mirror of
https://github.com/flarum/core.git
synced 2025-10-12 07:24:27 +02:00
9896378b59
- Use cookies + CSRF token for API authentication in the default client. This mitigates potential XSS attacks by making the token unavailable to JavaScript. The Authorization header is still supported, but not used by default. - Make sensitive/destructive actions (editing a user, permanently deleting anything, visiting the admin CP) require the user to re-enter their password if they haven't entered it in the last 30 minutes. - Refactor and clean up the authentication middleware. - Add an `onhide` hook to the Modal component. (+1 squashed commit)
119 lines
2.9 KiB
JavaScript
119 lines
2.9 KiB
JavaScript
import Component from 'flarum/Component';
|
|
import SubtreeRetainer from 'flarum/utils/SubtreeRetainer';
|
|
import Dropdown from 'flarum/components/Dropdown';
|
|
import PostControls from 'flarum/utils/PostControls';
|
|
import listItems from 'flarum/helpers/listItems';
|
|
import ItemList from 'flarum/utils/ItemList';
|
|
|
|
/**
|
|
* The `Post` component displays a single post. The basic post template just
|
|
* includes a controls dropdown; subclasses must implement `content` and `attrs`
|
|
* methods.
|
|
*
|
|
* ### Props
|
|
*
|
|
* - `post`
|
|
*
|
|
* @abstract
|
|
*/
|
|
export default class Post extends Component {
|
|
init() {
|
|
this.loading = false;
|
|
|
|
/**
|
|
* Set up a subtree retainer so that the post will not be redrawn
|
|
* unless new data comes in.
|
|
*
|
|
* @type {SubtreeRetainer}
|
|
*/
|
|
this.subtree = new SubtreeRetainer(
|
|
() => this.props.post.freshness,
|
|
() => {
|
|
const user = this.props.post.user();
|
|
return user && user.freshness;
|
|
},
|
|
() => this.controlsOpen
|
|
);
|
|
}
|
|
|
|
view() {
|
|
const attrs = this.attrs();
|
|
|
|
attrs.className = 'Post ' + (this.loading ? 'Post--loading ' : '') + (attrs.className || '');
|
|
|
|
return (
|
|
<article {...attrs}>
|
|
{this.subtree.retain() || (() => {
|
|
const controls = PostControls.controls(this.props.post, this).toArray();
|
|
|
|
return (
|
|
<div>
|
|
{this.content()}
|
|
<aside className="Post-actions">
|
|
<ul>
|
|
{listItems(this.actionItems().toArray())}
|
|
{controls.length ? <li>
|
|
<Dropdown
|
|
className="Post-controls"
|
|
buttonClassName="Button Button--icon Button--flat"
|
|
menuClassName="Dropdown-menu--right"
|
|
icon="ellipsis-h"
|
|
onshow={() => this.$('.Post-actions').addClass('open')}
|
|
onhide={() => this.$('.Post-actions').removeClass('open')}>
|
|
{controls}
|
|
</Dropdown>
|
|
</li> : ''}
|
|
</ul>
|
|
</aside>
|
|
<footer className="Post-footer"><ul>{listItems(this.footerItems().toArray())}</ul></footer>
|
|
</div>
|
|
);
|
|
})()}
|
|
</article>
|
|
);
|
|
}
|
|
|
|
config(isInitialized) {
|
|
const $actions = this.$('.Post-actions');
|
|
const $controls = this.$('.Post-controls');
|
|
|
|
$actions.toggleClass('open', $controls.hasClass('open'));
|
|
}
|
|
|
|
/**
|
|
* Get attributes for the post element.
|
|
*
|
|
* @return {Object}
|
|
*/
|
|
attrs() {
|
|
return {};
|
|
}
|
|
|
|
/**
|
|
* Get the post's content.
|
|
*
|
|
* @return {Object}
|
|
*/
|
|
content() {
|
|
return '';
|
|
}
|
|
|
|
/**
|
|
* Build an item list for the post's actions.
|
|
*
|
|
* @return {ItemList}
|
|
*/
|
|
actionItems() {
|
|
return new ItemList();
|
|
}
|
|
|
|
/**
|
|
* Build an item list for the post's footer.
|
|
*
|
|
* @return {ItemList}
|
|
*/
|
|
footerItems() {
|
|
return new ItemList();
|
|
}
|
|
}
|