restricted access to pad import and export
Peter 'Pita' Martischka
parent
48980f9e19
commit
317370da2c
|
|
@ -39,6 +39,7 @@ var importHandler;
|
||||||
var exporthtml;
|
var exporthtml;
|
||||||
var readOnlyManager;
|
var readOnlyManager;
|
||||||
var padManager;
|
var padManager;
|
||||||
|
var securityManager;
|
||||||
|
|
||||||
//try to get the git version
|
//try to get the git version
|
||||||
var version = "";
|
var version = "";
|
||||||
|
|
@ -78,12 +79,14 @@ async.waterfall([
|
||||||
importHandler = require('./handler/ImportHandler');
|
importHandler = require('./handler/ImportHandler');
|
||||||
apiHandler = require('./handler/APIHandler');
|
apiHandler = require('./handler/APIHandler');
|
||||||
padManager = require('./db/PadManager');
|
padManager = require('./db/PadManager');
|
||||||
|
securityManager = require('./db/SecurityManager');
|
||||||
|
|
||||||
//install logging
|
//install logging
|
||||||
var httpLogger = log4js.getLogger("http");
|
var httpLogger = log4js.getLogger("http");
|
||||||
app.configure(function()
|
app.configure(function()
|
||||||
{
|
{
|
||||||
app.use(log4js.connectLogger(httpLogger, { level: log4js.levels.INFO, format: ':status, :method :url'}));
|
app.use(log4js.connectLogger(httpLogger, { level: log4js.levels.INFO, format: ':status, :method :url'}));
|
||||||
|
app.use(express.cookieParser());
|
||||||
});
|
});
|
||||||
|
|
||||||
//serve static files
|
//serve static files
|
||||||
|
|
@ -160,6 +163,26 @@ async.waterfall([
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
//checks for padAccess
|
||||||
|
function hasPadAccess(req, res, callback)
|
||||||
|
{
|
||||||
|
securityManager.checkAccess(req.params.pad, req.cookies.sessionid, req.cookies.token, req.cookies.password, function(err, accessObj)
|
||||||
|
{
|
||||||
|
if(err) throw err;
|
||||||
|
|
||||||
|
//there is access, continue
|
||||||
|
if(accessObj.accessStatus == "grant")
|
||||||
|
{
|
||||||
|
callback();
|
||||||
|
}
|
||||||
|
//no access
|
||||||
|
else
|
||||||
|
{
|
||||||
|
res.send("403 - Can't touch this", 403);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
//serve pad.html under /p
|
//serve pad.html under /p
|
||||||
app.get('/p/:pad', function(req, res, next)
|
app.get('/p/:pad', function(req, res, next)
|
||||||
{
|
{
|
||||||
|
|
@ -217,7 +240,11 @@ async.waterfall([
|
||||||
|
|
||||||
res.header("Access-Control-Allow-Origin", "*");
|
res.header("Access-Control-Allow-Origin", "*");
|
||||||
res.header("Server", serverName);
|
res.header("Server", serverName);
|
||||||
exportHandler.doExport(req, res, req.params.pad, req.params.type);
|
|
||||||
|
hasPadAccess(req, res, function()
|
||||||
|
{
|
||||||
|
exportHandler.doExport(req, res, req.params.pad, req.params.type);
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
//handle import requests
|
//handle import requests
|
||||||
|
|
@ -238,7 +265,11 @@ async.waterfall([
|
||||||
}
|
}
|
||||||
|
|
||||||
res.header("Server", serverName);
|
res.header("Server", serverName);
|
||||||
importHandler.doImport(req, res, req.params.pad);
|
|
||||||
|
hasPadAccess(req, res, function()
|
||||||
|
{
|
||||||
|
importHandler.doImport(req, res, req.params.pad);
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
var apiLogger = log4js.getLogger("API");
|
var apiLogger = log4js.getLogger("API");
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue