} else if doc.IsOpen == 2 {
		c.Data["FoldSetting"] = "empty"
	}
}

// 编辑文档
func (c *DocumentController) Edit() {
	c.Prepare()

	identify := c.Ctx.Input.Param(":key")
	if identify == "" {
		c.ShowErrorPage(404, i18n.Tr(c.Lang, "message.project_id_error"))
	}

	bookResult := models.NewBookResult()

	var err error
	// 如果是管理者，则不判断权限
	if c.Member.IsAdministrator() {
		book, err := models.NewBook().FindByFieldFirst("identify", identify)
		if err != nil {
			c.JsonResult(6002, i18n.Tr(c.Lang, "message.item_not_exist_or_no_permit"))
		}

		bookResult = models.NewBookResult().ToBookResult(*book)
	} else {
		bookResult, err = models.NewBookResult().FindByIdentify(identify, c.Member.MemberId)

		if err != nil {
			if err == orm.ErrNoRows || err == models.ErrPermissionDenied {
				c.ShowErrorPage(403, i18n.Tr(c.Lang, "message.item_not_exist_or_no_permit"))
			} else {
				logs.Error("查询项目时出错 -> ", err)
				c.ShowErrorPage(500, i18n.Tr(c.Lang, "message.system_error"))
			}
			return
		}
		if bookResult.RoleId == conf.BookObserver {
			c.JsonResult(6002, i18n.Tr(c.Lang, "message.item_not_exist_or_no_permit"))
		}
	}

	c.TplName = fmt.Sprintf("document/%s_edit_template.tpl", bookResult.Editor)

	c.Data["Model"] = bookResult

	r, _ := json.Marshal(bookResult)

	c.Data["ModelResult"] = template.JS(string(r))

	c.Data["Result"] = template.JS("[]")

	trees, err := models.NewDocument().FindDocumentTree(bookResult.BookId)

	if err != nil {
		logs.Error("FindDocumentTree => ", err)
	} else {
		if len(trees) > 0 {
			if jtree, err := json.Marshal(trees); err == nil {
				c.Data["Result"] = template.JS(string(jtree))
			}
		} else {
			c.Data["Result"] = template.JS("[]")
		}
	}

	c.Data["BaiDuMapKey"] = web.AppConfig.DefaultString("baidumapkey", "")

	if conf.GetUploadFileSize() > 0 {
		c.Data["UploadFileSize"] = conf.GetUploadFileSize()
	} else {
		c.Data["UploadFileSize"] = "undefined"
	}
}

// 创建一个文档
func (c *DocumentController) Create() {
	identify := c.GetString("identify")
	docIdentify := c.GetString("doc_identify")
	docName := c.GetString("doc_name")
	parentId, _ := c.GetInt("parent_id", 0)
	docId, _ := c.GetInt("doc_id", 0)
	isOpen, _ := c.GetInt("is_open", 0)

	if identify == "" {
		c.JsonResult(6001, i18n.Tr(c.Lang, "message.param_error"))
	}

	if docName == "" {
		c.JsonResult(6004, i18n.Tr(c.Lang, "message.doc_name_empty"))
	}

	bookId := 0

	// 如果是超级管理员则不判断权限
	if c.Member.IsAdministrator() {
		book, err := models.NewBook().FindByFieldFirst("identify", identify)
		if err != nil {
			logs.Error(err)
			c.JsonResult(6002, i18n.Tr(c.Lang, "message.item_not_existed_or_no_permit"))
		}

		bookId = book.BookId
	} else {
		bookResult, err := models.NewBookResult().FindByIdentify(identify, c.Member.MemberId)

		if err != nil || bookResult.RoleId == conf.BookObserver {
			logs.Error("FindByIdentify => ", err)
			c.JsonResult(6002, i18n.Tr(c.Lang, "message.item_not_existed_or_no_permit"))
		}

		bookId = bookResult.BookId
	}

	if docIdentify != "" {
		if ok, err := regexp.MatchString(`[a-z]+[a-zA-Z0-9_.\-]*$`, docIdentify); !ok || err != nil {
			c.JsonResult(6003, i18n.Tr(c.Lang, "message.project_id_tips"))
		}

		d, _ := models.NewDocument().FindByIdentityFirst(docIdentify, bookId)
		if d.DocumentId > 0 && d.DocumentId != docId {
			c.JsonResult(6006, i18n.Tr(c.Lang, "message.project_id_existed"))
		}
	}
	if parentId > 0 {
		doc, err := models.NewDocument().Find(parentId)
		if err != nil || doc.BookId != bookId {
			c.JsonResult(6003, i18n.Tr(c.Lang, "message.parent_id_not_existed"))
		}
	}

	document, _ := models.NewDocument().Find(docId)

	document.MemberId = c.Member.MemberId
	document.BookId = bookId

	document.Identify = docIdentify

	document.Version = time.Now().Unix()
	document.DocumentName = docName
	document.ParentId = parentId

	if isOpen == 1 {
		document.IsOpen = 1
	} else if isOpen == 2 {
		document.IsOpen = 2
	} else {
		document.IsOpen = 0
	}

	if err := document.InsertOrUpdate(); err != nil {
		logs.Error("添加或更新文档时出错 -> ", err)
		c.JsonResult(6005, i18n.Tr(c.Lang, "message.failed"))
	} else {
		c.JsonResult(0, "ok", document)
	}
}

