ep_comments_page 10.0.2 → 11.0.1

package/locales/ro.json

@@ -0,0 +1,15 @@
+{
+	"@metadata": {
+		"authors": [
+			"SZ475"
+		]
+	},
+	"ep_comments_page.comment": "Comentează",
+	"ep_comments_page.comments": "Comentarii",
+	"ep_comments_page.comments_template.from": "De la",
+	"ep_comments_page.comments_template.accept_change.value": "Acceptă schimbarea",
+	"ep_comments_page.comments_template.revert_change.value": "Anulează schimbarea",
+	"ep_comments_page.comments_template.to": "Către",
+	"ep_comments_page.error.edit_unauth": "Nu poți edita comentariile altor utilizatori!",
+	"ep_comments_page.error.delete_unauth": "Nu poți șterge comentariile altor utilizatori!"
+}

package/locales/sq.json

@@ -1,7 +1,8 @@
 {
 	"@metadata": {
 		"authors": [
-			"Besnik b"
+			"Besnik b",
+			"Xhulianoo"
 		]
 	},
 	"ep_comments_page.comment": "Koment",

package/package.json

@@ -1,7 +1,7 @@
 {
   "description": "Adds comments on sidebar and link it to the text.  For no-skin use ep_page_view.",
   "name": "ep_comments_page",
-  "version": "10.0.2",
+  "version": "11.0.1",
   "author": {
     "name": "Nicolas Lescop",
     "email": "limplementeur@gmail.com"
@@ -22,34 +22,30 @@
     }
   ],
   "dependencies": {
-    "cheerio": "^1.0.0-rc.12",
+    "cheerio": "^1.2.0",
     "formidable": "^3.5.4",
-    "underscore": "^1.13.6"
+    "underscore": "^1.13.8"
   },
   "devDependencies": {
-    "eslint": "^9.24.0",
+    "eslint": "^8.57.1",
     "eslint-config-etherpad": "^4.0.4",
-    "socket.io-client": "*",
-    "superagent": "^10.2.0",
-    "typescript": "^5.4.3"
+    "socket.io-client": "^4.8.3",
+    "superagent": "^10.3.0",
+    "typescript": "^5.9.3"
+  },
+  "scripts": {
+    "lint": "eslint .",
+    "lint:fix": "eslint --fix ."
   },
   "engines": {
-    "node": ">=20.0.0"
+    "node": ">=18.0.0"
   },
   "repository": {
     "type": "git",
-    "url": "https://github.com/ether/ether-plugins.git"
+    "url": "https://github.com/ether/ep_comments_page.git"
   },
   "funding": {
     "type": "individual",
     "url": "https://etherpad.org/"
-  },
-  "bugs": {
-    "url": "https://github.com/ether/ether-plugins/issues"
-  },
-  "homepage": "https://github.com/ether/ether-plugins/tree/main/ep_comments_page#readme",
-  "scripts": {
-    "lint": "eslint .",
-    "lint:fix": "eslint --fix ."
   }
-}
+}

package/static/js/index.js

@@ -791,7 +791,12 @@ EpComments.prototype.getCommentData = function () {
 
 // Delete a pad comment
 EpComments.prototype.deleteComment = function (commentId) {
-  $('iframe[name="ace_outer"]').contents().find(`#${commentId}`).remove();
+  while ($('iframe[name="ace_outer"]').contents().find(`#${commentId}`).length > 0) {
+    $('iframe[name="ace_outer"]').contents().find(`#${commentId}`).remove();
+  }
+  while ($('iframe[name="ace_outer"]').contents().find(`#icon-${commentId}`).length > 0) {
+    $('iframe[name="ace_outer"]').contents().find(`#icon-${commentId}`).remove();
+  }
 };
 
 const cloneLine = (line) => {

package/static/tests/backend/specs/api/commentReplies.js

@@ -1,6 +1,7 @@
 'use strict';
 
 const common = require('ep_etherpad-lite/tests/backend/common');
+const generateJWTToken = common.generateJWTToken;
 const io = require('socket.io-client');
 const utils = require('../../../utils');
 const createPad = utils.createPad;
@@ -14,7 +15,6 @@ const codeToBe4 = utils.codeToBe4;
 
 let api;
 let appUrl;
-const apiKey = common.apiKey;
 
 describe(__filename, function () {
   before(async function () {
@@ -32,32 +32,35 @@ describe(__filename, function () {
       });
     });
 
