fix: Fixed socket.io guest authorization + rights
This commit is contained in:
parent
5c9fe14723
commit
ed0253cd0d
@ -1,10 +1,16 @@
|
||||
'use strict'
|
||||
|
||||
/* global appconfig, rights */
|
||||
/* eslint-disable standard/no-callback-literal */
|
||||
|
||||
const _ = require('lodash')
|
||||
|
||||
module.exports = (socket) => {
|
||||
// Check if Guest
|
||||
if (!socket.request.user.logged_in) {
|
||||
socket.request.user = _.assign(rights.guest, socket.request.user)
|
||||
}
|
||||
|
||||
// -----------------------------------------
|
||||
// SEARCH
|
||||
// -----------------------------------------
|
||||
@ -22,7 +28,7 @@ module.exports = (socket) => {
|
||||
// TREE VIEW (LIST ALL PAGES)
|
||||
// -----------------------------------------
|
||||
|
||||
if (socket.request.user.logged_in) {
|
||||
if (appconfig.public || socket.request.user.logged_in) {
|
||||
socket.on('treeFetch', (data, cb) => {
|
||||
cb = cb || _.noop
|
||||
entries.getFromTree(data.basePath, socket.request.user).then((f) => {
|
||||
|
@ -92,14 +92,14 @@ require('./libs/auth')(passport)
|
||||
global.rights = require('./libs/rights')
|
||||
rights.init()
|
||||
|
||||
var sessionStore = new SessionMongoStore({
|
||||
let sessionStore = new SessionMongoStore({
|
||||
mongooseConnection: db.connection,
|
||||
touchAfter: 15
|
||||
})
|
||||
|
||||
app.use(cookieParser())
|
||||
app.use(session({
|
||||
name: 'requarkswiki.sid',
|
||||
name: 'wikijs.sid',
|
||||
store: sessionStore,
|
||||
secret: appconfig.sessionSecret,
|
||||
resave: false,
|
||||
@ -221,16 +221,15 @@ server.on('listening', () => {
|
||||
// ----------------------------------------
|
||||
|
||||
io.use(passportSocketIo.authorize({
|
||||
key: 'requarkswiki.sid',
|
||||
key: 'wikijs.sid',
|
||||
store: sessionStore,
|
||||
secret: appconfig.sessionSecret,
|
||||
passport,
|
||||
cookieParser,
|
||||
success: (data, accept) => {
|
||||
accept()
|
||||
},
|
||||
fail: (data, message, error, accept) => {
|
||||
return accept(new Error(message))
|
||||
accept()
|
||||
}
|
||||
}))
|
||||
|
||||
|
@ -399,7 +399,6 @@ module.exports = {
|
||||
getFromTree (basePath, usr) {
|
||||
return db.Entry.find({ parentPath: basePath }, 'title parentPath isDirectory isEntry').sort({ title: 'asc' }).then(results => {
|
||||
return _.filter(results, r => {
|
||||
console.log(r._id, rights.checkRole(r._id, usr.rights, 'read'))
|
||||
return rights.checkRole('/' + r._id, usr.rights, 'read')
|
||||
})
|
||||
})
|
||||
|
@ -22,7 +22,7 @@ html(data-logic='error')
|
||||
|
||||
body(class='is-forbidden')
|
||||
.container
|
||||
a(href='/'): img(src='/favicons/android-icon-96x96.png')
|
||||
a(href='/'): img(src='/images/logo.png')
|
||||
h1 Forbidden
|
||||
h2 Sorry, you don't have the necessary permissions to access this page.
|
||||
a.button.is-amber.is-inverted(href='/') Go Home
|
||||
|
@ -22,7 +22,7 @@ html(data-logic='error')
|
||||
|
||||
body(class='is-notexist')
|
||||
.container
|
||||
a(href='/'): img(src='/favicons/android-icon-96x96.png')
|
||||
a(href='/'): img(src='/images/logo.png')
|
||||
h1= message
|
||||
h2 Would you like to create this entry?
|
||||
a.button.is-amber.is-inverted.is-featured(href='/create/' + newpath) Create
|
||||
|
@ -22,7 +22,7 @@ html(data-logic='error')
|
||||
|
||||
body(class='is-error')
|
||||
.container
|
||||
a(href='/'): img(src='/favicons/android-icon-96x96.png')
|
||||
a(href='/'): img(src='/images/logo.png')
|
||||
h1= message
|
||||
h2 Oops, something went wrong
|
||||
a.button.is-amber.is-inverted.is-featured(href='/') Go Home
|
||||
|
Loading…
Reference in New Issue
Block a user