// 上传附件或图片
func (c *DocumentController) Upload() {
	identify := c.GetString("identify")
	docId, _ := c.GetInt("doc_id")
	isAttach := true

	if identify == "" {
		c.JsonResult(6001, i18n.Tr(c.Lang, "message.param_error"))
	}

	name := "editormd-file-file"

	file, moreFile, err := c.GetFile(name)
	if err == http.ErrMissingFile || moreFile == nil {
		name = "editormd-image-file"
		file, moreFile, err = c.GetFile(name)
		if err == http.ErrMissingFile || moreFile == nil {
			c.JsonResult(6003, i18n.Tr(c.Lang, "message.upload_file_empty"))
			return
		}
	}

	if err != nil {
		c.JsonResult(6002, err.Error())
	}

	defer file.Close()

	type Size interface {
		Size() int64
	}

	if conf.GetUploadFileSize() > 0 && moreFile.Size > conf.GetUploadFileSize() {
		c.JsonResult(6009, i18n.Tr(c.Lang, "message.upload_file_size_limit"))
	}

	ext := filepath.Ext(moreFile.Filename)
	//文件必须带有后缀名
	if ext == "" {
		c.JsonResult(6003, i18n.Tr(c.Lang, "message.upload_file_type_error"))
	}
	//如果文件类型设置为 * 标识不限制文件类型
	if conf.IsAllowUploadFileExt(ext) == false {
		c.JsonResult(6004, i18n.Tr(c.Lang, "message.upload_file_type_error"))
	}

	bookId := 0

	// 如果是超级管理员，则不判断权限
	if c.Member.IsAdministrator() {
		book, err := models.NewBook().FindByFieldFirst("identify", identify)

		if err != nil {
			c.JsonResult(6006, i18n.Tr(c.Lang, "message.doc_not_exist_or_no_permit"))
		}

		bookId = book.BookId
	} else {
		book, err := models.NewBookResult().FindByIdentify(identify, c.Member.MemberId)

		if err != nil {
			logs.Error("DocumentController.Edit => ", err)
			if err == orm.ErrNoRows {
				c.JsonResult(6006, i18n.Tr(c.Lang, "message.no_permission"))
			}

			c.JsonResult(6001, err.Error())
		}

		// 如果没有编辑权限
		if book.RoleId != conf.BookEditor && book.RoleId != conf.BookAdmin && book.RoleId != conf.BookFounder {
			c.JsonResult(6006, i18n.Tr(c.Lang, "message.no_permission"))
		}

		bookId = book.BookId
	}

	if docId > 0 {
		doc, err := models.NewDocument().Find(docId)
		if err != nil {
			c.JsonResult(6007, i18n.Tr(c.Lang, "message.doc_not_exist"))
		}

		if doc.BookId != bookId {
			c.JsonResult(6008, i18n.Tr(c.Lang, "message.doc_not_belong_project"))
		}
	}

	fileName := "m_" + cryptil.UniqueId() + "_r"
	filePath := filepath.Join(conf.WorkingDirectory, "uploads", identify)

	//将图片和文件分开存放
	if filetil.IsImageExt(moreFile.Filename) {
		filePath = filepath.Join(filePath, "images", fileName+ext)
	} else {
		filePath = filepath.Join(filePath, "files", fileName+ext)
	}

	path := filepath.Dir(filePath)

	_ = os.MkdirAll(path, os.ModePerm)

	err = c.SaveToFile(name, filePath)

	if err != nil {
		logs.Error("保存文件失败 -> ", err)
		c.JsonResult(6005, i18n.Tr(c.Lang, "message.failed"))
	}

	attachment := models.NewAttachment()
	attachment.BookId = bookId
	attachment.FileName = moreFile.Filename
	attachment.CreateAt = c.Member.MemberId
	attachment.FileExt = ext
	attachment.FilePath = strings.TrimPrefix(filePath, conf.WorkingDirectory)
	attachment.DocumentId = docId

	if fileInfo, err := os.Stat(filePath); err == nil {
		attachment.FileSize = float64(fileInfo.Size())
	}

	if docId > 0 {
		attachment.DocumentId = docId
	}

	if filetil.IsImageExt(moreFile.Filename) {
		attachment.HttpPath = "/" + strings.Replace(strings.TrimPrefix(filePath, conf.WorkingDirectory), "\\", "/", -1)
		if strings.HasPrefix(attachment.HttpPath, "//") {
			attachment.HttpPath = conf.URLForWithCdnImage(string(attachment.HttpPath[1:]))
		}