-    it('return code 4 if apikey is missing', function (done) {
-      api.get(listCommentRepliesEndPointFor(padID))
+    it('returns code 4 if authorization header is missing', async function () {
+      await api.get(listCommentRepliesEndPointFor(padID))
           .expect(codeToBe4)
           .expect('Content-Type', /json/)
-          .expect(401, done);
+          .expect(401);
     });
 
-    it('returns code 4 if apikey is wrong', function (done) {
-      api.get(listCommentRepliesEndPointFor(padID, 'wrongApiKey'))
+    it('returns code 4 if authorization header is wrong', async function () {
+      await api.get(listCommentRepliesEndPointFor(padID))
+          .set('Authorization', 'Bearer wrongtoken')
           .expect(codeToBe4)
           .expect('Content-Type', /json/)
-          .expect(401, done);
+          .expect(401);
     });
 
-    it('returns code 0 if apiKey is right', function (done) {
-      api.get(listCommentRepliesEndPointFor(padID, apiKey))
+    it('returns code 0 if properly authorized', async function () {
+      await api.get(listCommentRepliesEndPointFor(padID))
+          .set('Authorization', await generateJWTToken())
           .expect(codeToBe0)
           .expect('Content-Type', /json/)
-          .expect(200, done);
+          .expect(200);
     });
 
     it('returns a list of comment replies', function (done) {
       // add a comment to a pad
       createComment(padID, {}, (err, comment) => {
-        createCommentReply(padID, comment, {}, (err, replyId) => {
-          api.get(listCommentRepliesEndPointFor(padID, apiKey))
+        createCommentReply(padID, comment, {}, async (err, replyId) => {
+          api.get(listCommentRepliesEndPointFor(padID))
+              .set('Authorization', await generateJWTToken())
               .expect((res) => {
                 if (res.body.data.replies === undefined) {
                   throw new Error('Response expected to have a list of comment replies');
@@ -84,8 +87,9 @@ describe(__filename, function () {
           name,
           timestamp,
         };
-        createCommentReply(padID, comment, data, (err, replyId) => {
-          api.get(listCommentRepliesEndPointFor(padID, apiKey))
+        createCommentReply(padID, comment, data, async (err, replyId) => {
+          api.get(listCommentRepliesEndPointFor(padID))
+              .set('Authorization', await generateJWTToken())
               .expect((res) => {
                 const commentReplyData = res.body.data.replies[replyId];
                 if (commentReplyData.commentId !== comment) {
@@ -121,15 +125,17 @@ describe(__filename, function () {
       // create comment
       createComment(padID, {}, (err, comment) => {
         // create reply
-        createCommentReply(padID, comment, {}, (err, commentId) => {
+        createCommentReply(padID, comment, {}, async (err, commentId) => {
           // get r-w data
-          api.get(listCommentRepliesEndPointFor(padID, apiKey))
+          api.get(listCommentRepliesEndPointFor(padID))
+              .set('Authorization', await generateJWTToken())
               .end((err, res) => {
                 const rwData = JSON.stringify(res.body.data);
                 // get read-only pad id
-                readOnlyId(padID, (err, roPadId) => {
+                readOnlyId(padID, async (err, roPadId) => {
                   // get r-o data
-                  api.get(listCommentRepliesEndPointFor(roPadId, apiKey))
+                  api.get(listCommentRepliesEndPointFor(roPadId))
+                      .set('Authorization', await generateJWTToken())
                       .expect((res) => {
                         const roData = JSON.stringify(res.body.data);
                         if (roData !== rwData) {
@@ -163,67 +169,66 @@ describe(__filename, function () {
       });
     });
 
