webaccess: Use `const` or `let` instead of `var`

pull/4250/head
Richard Hansen 2020-08-25 17:04:34 -04:00 committed by John McLear
parent a7be5278a3
commit 0a8569d0ad
1 changed files with 20 additions and 24 deletions

View File

@ -1,22 +1,22 @@
var express = require('express'); const express = require('express');
var log4js = require('log4js'); const log4js = require('log4js');
var httpLogger = log4js.getLogger('http'); const httpLogger = log4js.getLogger('http');
var settings = require('../../utils/Settings'); const settings = require('../../utils/Settings');
var hooks = require('ep_etherpad-lite/static/js/pluginfw/hooks'); const hooks = require('ep_etherpad-lite/static/js/pluginfw/hooks');
var ueberStore = require('../../db/SessionStore'); const ueberStore = require('../../db/SessionStore');
var stats = require('ep_etherpad-lite/node/stats'); const stats = require('ep_etherpad-lite/node/stats');
var sessionModule = require('express-session'); const sessionModule = require('express-session');
var cookieParser = require('cookie-parser'); const cookieParser = require('cookie-parser');
// checks for basic http auth // checks for basic http auth
exports.basicAuth = (req, res, next) => { exports.basicAuth = (req, res, next) => {
var hookResultMangle = (cb) => { const hookResultMangle = (cb) => {
return (err, data) => { return (err, data) => {
return cb(!err && data.length && data[0]); return cb(!err && data.length && data[0]);
}; };
}; };
var authorize = (cb) => { const authorize = (cb) => {
// Do not require auth for static paths and the API...this could be a bit brittle // Do not require auth for static paths and the API...this could be a bit brittle
if (req.path.match(/^\/(static|javascripts|pluginfw|api)/)) return cb(true); if (req.path.match(/^\/(static|javascripts|pluginfw|api)/)) return cb(true);
@ -30,13 +30,13 @@ exports.basicAuth = (req, res, next) => {
hooks.aCallFirst('authorize', {req: req, res: res, next: next, resource: req.path}, hookResultMangle(cb)); hooks.aCallFirst('authorize', {req: req, res: res, next: next, resource: req.path}, hookResultMangle(cb));
}; };
var authenticate = (cb) => { const authenticate = (cb) => {
// If auth headers are present use them to authenticate... // If auth headers are present use them to authenticate...
if (req.headers.authorization && req.headers.authorization.search('Basic ') === 0) { if (req.headers.authorization && req.headers.authorization.search('Basic ') === 0) {
var userpass = Buffer.from(req.headers.authorization.split(' ')[1], 'base64').toString().split(':'); const userpass = Buffer.from(req.headers.authorization.split(' ')[1], 'base64').toString().split(':');
var username = userpass.shift(); const username = userpass.shift();
var password = userpass.join(':'); const password = userpass.join(':');
var fallback = (success) => { const fallback = (success) => {
if (success) return cb(true); if (success) return cb(true);
if (!(username in settings.users)) { if (!(username in settings.users)) {
httpLogger.info(`Failed authentication from IP ${req.ip} - no such user`); httpLogger.info(`Failed authentication from IP ${req.ip} - no such user`);
@ -58,7 +58,7 @@ exports.basicAuth = (req, res, next) => {
/* Authentication OR authorization failed. */ /* Authentication OR authorization failed. */
var failure = () => { const failure = () => {
return hooks.aCallFirst('authFailure', {req: req, res: res, next: next}, hookResultMangle((ok) => { return hooks.aCallFirst('authFailure', {req: req, res: res, next: next}, hookResultMangle((ok) => {
if (ok) return; if (ok) return;
/* No plugin handler for invalid auth. Return Auth required /* No plugin handler for invalid auth. Return Auth required
@ -104,8 +104,8 @@ exports.secret = null;
exports.expressConfigure = (hook_name, args, cb) => { exports.expressConfigure = (hook_name, args, cb) => {
// Measure response time // Measure response time
args.app.use((req, res, next) => { args.app.use((req, res, next) => {
var stopWatch = stats.timer('httpRequests').start(); const stopWatch = stats.timer('httpRequests').start();
var sendFn = res.send; const sendFn = res.send;
res.send = function() { // function, not arrow, due to use of 'arguments' res.send = function() { // function, not arrow, due to use of 'arguments'
stopWatch.end(); stopWatch.end();
sendFn.apply(res, arguments); sendFn.apply(res, arguments);
@ -128,11 +128,7 @@ exports.expressConfigure = (hook_name, args, cb) => {
exports.secret = settings.sessionKey; exports.secret = settings.sessionKey;
} }
if (settings.ssl) { const sameSite = settings.ssl ? 'Strict' : 'Lax';
var sameSite = 'Strict';
} else {
var sameSite = 'Lax';
}
args.app.sessionStore = exports.sessionStore; args.app.sessionStore = exports.sessionStore;
args.app.use(sessionModule({ args.app.use(sessionModule({