		isAttach = false
	}

	err = attachment.Insert()

	if err != nil {
		os.Remove(filePath)
		logs.Error("文件保存失败 ->", err)
		c.JsonResult(6006, i18n.Tr(c.Lang, "message.failed"))
	}

	if attachment.HttpPath == "" {
		attachment.HttpPath = conf.URLForNotHost("DocumentController.DownloadAttachment", ":key", identify, ":attach_id", attachment.AttachmentId)

		if err := attachment.Update(); err != nil {
			logs.Error("保存文件失败 ->", err)
			c.JsonResult(6005, i18n.Tr(c.Lang, "message.failed"))
		}
	}

	result := map[string]interface{}{
		"errcode":   0,
		"success":   1,
		"message":   "ok",
		"url":       attachment.HttpPath,
		"alt":       attachment.FileName,
		"is_attach": isAttach,
		"attach":    attachment,
	}

	c.Ctx.Output.JSON(result, true, false)
	c.StopRun()
}

// 下载附件
func (c *DocumentController) DownloadAttachment() {
	c.Prepare()

	identify := c.Ctx.Input.Param(":key")
	attachId, _ := strconv.Atoi(c.Ctx.Input.Param(":attach_id"))
	token := c.GetString("token")

	memberId := 0

	if c.Member != nil {
		memberId = c.Member.MemberId
	}

	bookId := 0

	// 判断用户是否参与了项目
	bookResult, err := models.NewBookResult().FindByIdentify(identify, memberId)

	if err != nil {
		// 判断项目公开状态
		book, err := models.NewBook().FindByFieldFirst("identify", identify)
		if err != nil {
			if err == orm.ErrNoRows {
				c.ShowErrorPage(404, i18n.Tr(c.Lang, "message.item_not_exist"))
			} else {
				logs.Error("查找项目时出错 ->", err)
				c.ShowErrorPage(500, i18n.Tr(c.Lang, "message.system_error"))
			}
		}

		// 如果不是超级管理员则判断权限
		if c.Member == nil || c.Member.Role != conf.MemberSuperRole {
			// 如果项目是私有的，并且 token 不正确
			if (book.PrivatelyOwned == 1 && token == "") || (book.PrivatelyOwned == 1 && book.PrivateToken != token) {
				c.ShowErrorPage(403, i18n.Tr(c.Lang, "message.no_permission"))
			}
		}

		bookId = book.BookId
	} else {
		bookId = bookResult.BookId
	}

	// 查找附件
	attachment, err := models.NewAttachment().Find(attachId)

	if err != nil {
		logs.Error("查找附件时出错 -> ", err)
		if err == orm.ErrNoRows {
			c.ShowErrorPage(404, i18n.Tr(c.Lang, "message.attachment_not_exist"))
		} else {
			c.ShowErrorPage(500, i18n.Tr(c.Lang, "message.system_error"))
		}
	}

	if attachment.BookId != bookId {
		c.ShowErrorPage(404, i18n.Tr(c.Lang, "message.attachment_not_exist"))
	}

	c.Ctx.Output.Download(filepath.Join(conf.WorkingDirectory, attachment.FilePath), attachment.FileName)
	c.StopRun()
}

// 删除附件
func (c *DocumentController) RemoveAttachment() {
	c.Prepare()
	attachId, _ := c.GetInt("attach_id")

	if attachId <= 0 {
		c.JsonResult(6001, i18n.Tr(c.Lang, "message.param_error"))
	}

	attach, err := models.NewAttachment().Find(attachId)

	if err != nil {
		logs.Error(err)
		c.JsonResult(6002, i18n.Tr(c.Lang, "message.attachment_not_exist"))
	}

	document, err := models.NewDocument().Find(attach.DocumentId)

	if err != nil {
		logs.Error(err)
		c.JsonResult(6003, i18n.Tr(c.Lang, "message.doc_not_exist"))
	}

	if c.Member.Role != conf.MemberSuperRole {
		rel, err := models.NewRelationship().FindByBookIdAndMemberId(document.BookId, c.Member.MemberId)
		if err != nil {
			logs.Error(err)
			c.JsonResult(6004, i18n.Tr(c.Lang, "message.no_permission"))
		}

		if rel.RoleId == conf.BookObserver {
			c.JsonResult(6004, i18n.Tr(c.Lang, "message.no_permission"))
		}
	}

	err = attach.Delete()
	if err != nil {
		logs.Error(err)
		c.JsonResult(6005, i18n.Tr(c.Lang, "message.failed"))
	}

	os.Remove(filepath.Join(conf.WorkingDirectory, attach.FilePath))

	c.JsonResult(0, "ok", attach)
}

// 删除文档
func (c *DocumentController) Delete() {
	c.Prepare()

	identify := c.GetString("identify")
	docId, err := c.GetInt("doc_id", 0)