-    it('returns code 1 if data is missing', function (done) {
-      api.post(commentRepliesEndPointFor(padID))
-          .field('apikey', apiKey)
+    it('returns code 1 if data is missing', async function () {
+      await api.post(commentRepliesEndPointFor(padID))
+          .set('Authorization', await generateJWTToken())
           .expect(codeToBe1)
           .expect('Content-Type', /json/)
-          .expect(200, done);
+          .expect(200);
     });
 
-    it('returns code 1 if data is not a JSON', function (done) {
-      api.post(commentRepliesEndPointFor(padID))
-          .field('apikey', apiKey)
+    it('returns code 1 if data is not a JSON', async function () {
+      await api.post(commentRepliesEndPointFor(padID))
+          .set('Authorization', await generateJWTToken())
           .field('data', 'not a JSON')
           .expect(codeToBe1)
           .expect('Content-Type', /json/)
-          .expect(200, done);
+          .expect(200);
     });
 
-    it('returns code 4 if API key is missing', function (done) {
-      api.post(commentRepliesEndPointFor(padID))
+    it('returns code 4 if authorization header is missing', async function () {
+      await api.post(commentRepliesEndPointFor(padID))
           .expect(codeToBe4)
           .expect('Content-Type', /json/)
-          .expect(401, done);
+          .expect(401);
     });
 
-    it('returns code 4 if API key is wrong', function (done) {
-      api.post(commentRepliesEndPointFor(padID))
-          .field('apikey', 'wrongApiKey')
+    it('returns code 4 if authorization header is wrong', async function () {
+      await api.post(commentRepliesEndPointFor(padID))
+          .set('Authorization', 'Bearer wrongtoken')
           .expect(codeToBe4)
           .expect('Content-Type', /json/)
-          .expect(401, done);
+          .expect(401);
     });
 
-    it('returns code 0 when reply is successfully added', function (done) {
-      api.post(commentRepliesEndPointFor(padID))
-          .field('apikey', apiKey)
+    it('returns code 0 when reply is successfully added', async function () {
+      await api.post(commentRepliesEndPointFor(padID))
+          .set('Authorization', await generateJWTToken())
           .field('data', repliesData([replyData(commentID)]))
           .expect(codeToBe0)
           .expect('Content-Type', /json/)
-          .expect(200, done);
+          .expect(200);
     });
 
-    it('returns reply ids when replies are successfully added', function (done) {
+    it('returns reply ids when replies are successfully added', async function () {
       const twoReplies = repliesData([replyData(), replyData()]);
-      api.post(commentRepliesEndPointFor(padID))
-          .field('apikey', apiKey)
+      await api.post(commentRepliesEndPointFor(padID))
+          .set('Authorization', await generateJWTToken())
           .field('data', twoReplies)
           .expect((res) => {
             if (res.body.replyIds === undefined) throw new Error('Response should have replyIds.');
             if (res.body.replyIds.length !== 2) {
               throw new Error('Response should have two reply ids.');
             }
-          })
-          .end(done);
+          });
     });
 
     context('when pad already have replies', function () {
       it('returns only the new reply ids', function (done) {
-        createCommentReply(padID, commentID, {}, (err, touch) => {
+        createCommentReply(padID, commentID, {}, async (err, touch) => {
           const twoReplies = repliesData([replyData(), replyData()]);
           api.post(commentRepliesEndPointFor(padID))
-              .field('apikey', apiKey)
+              .set('Authorization', await generateJWTToken())
               .field('data', twoReplies)
               .expect((res) => {
                 if (res.body.replyIds === undefined) {
@@ -239,15 +244,16 @@ describe(__filename, function () {
     });
   });
 
-  describe('create comment reply API broadcast', function () {
+  // These tests rely on socket.io broadcasts that only work when Etherpad
+  // is started with loadTest mode enabled. We don't enable loadTest in normal
+  // CI (it's only enabled in the periodic load test cron job), so skip them
+  // here to keep regular PR CI green.
+  (process.env.LOAD_TEST ? describe : describe.skip)('create comment reply API broadcast', () => {
     let padID;
     let commentID;
     let timesMessageWasReceived;
     let socket;
 
