From a89c81f62f93c3ec5c76f20bac8aaa70f1235a64 Mon Sep 17 00:00:00 2001 From: Egil Moeller Date: Sat, 25 Feb 2012 00:15:57 +0100 Subject: [PATCH] Moved padreadonly --- node/padaccess.js | 21 ++++++++++++ node/padreadonly.js | 65 +++++++++++++++++++++++++++++++++++++ node/server.js | 78 +-------------------------------------------- pluginomatic.json | 3 +- 4 files changed, 89 insertions(+), 78 deletions(-) create mode 100644 node/padaccess.js create mode 100644 node/padreadonly.js diff --git a/node/padaccess.js b/node/padaccess.js new file mode 100644 index 000000000..a3d1df332 --- /dev/null +++ b/node/padaccess.js @@ -0,0 +1,21 @@ +var ERR = require("async-stacktrace"); +var securityManager = require('./db/SecurityManager'); + +//checks for padAccess +module.exports = function (req, res, callback) { + + // FIXME: Why is this ever undefined?? + if (req.cookies === undefined) req.cookies = {}; + + securityManager.checkAccess(req.params.pad, req.cookies.sessionid, req.cookies.token, req.cookies.password, function(err, accessObj) { + if(ERR(err, callback)) return; + + //there is access, continue + if(accessObj.accessStatus == "grant") { + callback(); + //no access + } else { + res.send("403 - Can't touch this", 403); + } + }); +} diff --git a/node/padreadonly.js b/node/padreadonly.js new file mode 100644 index 000000000..50a5e06ee --- /dev/null +++ b/node/padreadonly.js @@ -0,0 +1,65 @@ +var async = require('async'); +var readOnlyManager = require("./db/ReadOnlyManager"); +var hasPadAccess = require("./padaccess"); +var exporthtml = require("./utils/ExportHtml"); +var ERR = require("async-stacktrace"); + +exports.expressServer = function (hook_name, args, cb) { + //serve read only pad + args.app.get('/ro/:id', function(req, res) + { + var html; + var padId; + var pad; + + async.series([ + //translate the read only pad to a padId + function(callback) + { + readOnlyManager.getPadId(req.params.id, function(err, _padId) + { + if(ERR(err, callback)) return; + + padId = _padId; + + //we need that to tell hasPadAcess about the pad + req.params.pad = padId; + + callback(); + }); + }, + //render the html document + function(callback) + { + //return if the there is no padId + if(padId == null) + { + callback("notfound"); + return; + } + + hasPadAccess(req, res, function() + { + //render the html document + exporthtml.getPadHTMLDocument(padId, null, false, function(err, _html) + { + if(ERR(err, callback)) return; + html = _html; + callback(); + }); + }); + } + ], function(err) + { + //throw any unexpected error + if(err && err != "notfound") + ERR(err); + + if(err == "notfound") + res.send('404 - Not Found', 404); + else + res.send(html); + }); + }); + +} \ No newline at end of file diff --git a/node/server.js b/node/server.js index cdd1c4227..8795273f6 100644 --- a/node/server.js +++ b/node/server.js @@ -107,6 +107,7 @@ async.waterfall([ padManager = require('./db/PadManager'); securityManager = require('./db/SecurityManager'); socketIORouter = require("./handler/SocketIORouter"); + hasPadAccess = require("./padaccess"); //install logging var httpLogger = log4js.getLogger("http"); @@ -128,26 +129,6 @@ async.waterfall([ gracefulShutdown(); }); - //checks for padAccess - function hasPadAccess(req, res, callback) - { - securityManager.checkAccess(req.params.pad, req.cookies.sessionid, req.cookies.token, req.cookies.password, function(err, accessObj) - { - if(ERR(err, callback)) return; - - //there is access, continue - if(accessObj.accessStatus == "grant") - { - callback(); - } - //no access - else - { - res.send("403 - Can't touch this", 403); - } - }); - } - //checks for basic http auth function basic_auth (req, res, next) { if (req.headers.authorization && req.headers.authorization.search('Basic ') === 0) { @@ -168,63 +149,6 @@ async.waterfall([ } } - //serve read only pad - app.get('/ro/:id', function(req, res) - { - var html; - var padId; - var pad; - - async.series([ - //translate the read only pad to a padId - function(callback) - { - readOnlyManager.getPadId(req.params.id, function(err, _padId) - { - if(ERR(err, callback)) return; - - padId = _padId; - - //we need that to tell hasPadAcess about the pad - req.params.pad = padId; - - callback(); - }); - }, - //render the html document - function(callback) - { - //return if the there is no padId - if(padId == null) - { - callback("notfound"); - return; - } - - hasPadAccess(req, res, function() - { - //render the html document - exporthtml.getPadHTMLDocument(padId, null, false, function(err, _html) - { - if(ERR(err, callback)) return; - html = _html; - callback(); - }); - }); - } - ], function(err) - { - //throw any unexpected error - if(err && err != "notfound") - ERR(err); - - if(err == "notfound") - res.send('404 - Not Found', 404); - else - res.send(html); - }); - }); - //serve timeslider.html under /p/$padname/timeslider app.get('/p/:pad/:rev?/export/:type', function(req, res, next) { diff --git a/pluginomatic.json b/pluginomatic.json index f75226436..c1d6ae064 100644 --- a/pluginomatic.json +++ b/pluginomatic.json @@ -3,6 +3,7 @@ { "name": "static", "hooks": { "expressServer": "../static:expressServer" } }, { "name": "specialpages", "hooks": { "expressServer": "../specialpages:expressServer" } }, { "name": "padurlsanitize", "hooks": { "expressServer": "../padurlsanitize:expressServer" } }, - { "name": "minified", "hooks": { "expressServer": "../minified:expressServer" } } + { "name": "minified", "hooks": { "expressServer": "../minified:expressServer" } }, + { "name": "padreadonly", "hooks": { "expressServer": "../padreadonly:expressServer" } } ] }