	bookId := 0

	// 如果是超级管理员则忽略权限判断
	if c.Member.IsAdministrator() {
		book, err := models.NewBook().FindByFieldFirst("identify", identify)
		if err != nil {
			logs.Error("FindByIdentify => ", err)
			c.JsonResult(6002, i18n.Tr(c.Lang, "message.item_not_exist_or_no_permit"))
		}

		bookId = book.BookId
	} else {
		bookResult, err := models.NewBookResult().FindByIdentify(identify, c.Member.MemberId)

		if err != nil || bookResult.RoleId == conf.BookObserver {
			logs.Error("FindByIdentify => ", err)
			c.JsonResult(6002, i18n.Tr(c.Lang, "message.item_not_exist_or_no_permit"))
		}

		bookId = bookResult.BookId
	}

	if docId <= 0 {
		c.JsonResult(6001, i18n.Tr(c.Lang, "message.param_error"))
	}

	doc, err := models.NewDocument().Find(docId)

	if err != nil {
		logs.Error("Delete => ", err)
		c.JsonResult(6003, i18n.Tr(c.Lang, "message.failed"))
	}
	// 如果文档所属项目错误
	if doc.BookId != bookId {
		c.JsonResult(6004, i18n.Tr(c.Lang, "message.param_error"))
	}

	// 递归删除项目下的文档以及子文档
	err = doc.RecursiveDocument(doc.DocumentId)
	if err != nil {
		c.JsonResult(6005, i18n.Tr(c.Lang, "message.failed"))
	}

	// 重置文档数量统计
	models.NewBook().ResetDocumentNumber(doc.BookId)
	c.JsonResult(0, "ok")
}

// 获取文档内容
func (c *DocumentController) Content() {
	c.Prepare()

	identify := c.Ctx.Input.Param(":key")
	docId, err := c.GetInt("doc_id")

	if err != nil {
		docId, _ = strconv.Atoi(c.Ctx.Input.Param(":id"))
	}

	bookId := 0
	autoRelease := false

	// 如果是超级管理员，则忽略权限
	if c.Member.IsAdministrator() {
		book, err := models.NewBook().FindByFieldFirst("identify", identify)
		if err != nil || book == nil {
			c.JsonResult(6002, i18n.Tr(c.Lang, "message.item_not_exist_or_no_permit"))
			return
		}

		bookId = book.BookId
		autoRelease = book.AutoRelease == 1
	} else {
		bookResult, err := models.NewBookResult().FindByIdentify(identify, c.Member.MemberId)

		if err != nil || bookResult.RoleId == conf.BookObserver {
			logs.Error("项目不存在或权限不足 -> ", err)
			c.JsonResult(6002, i18n.Tr(c.Lang, "message.item_not_exist_or_no_permit"))
		}

		bookId = bookResult.BookId
		autoRelease = bookResult.AutoRelease
	}

	if docId <= 0 {
		c.JsonResult(6001, i18n.Tr(c.Lang, "message.param_error"))
	}

	if c.Ctx.Input.IsPost() {
		markdown := strings.TrimSpace(c.GetString("markdown", ""))
		content := c.GetString("html")
		markdownTheme := c.GetString("markdown_theme", "theme__light")
		version, _ := c.GetInt64("version", 0)
		isCover := c.GetString("cover")

		doc, err := models.NewDocument().Find(docId)
		if err != nil || doc == nil {
			c.JsonResult(6003, i18n.Tr(c.Lang, "message.read_file_error"))
			return
		}

		if doc.BookId != bookId {
			c.JsonResult(6004, i18n.Tr(c.Lang, "message.dock_not_belong_project"))
		}

		if doc.Version != version && !strings.EqualFold(isCover, "yes") {
			logs.Info("%d|", version, doc.Version)
			c.JsonResult(6005, i18n.Tr(c.Lang, "message.confirm_override_doc"))
		}

		history := models.NewDocumentHistory()
		history.DocumentId = docId
		history.Content = doc.Content
		history.Markdown = doc.Markdown
		history.DocumentName = doc.DocumentName
		history.ModifyAt = c.Member.MemberId
		history.MemberId = doc.MemberId
		history.ParentId = doc.ParentId
		history.Version = time.Now().Unix()
		history.Action = "modify"
		history.ActionName = i18n.Tr(c.Lang, "doc.modify_doc")

		if markdown == "" && content != "" {
			doc.Markdown = content
		} else {
			doc.Markdown = markdown
			doc.MarkdownTheme = markdownTheme
		}

		doc.Version = time.Now().Unix()
		doc.Content = content
		doc.ModifyAt = c.Member.MemberId

		if err := doc.InsertOrUpdate(); err != nil {
			logs.Error("InsertOrUpdate => ", err)
			c.JsonResult(6006, i18n.Tr(c.Lang, "message.failed"))
		}

