liz/wikijs-fork
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor: renderers + auth providers + fixes

Browse Source
This commit is contained in:
NGPixel
2018-01-14 22:05:08 -05:00
parent 24fc806b0e
commit 74bd722168
41 changed files with 475 additions and 770 deletions
Download Patch File Download Diff File Expand all files Collapse all files

307
server/controllers/admin.js
View File

@@ -1,307 +0,0 @@
'use strict'
/* global wiki */
var express = require('express')
var router = express.Router()
const Promise = require('bluebird')
const validator = require('validator')
const _ = require('lodash')
const axios = require('axios')
const path = require('path')
const fs = Promise.promisifyAll(require('fs-extra'))
const os = require('os')
const filesize = require('filesize.js')
/**
* Admin
*/
router.get('/', (req, res) => {
res.redirect('/admin/profile')
})
router.get('/profile', (req, res) => {
if (res.locals.isGuest) {
return res.render('error-forbidden')
}
res.render('pages/admin/profile', { adminTab: 'profile' })
})
router.post('/profile', (req, res) => {
if (res.locals.isGuest) {
return res.render('error-forbidden')
}
return wiki.db.User.findById(req.user.id).then((usr) => {
usr.name = _.trim(req.body.name)
if (usr.provider === 'local' && req.body.password !== '********') {
let nPwd = _.trim(req.body.password)
if (nPwd.length < 6) {
return Promise.reject(new Error('New Password too short!'))
} else {
return wiki.db.User.hashPassword(nPwd).then((pwd) => {
usr.password = pwd
return usr.save()
})
}
} else {
return usr.save()
}
}).then(() => {
return res.json({ msg: 'OK' })
}).catch((err) => {
res.status(400).json({ msg: err.message })
})
})
router.get('/stats', (req, res) => {
if (res.locals.isGuest) {
return res.render('error-forbidden')
}
Promise.all([
wiki.db.Entry.count(),
wiki.db.UplFile.count(),
wiki.db.User.count()
]).spread((totalEntries, totalUploads, totalUsers) => {
return res.render('pages/admin/stats', {
totalEntries, totalUploads, totalUsers, adminTab: 'stats'
}) || true
}).catch((err) => {
throw err
})
})
router.get('/users', (req, res) => {
if (!res.locals.rights.manage) {
return res.render('error-forbidden')
}
wiki.db.User.find({})
.select('-password -rights')
.sort('name email')
.exec().then((usrs) => {
res.render('pages/admin/users', { adminTab: 'users', usrs })
})
})
router.get('/users/:id', (req, res) => {
if (!res.locals.rights.manage) {
return res.render('error-forbidden')
}
if (!validator.isMongoId(req.params.id)) {
return res.render('error-forbidden')
}
wiki.db.User.findById(req.params.id)
.select('-password -providerId')
.exec().then((usr) => {
let usrOpts = {
canChangeEmail: (usr.email !== 'guest' && usr.provider === 'local' && usr.email !== req.app.locals.appconfig.admin),
canChangeName: (usr.email !== 'guest'),
canChangePassword: (usr.email !== 'guest' && usr.provider === 'local'),
canChangeRole: (usr.email !== 'guest' && !(usr.provider === 'local' && usr.email === req.app.locals.appconfig.admin)),
canBeDeleted: (usr.email !== 'guest' && !(usr.provider === 'local' && usr.email === req.app.locals.appconfig.admin))
}
res.render('pages/admin/users-edit', { adminTab: 'users', usr, usrOpts })
}).catch(err => { // eslint-disable-line handle-callback-err
return res.status(404).end() || true
})
})
/**
* Create / Authorize a new user
*/
router.post('/users/create', (req, res) => {
if (!res.locals.rights.manage) {
return res.status(401).json({ msg: 'Unauthorized' })
}
let nUsr = {
email: _.toLower(_.trim(req.body.email)),
provider: _.trim(req.body.provider),
password: req.body.password,
name: _.trim(req.body.name)
}
if (!validator.isEmail(nUsr.email)) {
return res.status(400).json({ msg: 'Invalid email address' })
} else if (!validator.isIn(nUsr.provider, ['local', 'google', 'windowslive', 'facebook', 'github', 'slack'])) {
return res.status(400).json({ msg: 'Invalid provider' })
} else if (nUsr.provider === 'local' && !validator.isLength(nUsr.password, { min: 6 })) {
return res.status(400).json({ msg: 'Password too short or missing' })
} else if (nUsr.provider === 'local' && !validator.isLength(nUsr.name, { min: 2 })) {
return res.status(400).json({ msg: 'Name is missing' })
}
wiki.db.User.findOne({ email: nUsr.email, provider: nUsr.provider }).then(exUsr => {
if (exUsr) {
return res.status(400).json({ msg: 'User already exists!' }) || true
}