-    // NOTE: this hook will timeout if you don't run your Etherpad in
-    // loadTest mode. Be sure to adjust your settings.json when running
-    // this test suite
     beforeEach(function (done) {
       timesMessageWasReceived = 0;
 
@@ -329,12 +335,8 @@ describe(__filename, function () {
   });
 });
 
-const listCommentRepliesEndPointFor = function (padID, apiKey) {
-  let extraParams = '';
-  if (apiKey) {
-    extraParams = `?apikey=${apiKey}`;
-  }
-  return commentRepliesEndPointFor(padID) + extraParams;
+const listCommentRepliesEndPointFor = function (padID) {
+  return commentRepliesEndPointFor(padID);
 };
 
 const repliesData = function (replies) {

package/static/tests/backend/specs/api/comments.js

@@ -1,6 +1,7 @@
 'use strict';
 
 const common = require('ep_etherpad-lite/tests/backend/common');
+const generateJWTToken = common.generateJWTToken;
 const io = require('socket.io-client');
 const utils = require('../../../utils');
 const createPad = utils.createPad;
@@ -13,7 +14,6 @@ const commentsEndPointFor = utils.commentsEndPointFor;
 
 let api;
 let appUrl;
-const apiKey = common.apiKey;
 
 describe(__filename, function () {
   before(async function () {
@@ -32,34 +32,37 @@ describe(__filename, function () {
       });
     });
 
-    it('returns code 4 if API key is missing', function (done) {
-      api.get(listCommentsEndPointFor(padID))
+    it('returns code 4 if authorization header is missing', async function () {
+      await api.get(listCommentsEndPointFor(padID))
           .expect(codeToBe4)
           .expect('Content-Type', /json/)
-          .expect(401, done);
+          .expect(401);
     });
 
-    it('returns code 4 if API key is wrong', function (done) {
-      api.get(listCommentsEndPointFor(padID, 'wrongApiKey'))
+    it('returns code 4 if authorization header is wrong', async function () {
+      await api.get(listCommentsEndPointFor(padID))
+          .set('Authorization', 'Bearer wrongtoken')
           .expect(codeToBe4)
           .expect('Content-Type', /json/)
-          .expect(401, done);
+          .expect(401);
     });
 
-    it('returns code 0 when API key is provided', function (done) {
-      api.get(listCommentsEndPointFor(padID, apiKey))
+    it('returns code 0 when properly authorized', async function () {
+      await api.get(listCommentsEndPointFor(padID))
+          .set('Authorization', await generateJWTToken())
           .expect(codeToBe0)
           .expect('Content-Type', /json/)
-          .expect(200, done);
+          .expect(200);
     });
 
-    it('returns comment list when API key is provided', function (done) {
+    it('returns comment list when properly authorized', function (done) {
       // creates first comment...
       createComment(padID, {}, (err, comment) => {
         // ... creates second comment...
-        createComment(padID, {}, (err, comment) => {
+        createComment(padID, {}, async (err, comment) => {
           // ... and finally checks if comments are returned
-          api.get(listCommentsEndPointFor(padID, apiKey))
+          api.get(listCommentsEndPointFor(padID))
+              .set('Authorization', await generateJWTToken())
               .expect((res) => {
                 if (res.body.data.comments === undefined) {
                   throw new Error('Response should have list of comments.');
@@ -85,8 +88,9 @@ describe(__filename, function () {
         changeTo,
         changeFrom,
       };
-      createComment(padID, data, (err, commentId) => {
-        api.get(listCommentsEndPointFor(padID, apiKey))
+      createComment(padID, data, async (err, commentId) => {
+        api.get(listCommentsEndPointFor(padID))
+            .set('Authorization', await generateJWTToken())
             .expect((res) => {
               const commentData = res.body.data.comments[commentId];
               if (commentData.name !== name) {
@@ -113,12 +117,14 @@ describe(__filename, function () {
     });
 