		// 如果启用了文档历史，则添加历史文档
		///如果两次保存的MD5值不同则保存为历史，否则忽略
		go func(history *models.DocumentHistory) {
			if c.EnableDocumentHistory && cryptil.Md5Crypt(history.Markdown) != cryptil.Md5Crypt(doc.Markdown) {
				_, err = history.InsertOrUpdate()
				if err != nil {
					logs.Error("DocumentHistory InsertOrUpdate => ", err)
				}
			}
		}(history)

		//如果启用了自动发布
		if autoRelease {
			go func() {
				doc.Lang = c.Lang
				err := doc.ReleaseContent()
				if err == nil {
					logs.Informational(i18n.Tr(c.Lang, "message.doc_auto_published")+"-> document_id=%d;document_name=%s", doc.DocumentId, doc.DocumentName)
				}
			}()
		}

		c.JsonResult(0, "ok", doc)
	}

	doc, err := models.NewDocument().Find(docId)
	if err != nil {
		c.JsonResult(6003, i18n.Tr(c.Lang, "message.doc_not_exist"))
		return
	}

	attach, err := models.NewAttachment().FindListByDocumentId(doc.DocumentId)
	if err == nil {
		doc.AttachList = attach
	}

	c.JsonResult(0, "ok", doc)
}

// Export 导出
func (c *DocumentController) Export() {
	c.Prepare()

	identify := c.Ctx.Input.Param(":key")
	if identify == "" {
		c.ShowErrorPage(500, i18n.Tr(c.Lang, "message.param_error"))
	}

	output := c.GetString("output")
	token := c.GetString("token")

	// 如果没有开启匿名访问则跳转到登录
	if !c.EnableAnonymous && !c.isUserLoggedIn() {
		promptUserToLogIn(c)
		return
	}
	if !conf.GetEnableExport() {
		c.ShowErrorPage(500, i18n.Tr(c.Lang, "export_func_disable"))
	}

	bookResult := models.NewBookResult()
	if c.Member != nil && c.Member.IsAdministrator() {
		book, err := models.NewBook().FindByIdentify(identify)
		if err != nil {
			if err == orm.ErrNoRows {
				c.ShowErrorPage(404, i18n.Tr(c.Lang, "message.item_not_exist"))
			} else {
				logs.Error("查找项目时出错 ->", err)
				c.ShowErrorPage(500, i18n.Tr(c.Lang, "message.system_error"))
			}
		}
		bookResult = models.NewBookResult().ToBookResult(*book)
	} else {
		bookResult = c.isReadable(identify, token)
	}
	if !bookResult.IsDownload {
		c.ShowErrorPage(200, i18n.Tr(c.Lang, "message.cur_project_export_func_disable"))
	}

	if !strings.HasPrefix(bookResult.Cover, "http:://") && !strings.HasPrefix(bookResult.Cover, "https:://") {
		bookResult.Cover = conf.URLForWithCdnImage(bookResult.Cover)
	}

	if output == Markdown {
		if bookResult.Editor != EditorMarkdown && bookResult.Editor != EditorCherryMarkdown {
			c.ShowErrorPage(500, i18n.Tr(c.Lang, "message.cur_project_not_support_md"))
		}
		p, err := bookResult.ExportMarkdown(c.CruSession.SessionID(context.TODO()))

		if err != nil {
			c.ShowErrorPage(500, i18n.Tr(c.Lang, "message.failed"))
		}
		c.Ctx.Output.Download(p, bookResult.BookName+".zip")

		c.StopRun()
		return
	}

	outputPath := filepath.Join(conf.GetExportOutputPath(), strconv.Itoa(bookResult.BookId))

	pdfpath := filepath.Join(outputPath, "book.pdf")
	epubpath := filepath.Join(outputPath, "book.epub")
	mobipath := filepath.Join(outputPath, "book.mobi")
	docxpath := filepath.Join(outputPath, "book.docx")

	if output == "pdf" && filetil.FileExists(pdfpath) {
		c.Ctx.Output.Download(pdfpath, bookResult.BookName+".pdf")
		c.Abort("200")
	} else if output == "epub" && filetil.FileExists(epubpath) {
		c.Ctx.Output.Download(epubpath, bookResult.BookName+".epub")

		c.Abort("200")
	} else if output == "mobi" && filetil.FileExists(mobipath) {
		c.Ctx.Output.Download(mobipath, bookResult.BookName+".mobi")

		c.Abort("200")
	} else if output == "docx" && filetil.FileExists(docxpath) {
		c.Ctx.Output.Download(docxpath, bookResult.BookName+".docx")

		c.Abort("200")

