From ed0253cd0dd5cab22d3e618805312ed84c52405b Mon Sep 17 00:00:00 2001
From: NGPixel <ngpixel@gmail.com>
Date: Sat, 29 Apr 2017 17:42:33 -0400
Subject: [PATCH] fix: Fixed socket.io guest authorization + rights

---
 server/controllers/ws.js         | 8 +++++++-
 server/index.js                  | 9 ++++-----
 server/libs/entries.js           | 1 -
 server/views/error-forbidden.pug | 2 +-
 server/views/error-notexist.pug  | 2 +-
 server/views/error.pug           | 2 +-
 6 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/server/controllers/ws.js b/server/controllers/ws.js
index 78c4193d..1abcd7b4 100644
--- a/server/controllers/ws.js
+++ b/server/controllers/ws.js
@@ -1,10 +1,16 @@
 'use strict'
 
+/* global appconfig, rights */
 /* eslint-disable standard/no-callback-literal */
 
 const _ = require('lodash')
 
 module.exports = (socket) => {
+  // Check if Guest
+  if (!socket.request.user.logged_in) {
+    socket.request.user = _.assign(rights.guest, socket.request.user)
+  }
+
   // -----------------------------------------
   // SEARCH
   // -----------------------------------------
@@ -22,7 +28,7 @@ module.exports = (socket) => {
   // TREE VIEW (LIST ALL PAGES)
   // -----------------------------------------
 
-  if (socket.request.user.logged_in) {
+  if (appconfig.public || socket.request.user.logged_in) {
     socket.on('treeFetch', (data, cb) => {
       cb = cb || _.noop
       entries.getFromTree(data.basePath, socket.request.user).then((f) => {
diff --git a/server/index.js b/server/index.js
index 66860ef5..2cd8f0af 100644
--- a/server/index.js
+++ b/server/index.js
@@ -92,14 +92,14 @@ require('./libs/auth')(passport)
 global.rights = require('./libs/rights')
 rights.init()
 
-var sessionStore = new SessionMongoStore({
+let sessionStore = new SessionMongoStore({
   mongooseConnection: db.connection,
   touchAfter: 15
 })
 
 app.use(cookieParser())
 app.use(session({
-  name: 'requarkswiki.sid',
+  name: 'wikijs.sid',
   store: sessionStore,
   secret: appconfig.sessionSecret,
   resave: false,
@@ -221,16 +221,15 @@ server.on('listening', () => {
 // ----------------------------------------
 
 io.use(passportSocketIo.authorize({
-  key: 'requarkswiki.sid',
+  key: 'wikijs.sid',
   store: sessionStore,
   secret: appconfig.sessionSecret,
-  passport,
   cookieParser,
   success: (data, accept) => {
     accept()
   },
   fail: (data, message, error, accept) => {
-    return accept(new Error(message))
+    accept()
   }
 }))
 
diff --git a/server/libs/entries.js b/server/libs/entries.js
index bb5e24a0..22fa322d 100644
--- a/server/libs/entries.js
+++ b/server/libs/entries.js
@@ -399,7 +399,6 @@ module.exports = {
   getFromTree (basePath, usr) {
     return db.Entry.find({ parentPath: basePath }, 'title parentPath isDirectory isEntry').sort({ title: 'asc' }).then(results => {
       return _.filter(results, r => {
-        console.log(r._id, rights.checkRole(r._id, usr.rights, 'read'))
         return rights.checkRole('/' + r._id, usr.rights, 'read')
       })
     })
diff --git a/server/views/error-forbidden.pug b/server/views/error-forbidden.pug
index c4572103..50a9681b 100644
--- a/server/views/error-forbidden.pug
+++ b/server/views/error-forbidden.pug
@@ -22,7 +22,7 @@ html(data-logic='error')
 
   body(class='is-forbidden')
     .container
-      a(href='/'): img(src='/favicons/android-icon-96x96.png')
+      a(href='/'): img(src='/images/logo.png')
       h1 Forbidden
       h2 Sorry, you don't have the necessary permissions to access this page.
       a.button.is-amber.is-inverted(href='/') Go Home
diff --git a/server/views/error-notexist.pug b/server/views/error-notexist.pug
index 170e4378..84b598ed 100644
--- a/server/views/error-notexist.pug
+++ b/server/views/error-notexist.pug
@@ -22,7 +22,7 @@ html(data-logic='error')
 
   body(class='is-notexist')
     .container
-      a(href='/'): img(src='/favicons/android-icon-96x96.png')
+      a(href='/'): img(src='/images/logo.png')
       h1= message
       h2 Would you like to create this entry?
       a.button.is-amber.is-inverted.is-featured(href='/create/' + newpath) Create
diff --git a/server/views/error.pug b/server/views/error.pug
index 7dadc2ff..edad371d 100644
--- a/server/views/error.pug
+++ b/server/views/error.pug
@@ -22,7 +22,7 @@ html(data-logic='error')
 
   body(class='is-error')
     .container
-      a(href='/'): img(src='/favicons/android-icon-96x96.png')
+      a(href='/'): img(src='/images/logo.png')
       h1= message
       h2 Oops, something went wrong
       a.button.is-amber.is-inverted.is-featured(href='/') Go Home