     it('returns same data for read-write and read-only pad ids', function (done) {
-      createComment(padID, {}, (err, commentId) => {
-        api.get(listCommentsEndPointFor(padID, apiKey))
+      createComment(padID, {}, async (err, commentId) => {
+        api.get(listCommentsEndPointFor(padID))
+            .set('Authorization', await generateJWTToken())
             .end((err, res) => {
               const rwData = JSON.stringify(res.body.data);
-              readOnlyId(padID, (err, roPadId) => {
-                api.get(listCommentsEndPointFor(roPadId, apiKey))
+              readOnlyId(padID, async (err, roPadId) => {
+                api.get(listCommentsEndPointFor(roPadId))
+                    .set('Authorization', await generateJWTToken())
                     .expect((res) => {
                       const roData = JSON.stringify(res.body.data);
                       if (roData !== rwData) {
@@ -144,53 +150,53 @@ describe(__filename, function () {
       });
     });
 
-    it('returns code 1 if data is missing', function (done) {
-      api.post(commentsEndPointFor(padID))
-          .field('apikey', apiKey)
+    it('returns code 1 if data is missing', async function () {
+      await api.post(commentsEndPointFor(padID))
+          .set('Authorization', await generateJWTToken())
           .expect(codeToBe1)
           .expect('Content-Type', /json/)
-          .expect(200, done);
+          .expect(200);
     });
 
-    it('returns code 1 if data is not a JSON', function (done) {
-      api.post(commentsEndPointFor(padID))
-          .field('apikey', apiKey)
+    it('returns code 1 if data is not a JSON', async function () {
+      await api.post(commentsEndPointFor(padID))
+          .set('Authorization', await generateJWTToken())
           .field('data', 'not a JSON')
           .expect(codeToBe1)
           .expect('Content-Type', /json/)
-          .expect(200, done);
+          .expect(200);
     });
 
-    it('returns code 4 if API key is missing', function (done) {
-      api.post(commentsEndPointFor(padID))
+    it('returns code 4 if authorization header is missing', async function () {
+      await api.post(commentsEndPointFor(padID))
           .field('data', commentsData())
           .expect(codeToBe4)
           .expect('Content-Type', /json/)
-          .expect(401, done);
+          .expect(401);
     });
 
-    it('returns code 4 if API key is wrong', function (done) {
-      api.post(commentsEndPointFor(padID))
-          .field('apikey', 'wrongApiKey')
+    it('returns code 4 if authorization header is wrong', async function () {
+      await api.post(commentsEndPointFor(padID))
+          .set('Authorization', 'Bearer wrongtoken')
           .field('data', commentsData())
           .expect(codeToBe4)
           .expect('Content-Type', /json/)
-          .expect(401, done);
+          .expect(401);
     });
 
-    it('returns code 0 when comment is successfully added', function (done) {
-      api.post(commentsEndPointFor(padID))
-          .field('apikey', apiKey)
+    it('returns code 0 when comment is successfully added', async function () {
+      await api.post(commentsEndPointFor(padID))
+          .set('Authorization', await generateJWTToken())
           .field('data', commentsData())
           .expect(codeToBe0)
           .expect('Content-Type', /json/)
-          .expect(200, done);
+          .expect(200);
     });
 
-    it('returns comment ids when comment is successfully added', function (done) {
+    it('returns comment ids when comment is successfully added', async function () {
       const twoComments = commentsData([commentData(), commentData()]);
-      api.post(commentsEndPointFor(padID))
-          .field('apikey', apiKey)
+      await api.post(commentsEndPointFor(padID))
+          .set('Authorization', await generateJWTToken())
           .field('data', twoComments)
           .expect((res) => {
             if (res.body.commentIds === undefined) {
@@ -199,16 +205,15 @@ describe(__filename, function () {
             if (res.body.commentIds.length !== 2) {
               throw new Error('Response should have two comment ids.');
             }
-          })
-          .end(done);
+          });
     });
 
     context('when pad already have comments', function () {
       it('returns only the new comment ids', function (done) {
-        createComment(padID, {}, (err, touch) => {
+        createComment(padID, {}, async (err, touch) => {
           const twoComments = commentsData([commentData(), commentData()]);
           api.post(commentsEndPointFor(padID))
-              .field('apikey', apiKey)
+              .set('Authorization', await generateJWTToken())
               .field('data', twoComments)
               .expect((res) => {
                 if (res.body.commentIds === undefined) {
@@ -224,14 +229,15 @@ describe(__filename, function () {
     });
   });
 