	} else if output == "pdf" || output == "epub" || output == "docx" || output == "mobi" {
		if err := models.BackgroundConvert(c.CruSession.SessionID(context.TODO()), bookResult); err != nil && err != gopool.ErrHandlerIsExist {
			c.ShowErrorPage(500, i18n.Tr(c.Lang, "message.export_failed"))
		}

		c.ShowErrorPage(200, i18n.Tr(c.Lang, "message.file_converting"))
	} else {
		c.ShowErrorPage(200, i18n.Tr(c.Lang, "message.unsupport_file_type"))
	}

	c.ShowErrorPage(404, i18n.Tr(c.Lang, "message.no_exportable_file"))
}

// 生成项目访问的二维码
func (c *DocumentController) QrCode() {
	c.Prepare()

	identify := c.GetString(":key")

	book, err := models.NewBook().FindByIdentify(identify)
	if err != nil || book.BookId <= 0 {
		c.ShowErrorPage(404, i18n.Tr(c.Lang, "message.item_not_exist"))
	}

	uri := conf.URLFor("DocumentController.Index", ":key", identify)
	code, err := qr.Encode(uri, qr.L, qr.Unicode)
	if err != nil {
		logs.Error("生成二维码失败 ->", err)
		c.ShowErrorPage(500, i18n.Tr(c.Lang, "message.gen_qrcode_failed"))
	}

	code, err = barcode.Scale(code, 150, 150)
	if err != nil {
		logs.Error("生成二维码失败 ->", err)
		c.ShowErrorPage(500, i18n.Tr(c.Lang, "message.gen_qrcode_failed"))
	}

	c.Ctx.ResponseWriter.Header().Set("Content-Type", "image/png")

	// imgpath := filepath.Join("cache","qrcode",identify + ".png")

	err = png.Encode(c.Ctx.ResponseWriter, code)
	if err != nil {
		logs.Error("生成二维码失败 ->", err)
		c.ShowErrorPage(500, i18n.Tr(c.Lang, "message.gen_qrcode_failed"))
	}
}

// 项目内搜索
func (c *DocumentController) Search() {
	c.Prepare()

	identify := c.Ctx.Input.Param(":key")
	token := c.GetString("token")
	keyword := strings.TrimSpace(c.GetString("keyword"))

	if identify == "" {
		c.JsonResult(6001, i18n.Tr(c.Lang, "message.param_error"))
	}

	if !c.EnableAnonymous && !c.isUserLoggedIn() {
		promptUserToLogIn(c)
		return
	}

	bookResult := c.isReadable(identify, token)

	docs, err := models.NewDocumentSearchResult().SearchDocument(keyword, bookResult.BookId)
	if err != nil {
		logs.Error(err)
		c.JsonResult(6002, i18n.Tr(c.Lang, "message.search_result_error"))
	}

	if len(docs) < 0 {
		c.JsonResult(404, i18n.Tr(c.Lang, "message.no_data"))
	}

	for _, doc := range docs {
		doc.BookId = bookResult.BookId
		doc.BookName = bookResult.BookName
		doc.Description = bookResult.Description
		doc.BookIdentify = bookResult.Identify
	}

	c.JsonResult(0, "ok", docs)
}

// 文档历史列表
func (c *DocumentController) History() {
	c.Prepare()

	c.TplName = "document/history.tpl"

	identify := c.GetString("identify")
	docId, err := c.GetInt("doc_id", 0)
	pageIndex, _ := c.GetInt("page", 1)

	bookId := 0

	// 如果是超级管理员则忽略权限判断
	if c.Member.IsAdministrator() {
		book, err := models.NewBook().FindByFieldFirst("identify", identify)
		if err != nil {
			logs.Error("查找项目失败 ->", err)
			c.Data["ErrorMessage"] = i18n.Tr(c.Lang, "message.item_not_exist_or_no_permit")
			return
		}

		bookId = book.BookId
		c.Data["Model"] = book
	} else {
		bookResult, err := models.NewBookResult().FindByIdentify(identify, c.Member.MemberId)
		if err != nil || bookResult.RoleId == conf.BookObserver {
			logs.Error("查找项目失败 ->", err)
			c.Data["ErrorMessage"] = i18n.Tr(c.Lang, "message.item_not_exist_or_no_permit")
			return
		}

		bookId = bookResult.BookId
		c.Data["Model"] = bookResult
	}

	if docId <= 0 {
		c.Data["ErrorMessage"] = i18n.Tr(c.Lang, "message.param_error")
		return
	}

	doc, err := models.NewDocument().Find(docId)
	if err != nil {
		logs.Error("Delete => ", err)
		c.Data["ErrorMessage"] = i18n.Tr(c.Lang, "message.get_doc_his_failed")
		return
	}

