fix: Fixed socket.io guest authorization + rights

This commit is contained in:
NGPixel 2017-04-29 17:42:33 -04:00
parent 5c9fe14723
commit ed0253cd0d
6 changed files with 14 additions and 10 deletions

View File

@ -1,10 +1,16 @@
'use strict'
/* global appconfig, rights */
/* eslint-disable standard/no-callback-literal */
const _ = require('lodash')
module.exports = (socket) => {
// Check if Guest
if (!socket.request.user.logged_in) {
socket.request.user = _.assign(rights.guest, socket.request.user)
}
// -----------------------------------------
// SEARCH
// -----------------------------------------
@ -22,7 +28,7 @@ module.exports = (socket) => {
// TREE VIEW (LIST ALL PAGES)
// -----------------------------------------
if (socket.request.user.logged_in) {
if (appconfig.public || socket.request.user.logged_in) {
socket.on('treeFetch', (data, cb) => {
cb = cb || _.noop
entries.getFromTree(data.basePath, socket.request.user).then((f) => {

View File

@ -92,14 +92,14 @@ require('./libs/auth')(passport)
global.rights = require('./libs/rights')
rights.init()
var sessionStore = new SessionMongoStore({
let sessionStore = new SessionMongoStore({
mongooseConnection: db.connection,
touchAfter: 15
})
app.use(cookieParser())
app.use(session({
name: 'requarkswiki.sid',
name: 'wikijs.sid',
store: sessionStore,
secret: appconfig.sessionSecret,
resave: false,
@ -221,16 +221,15 @@ server.on('listening', () => {
// ----------------------------------------
io.use(passportSocketIo.authorize({
key: 'requarkswiki.sid',
key: 'wikijs.sid',
store: sessionStore,
secret: appconfig.sessionSecret,
passport,
cookieParser,
success: (data, accept) => {
accept()
},
fail: (data, message, error, accept) => {
return accept(new Error(message))
accept()
}
}))

View File

@ -399,7 +399,6 @@ module.exports = {
getFromTree (basePath, usr) {
return db.Entry.find({ parentPath: basePath }, 'title parentPath isDirectory isEntry').sort({ title: 'asc' }).then(results => {
return _.filter(results, r => {
console.log(r._id, rights.checkRole(r._id, usr.rights, 'read'))
return rights.checkRole('/' + r._id, usr.rights, 'read')
})
})

View File

@ -22,7 +22,7 @@ html(data-logic='error')
body(class='is-forbidden')
.container
a(href='/'): img(src='/favicons/android-icon-96x96.png')
a(href='/'): img(src='/images/logo.png')
h1 Forbidden
h2 Sorry, you don't have the necessary permissions to access this page.
a.button.is-amber.is-inverted(href='/') Go Home

View File

@ -22,7 +22,7 @@ html(data-logic='error')
body(class='is-notexist')
.container
a(href='/'): img(src='/favicons/android-icon-96x96.png')
a(href='/'): img(src='/images/logo.png')
h1= message
h2 Would you like to create this entry?
a.button.is-amber.is-inverted.is-featured(href='/create/' + newpath) Create

View File

@ -22,7 +22,7 @@ html(data-logic='error')
body(class='is-error')
.container
a(href='/'): img(src='/favicons/android-icon-96x96.png')
a(href='/'): img(src='/images/logo.png')
h1= message
h2 Oops, something went wrong
a.button.is-amber.is-inverted.is-featured(href='/') Go Home