let pwdGen = (nUsr.provider === 'local') ? wiki.db.User.hashPassword(nUsr.password) : Promise.resolve(true)
return pwdGen.then(nPwd => {
if (nUsr.provider !== 'local') {
nUsr.password = ''
nUsr.name = '-- pending --'
} else {
nUsr.password = nPwd
}
nUsr.rights = [{
role: 'read',
path: '/',
exact: false,
deny: false
}]
return wiki.db.User.create(nUsr).then(() => {
return res.json({ ok: true })
})
}).catch(err => {
wiki.logger.warn(err)
return res.status(500).json({ msg: err })
})
}).catch(err => {
wiki.logger.warn(err)
return res.status(500).json({ msg: err })
})
})
router.post('/users/:id', (req, res) => {
if (!res.locals.rights.manage) {
return res.status(401).json({ msg: wiki.lang.t('errors:unauthorized') })
}
if (!validator.isMongoId(req.params.id)) {
return res.status(400).json({ msg: wiki.lang.t('errors:invaliduserid') })
}
return wiki.db.User.findById(req.params.id).then((usr) => {
usr.name = _.trim(req.body.name)
usr.rights = JSON.parse(req.body.rights)
if (usr.provider === 'local' && req.body.password !== '********') {
let nPwd = _.trim(req.body.password)
if (nPwd.length < 6) {
return Promise.reject(new Error(wiki.lang.t('errors:newpasswordtooshort')))
} else {
return wiki.db.User.hashPassword(nPwd).then((pwd) => {
usr.password = pwd
return usr.save()
})
}
} else {
return usr.save()
}
}).then((usr) => {
// Update guest rights for future requests
if (usr.provider === 'local' && usr.email === 'guest') {
wiki.rights.guest = usr
}
return usr
}).then(() => {
return res.json({ msg: 'OK' })
}).catch((err) => {
res.status(400).json({ msg: err.message })
})
})
/**
* Delete / Deauthorize a user
*/
router.delete('/users/:id', (req, res) => {
if (!res.locals.rights.manage) {
return res.status(401).json({ msg: wiki.lang.t('errors:unauthorized') })
}
if (!validator.isMongoId(req.params.id)) {
return res.status(400).json({ msg: wiki.lang.t('errors:invaliduserid') })
}
return wiki.db.User.findByIdAndRemove(req.params.id).then(() => {
return res.json({ ok: true })
}).catch((err) => {
res.status(500).json({ ok: false, msg: err.message })
})
})
router.get('/settings', (req, res) => {
if (!res.locals.rights.manage) {
return res.render('error-forbidden')
}
res.render('pages/admin/settings', { adminTab: 'settings' })
})
router.get('/system', (req, res) => {
if (!res.locals.rights.manage) {
return res.render('error-forbidden')
}
let hostInfo = {
cpus: os.cpus(),
hostname: os.hostname(),
nodeversion: process.version,
os: `${os.type()} (${os.platform()}) ${os.release()} ${os.arch()}`,
totalmem: filesize(os.totalmem()),
cwd: process.cwd()
}
fs.readJsonAsync(path.join(wiki.ROOTPATH, 'package.json')).then(packageObj => {
axios.get('https://api.github.com/repos/Requarks/wiki/releases/latest').then(resp => {
let sysversion = {
current: 'v' + packageObj.version,
latest: resp.data.tag_name,
latestPublishedAt: resp.data.published_at
}
res.render('pages/admin/system', { adminTab: 'system', hostInfo, sysversion })
}).catch(err => {
wiki.logger.warn(err)
res.render('pages/admin/system', { adminTab: 'system', hostInfo, sysversion: { current: 'v' + packageObj.version } })
})
})
})
router.post('/system/install', (req, res) => {
if (!res.locals.rights.manage) {
return res.render('error-forbidden')
}
// let sysLib = require(path.join(ROOTPATH, 'libs/system.js'))
// sysLib.install('v1.0-beta.7')
res.status(400).send('Sorry, Upgrade/Re-Install via the web UI is not yet ready. You must use the npm upgrade method in the meantime.').end()
})
router.get('/theme', (req, res) => {
if (!res.locals.rights.manage) {
return res.render('error-forbidden')
}
res.render('pages/admin/theme', { adminTab: 'theme' })
})
router.post('/theme', (req, res) => {
if (res.locals.isGuest) {
return res.render('error-forbidden')
}
if (!validator.isIn(req.body.primary, wiki.data.colors)) {
return res.status(406).json({ msg: 'Primary color is invalid.' })
} else if (!validator.isIn(req.body.alt, wiki.data.colors)) {
return res.status(406).json({ msg: 'Alternate color is invalid.' })
} else if (!validator.isIn(req.body.footer, wiki.data.colors)) {
return res.status(406).json({ msg: 'Footer color is invalid.' })
}
wiki.config.theme.primary = req.body.primary
wiki.config.theme.alt = req.body.alt
wiki.config.theme.footer = req.body.footer
wiki.config.theme.code.dark = req.body.codedark === 'true'
wiki.config.theme.code.colorize = req.body.codecolorize === 'true'
return res.json({ msg: 'OK' })
})
module.exports = router