	// 如果文档所属项目错误
	if doc.BookId != bookId {
		c.Data["ErrorMessage"] = i18n.Tr(c.Lang, "message.param_error")
		return
	}

	histories, totalCount, err := models.NewDocumentHistory().FindToPager(docId, pageIndex, conf.PageSize)
	if err != nil {
		logs.Error("分页查找文档历史失败 ->", err)
		c.Data["ErrorMessage"] = i18n.Tr(c.Lang, "message.get_doc_his_failed")
		return
	}

	c.Data["List"] = histories
	c.Data["PageHtml"] = ""
	c.Data["Document"] = doc

	if totalCount > 0 {
		pager := pagination.NewPagination(c.Ctx.Request, totalCount, conf.PageSize, c.BaseUrl())
		c.Data["PageHtml"] = pager.HtmlPages()
	}
}

func (c *DocumentController) DeleteHistory() {
	c.Prepare()

	c.TplName = "document/history.tpl"

	identify := c.GetString("identify")
	docId, err := c.GetInt("doc_id", 0)
	historyId, _ := c.GetInt("history_id", 0)

	if historyId <= 0 {
		c.JsonResult(6001, i18n.Tr(c.Lang, "message.param_error"))
	}

	bookId := 0

	// 如果是超级管理员则忽略权限判断
	if c.Member.IsAdministrator() {
		book, err := models.NewBook().FindByFieldFirst("identify", identify)
		if err != nil {
			logs.Error("查找项目失败 ->", err)
			c.JsonResult(6002, i18n.Tr(c.Lang, "message.item_not_exist_or_no_permit"))
		}

		bookId = book.BookId
	} else {
		bookResult, err := models.NewBookResult().FindByIdentify(identify, c.Member.MemberId)
		if err != nil || bookResult.RoleId == conf.BookObserver {
			logs.Error("查找项目失败 ->", err)
			c.JsonResult(6002, i18n.Tr(c.Lang, "message.item_not_exist_or_no_permit"))
		}

		bookId = bookResult.BookId
	}

	if docId <= 0 {
		c.JsonResult(6001, i18n.Tr(c.Lang, "message.param_error"))
	}

	doc, err := models.NewDocument().Find(docId)
	if err != nil {
		logs.Error("Delete => ", err)
		c.JsonResult(6001, i18n.Tr(c.Lang, "message.get_doc_his_failed"))
	}

	// 如果文档所属项目错误
	if doc.BookId != bookId {
		c.JsonResult(6001, i18n.Tr(c.Lang, "message.param_error"))
	}

	err = models.NewDocumentHistory().Delete(historyId, docId)
	if err != nil {
		logs.Error(err)
		c.JsonResult(6002, i18n.Tr(c.Lang, "message.failed"))
	}

	c.JsonResult(0, "ok")
}

// 通过文档历史恢复文档
func (c *DocumentController) RestoreHistory() {
	c.Prepare()

	c.TplName = "document/history.tpl"

	identify := c.GetString("identify")
	docId, err := c.GetInt("doc_id", 0)
	historyId, _ := c.GetInt("history_id", 0)

	if historyId <= 0 {
		c.JsonResult(6001, i18n.Tr(c.Lang, "message.param_error"))
	}

	bookId := 0
	// 如果是超级管理员则忽略权限判断
	if c.Member.IsAdministrator() {
		book, err := models.NewBook().FindByFieldFirst("identify", identify)
		if err != nil {
			logs.Error("FindByIdentify => ", err)
			c.JsonResult(6002, i18n.Tr(c.Lang, "message.item_not_exist_or_no_permit"))
		}

		bookId = book.BookId
	} else {
		bookResult, err := models.NewBookResult().FindByIdentify(identify, c.Member.MemberId)
		if err != nil || bookResult.RoleId == conf.BookObserver {
			logs.Error("FindByIdentify => ", err)
			c.JsonResult(6002, i18n.Tr(c.Lang, "message.item_not_exist_or_no_permit"))
		}

		bookId = bookResult.BookId
	}

	if docId <= 0 {
		c.JsonResult(6001, i18n.Tr(c.Lang, "message.param_error"))
	}

	doc, err := models.NewDocument().Find(docId)
	if err != nil {
		logs.Error("Delete => ", err)
		c.JsonResult(6001, i18n.Tr(c.Lang, "message.get_doc_his_failed"))
	}

	// 如果文档所属项目错误
	if doc.BookId != bookId {
		c.JsonResult(6001, i18n.Tr(c.Lang, "message.param_error"))
	}

	err = models.NewDocumentHistory().Restore(historyId, docId, c.Member.MemberId)
	if err != nil {
		logs.Error(err)
		c.JsonResult(6002, i18n.Tr(c.Lang, "message.failed"))
	}

	c.JsonResult(0, "ok", doc)
}

func (c *DocumentController) Compare() {
	c.Prepare()

	c.TplName = "document/compare.tpl"

	historyId, _ := strconv.Atoi(c.Ctx.Input.Param(":id"))
	identify := c.Ctx.Input.Param(":key")

	bookId := 0
	editor := EditorMarkdown

	// 如果是超级管理员则忽略权限判断
	if c.Member.IsAdministrator() {
		book, err := models.NewBook().FindByFieldFirst("identify", identify)
		if err != nil {
			logs.Error("DocumentController.Compare => ", err)
			c.ShowErrorPage(403, i18n.Tr(c.Lang, "message.no_permission"))
			return
		}