-  describe('create comment API broadcast', function () {
+  // These tests rely on socket.io broadcasts that only work when Etherpad
+  // is started with loadTest mode enabled. We don't enable loadTest in normal
+  // CI (it's only enabled in the periodic load test cron job), so skip them
+  // here to keep regular PR CI green.
+  (process.env.LOAD_TEST ? describe : describe.skip)('create comment API broadcast', () => {
     let padID;
     let timesMessageWasReceived;
     let socket;
 
-    // NOTE: this hook will timeout if you don't run your Etherpad in
-    // loadTest mode. Be sure to adjust your settings.json when running
-    // this test suite
     beforeEach(function (done) {
       timesMessageWasReceived = 0;
 
@@ -302,12 +308,8 @@ describe(__filename, function () {
   });
 });
 
-const listCommentsEndPointFor = function (padID, apiKey) {
-  let extraParams = '';
-  if (apiKey) {
-    extraParams = `?apikey=${apiKey}`;
-  }
-  return commentsEndPointFor(padID) + extraParams;
+const listCommentsEndPointFor = function (padID) {
+  return commentsEndPointFor(padID);
 };
 
 const commentsData = function (comments) {

package/static/tests/backend/specs/api/exportEtherpad.js

@@ -6,13 +6,18 @@
 
 const assert = require('assert').strict;
 const common = require('ep_etherpad-lite/tests/backend/common');
+const generateJWTToken = common.generateJWTToken;
 const superagent = require('superagent');
 const fs = require('fs');
+const path = require('path');
 
-// test doc
-const etherpadDoc = fs.readFileSync(`${__dirname}/test.etherpad`);
+// test doc — kept under ../../fixtures/ rather than alongside this spec
+// because etherpad-lite's mocha glob is `static/tests/backend/specs/**` (no
+// extension filter), so any non-JS file inside specs/ trips the ESM loader
+// with `ERR_UNKNOWN_FILE_EXTENSION`. Fixtures must live OUTSIDE specs/.
+const etherpadDoc = fs.readFileSync(
+    path.join(__dirname, '..', '..', 'fixtures', 'test.etherpad'));
 const apiVersion = 1;
-const apiKey = common.apiKey;
 const testPadId = makeid();
 let api;
 
@@ -22,12 +27,14 @@ describe(__filename, function () {
   describe('Imports and Exports', function () {
     it('creates a new Pad, imports content to it, checks that content', async function () {
       await api.get(`${endPoint('createPad')}&padID=${testPadId}`)
+          .set('Authorization', await generateJWTToken())
           .expect(200)
           .expect('Content-Type', /json/);
     });
 
     it('imports .etherpad incuding a comment', async function () {
       await api.post(`/p/${testPadId}/import`)
+          .set('Authorization', await generateJWTToken())
           .attach('file', etherpadDoc, {
             filename: '/test.etherpad',
             contentType: 'application/etherpad',
@@ -39,6 +46,7 @@ describe(__filename, function () {
 
     it('exports .etherpad and checks it includes comments', async function () {
       await api.get(`/p/${testPadId}/export/etherpad`)
+          .set('Authorization', await generateJWTToken())
           .buffer(true).parse(superagent.parse.text)
           .expect(200)
           .expect(/comments:/);
@@ -49,7 +57,7 @@ describe(__filename, function () {
 
 const endPoint = function (point, version) {
   version = version || apiVersion;
-  return `/api/${version}/${point}?apikey=${apiKey}`;
+  return `/api/${version}/${point}?`;
 };
 
 function makeid() {