5
server/controllers/auth.js
View File

@@ -34,10 +34,7 @@ const bruteforce = new ExpressBrute(EBstore, {
* Login form
*/
router.get('/login', function (req, res, next) {
res.render('auth/login', {
authStrategies: _.reject(wiki.auth.strategies, { key: 'local' }),
hasMultipleStrategies: Object.keys(wiki.config.auth.strategies).length > 1
})
res.render('auth/login')
})
router.post('/login', bruteforce.prevent, function (req, res, next) {

0
server/controllers/pages.js → server/controllers/common.js
View File

162
server/controllers/uploads.js
View File

@@ -1,162 +0,0 @@
'use strict'
/* global wiki */
const express = require('express')
const router = express.Router()
const readChunk = require('read-chunk')
const fileType = require('file-type')
const Promise = require('bluebird')
const fs = Promise.promisifyAll(require('fs-extra'))
const path = require('path')
const _ = require('lodash')
const validPathRe = new RegExp('^([a-z0-9/-' + wiki.data.regex.cjk + wiki.data.regex.arabic + ']+\\.[a-z0-9]+)$')
const validPathThumbsRe = new RegExp('^([a-z0-9]+\\.png)$')
// ==========================================
// SERVE UPLOADS FILES
// ==========================================
router.get('/t/*', (req, res, next) => {
let fileName = req.params[0]
if (!validPathThumbsRe.test(fileName)) {
return res.sendStatus(404).end()
}
// todo: Authentication-based access
res.sendFile(fileName, {
root: wiki.disk.getThumbsPath(),
dotfiles: 'deny'
}, (err) => {
if (err) {
res.status(err.status).end()
}
})
})
// router.post('/img', wiki.disk.uploadImgHandler, (req, res, next) => {
// let destFolder = _.chain(req.body.folder).trim().toLower().value()
// wiki.upl.validateUploadsFolder(destFolder).then((destFolderPath) => {
// if (!destFolderPath) {
// res.json({ ok: false, msg: wiki.lang.t('errors:invalidfolder') })
// return true
// }
// Promise.map(req.files, (f) => {
// let destFilename = ''
// let destFilePath = ''
// return wiki.disk.validateUploadsFilename(f.originalname, destFolder, true).then((fname) => {
// destFilename = fname
// destFilePath = path.resolve(destFolderPath, destFilename)
// return readChunk(f.path, 0, 262)
// }).then((buf) => {
// // -> Check MIME type by magic number
// let mimeInfo = fileType(buf)
// if (!_.includes(['image/png', 'image/jpeg', 'image/gif', 'image/webp'], mimeInfo.mime)) {
// return Promise.reject(new Error(wiki.lang.t('errors:invalidfiletype')))
// }
// return true
// }).then(() => {
// // -> Move file to final destination
// return fs.moveAsync(f.path, destFilePath, { clobber: false })
// }).then(() => {
// return {
// ok: true,
// filename: destFilename,
// filesize: f.size
// }
// }).reflect()
// }, {concurrency: 3}).then((results) => {
// let uplResults = _.map(results, (r) => {
// if (r.isFulfilled()) {
// return r.value()
// } else {
// return {
// ok: false,
// msg: r.reason().message
// }
// }
// })
// res.json({ ok: true, results: uplResults })
// return true
// }).catch((err) => {
// res.json({ ok: false, msg: err.message })
// return true
// })
// })
// })
// router.post('/file', wiki.disk.uploadFileHandler, (req, res, next) => {
// let destFolder = _.chain(req.body.folder).trim().toLower().value()
// wiki.upl.validateUploadsFolder(destFolder).then((destFolderPath) => {
// if (!destFolderPath) {
// res.json({ ok: false, msg: wiki.lang.t('errors:invalidfolder') })
// return true
// }
// Promise.map(req.files, (f) => {
// let destFilename = ''
// let destFilePath = ''
// return wiki.disk.validateUploadsFilename(f.originalname, destFolder, false).then((fname) => {
// destFilename = fname
// destFilePath = path.resolve(destFolderPath, destFilename)
// // -> Move file to final destination
// return fs.moveAsync(f.path, destFilePath, { clobber: false })
// }).then(() => {
// return {
// ok: true,
// filename: destFilename,
// filesize: f.size
// }
// }).reflect()
// }, {concurrency: 3}).then((results) => {
// let uplResults = _.map(results, (r) => {
// if (r.isFulfilled()) {
// return r.value()
// } else {
// return {
// ok: false,
// msg: r.reason().message
// }
// }
// })
// res.json({ ok: true, results: uplResults })
// return true
// }).catch((err) => {
// res.json({ ok: false, msg: err.message })
// return true
// })
// })
// })
// router.get('/*', (req, res, next) => {
// let fileName = req.params[0]
// if (!validPathRe.test(fileName)) {
// return res.sendStatus(404).end()
// }
// // todo: Authentication-based access
// res.sendFile(fileName, {
// root: wiki.git.getRepoPath() + '/uploads/',
// dotfiles: 'deny'
// }, (err) => {
// if (err) {
// res.status(err.status).end()
// }
// })
// })
module.exports = router