		bookId = book.BookId
		c.Data["Model"] = book
		editor = book.Editor
	} else {
		bookResult, err := models.NewBookResult().FindByIdentify(identify, c.Member.MemberId)
		if err != nil || bookResult.RoleId == conf.BookObserver {
			logs.Error("FindByIdentify => ", err)
			c.ShowErrorPage(403, i18n.Tr(c.Lang, "message.no_permission"))
			return
		}

		bookId = bookResult.BookId
		c.Data["Model"] = bookResult
		editor = bookResult.Editor
	}

	if historyId <= 0 {
		c.ShowErrorPage(60002, i18n.Tr(c.Lang, "message.param_error"))
	}

	history, err := models.NewDocumentHistory().Find(historyId)
	if err != nil {
		logs.Error("DocumentController.Compare => ", err)
		c.ShowErrorPage(60003, err.Error())
	}

	doc, err := models.NewDocument().Find(history.DocumentId)
	if err != nil || doc == nil || doc.BookId != bookId {
		c.ShowErrorPage(60002, i18n.Tr(c.Lang, "message.doc_not_exist"))
		return
	}

	c.Data["HistoryId"] = historyId
	c.Data["DocumentId"] = doc.DocumentId

	if editor == EditorMarkdown || editor == EditorCherryMarkdown {
		c.Data["HistoryContent"] = history.Markdown
		c.Data["Content"] = doc.Markdown
	} else {
		c.Data["HistoryContent"] = template.HTML(history.Content)
		c.Data["Content"] = template.HTML(doc.Content)
	}
}

// 判断用户是否可以阅读文档
func (c *DocumentController) isReadable(identify, token string) *models.BookResult {
	book, err := models.NewBook().FindByFieldFirst("identify", identify)

	if err != nil {
		logs.Error(err)
		c.ShowErrorPage(500, i18n.Tr(c.Lang, "message.item_not_exist"))
	}
	bookResult := models.NewBookResult().ToBookResult(*book)
	isOk := false

	if c.isUserLoggedIn() {
		roleId, err := models.NewBook().FindForRoleId(book.BookId, c.Member.MemberId)
		if err == nil {
			isOk = true
			bookResult.MemberId = c.Member.MemberId
			bookResult.RoleId = roleId
		}
	}

	/* 	私有项目：
	 *   管理员可以直接访问
	 *   参与者可以直接访问
	 *   其他用户（支持匿名访问）
	 *   	token设置情况
	 *   		已设置：可以通过token访问
	 *   		未设置：不可以通过token访问
	 *   	password设置情况
	 *   		已设置：可以通过password访问
	 *   		未设置：不可以通过password访问
	 *   注意：
	 *   1. 第一次访问需要存session
	 *   2. 有session优先使用session中的token或者password，再使用携带的token或者password
	 *   3. 私有项目如果token和password都没有设置，则除管理员和参与者的其他用户不可以访问
	 *   4. 使用token访问如果不通过，则提示输入密码
	 */
	if book.PrivatelyOwned == 1 {
		if c.isUserLoggedIn() && c.Member.IsAdministrator() {
			return bookResult
		}
		if isOk { // Project participant.
			return bookResult
		}

		// Use session in preference.
		if tokenOrPassword, ok := c.GetSession(identify).(string); ok {
			if strings.EqualFold(book.PrivateToken, tokenOrPassword) || strings.EqualFold(book.BookPassword, tokenOrPassword) {
				return bookResult
			}
		}

		// Next: Session not exist or not correct.
		if book.PrivateToken != "" && book.PrivateToken == token {
			c.SetSession(identify, token)
			return bookResult
		} else if book.BookPassword != "" {
			// Send a page for inputting password.
			// For verification, see function DocumentController.CheckPassword
			body, err := c.ExecuteViewPathTemplate("document/document_password.tpl",
				map[string]string{"Identify": book.Identify, "Lang": c.Lang})
			if err != nil {
				logs.Error("显示密码页面失败 ->", err)
				c.ShowErrorPage(500, i18n.Tr(c.Lang, "message.system_error"))
			}
			c.CustomAbort(200, body)
		} else {
			// No permission to access this book.
			logs.Info("尝试访问文档但权限不足 ->", identify, token)
			c.ShowErrorPage(403, i18n.Tr(c.Lang, "message.no_permission"))
		}
	}

	return bookResult
}

func promptUserToLogIn(c *DocumentController) {
	logs.Info("Access " + c.Ctx.Request.URL.RequestURI() + " not permitted.")
	logs.Info("  Access will be redirected to login page(SessionId: " + c.CruSession.SessionID(context.TODO()) + ").")

	if c.IsAjax() {
		c.JsonResult(6000, i18n.Tr(c.Lang, "message.need_relogin"))
	} else {
		c.Redirect(conf.URLFor("AccountController.Login")+"?url="+url.PathEscape(conf.BaseUrl+c.Ctx.Request.URL.RequestURI()), 302)
	}
}