116
server/controllers/ws.js
View File

@@ -1,116 +0,0 @@
'use strict'
/* global appconfig, entries, rights, search, upl */
/* eslint-disable standard/no-callback-literal */
const _ = require('lodash')
module.exports = (socket) => {
// Check if Guest
if (!socket.request.user.logged_in) {
socket.request.user = _.assign(rights.guest, socket.request.user)
}
// -----------------------------------------
// SEARCH
// -----------------------------------------
if (appconfig.public || socket.request.user.logged_in) {
socket.on('search', (data, cb) => {
cb = cb || _.noop
search.find(data.terms).then((results) => {
return cb(results) || true
})
})
}
// -----------------------------------------
// TREE VIEW (LIST ALL PAGES)
// -----------------------------------------
if (appconfig.public || socket.request.user.logged_in) {
socket.on('treeFetch', (data, cb) => {
cb = cb || _.noop
entries.getFromTree(data.basePath, socket.request.user).then((f) => {
return cb(f) || true
})
})
}
// -----------------------------------------
// UPLOADS
// -----------------------------------------
if (socket.request.user.logged_in) {
socket.on('uploadsGetFolders', (data, cb) => {
cb = cb || _.noop
upl.getUploadsFolders().then((f) => {
return cb(f) || true
})
})
socket.on('uploadsCreateFolder', (data, cb) => {
cb = cb || _.noop
upl.createUploadsFolder(data.foldername).then((f) => {
return cb(f) || true
})
})
socket.on('uploadsGetImages', (data, cb) => {
cb = cb || _.noop
upl.getUploadsFiles('image', data.folder).then((f) => {
return cb(f) || true
})
})
socket.on('uploadsGetFiles', (data, cb) => {
cb = cb || _.noop
upl.getUploadsFiles('binary', data.folder).then((f) => {
return cb(f) || true
})
})
socket.on('uploadsDeleteFile', (data, cb) => {
cb = cb || _.noop
upl.deleteUploadsFile(data.uid).then((f) => {
return cb(f) || true
})
})
socket.on('uploadsFetchFileFromURL', (data, cb) => {
cb = cb || _.noop
upl.downloadFromUrl(data.folder, data.fetchUrl).then((f) => {
return cb({ ok: true }) || true
}).catch((err) => {
return cb({
ok: false,
msg: err.message
}) || true
})
})
socket.on('uploadsRenameFile', (data, cb) => {
cb = cb || _.noop
upl.moveUploadsFile(data.uid, data.folder, data.filename).then((f) => {
return cb({ ok: true }) || true
}).catch((err) => {
return cb({
ok: false,
msg: err.message
}) || true
})
})
socket.on('uploadsMoveFile', (data, cb) => {
cb = cb || _.noop
upl.moveUploadsFile(data.uid, data.folder).then((f) => {
return cb({ ok: true }) || true
}).catch((err) => {
return cb({
ok: false,
msg: err.message
}) || true
})
})
}
}