handle forwarding of sessions
This commit is contained in:
parent
f7f34b2223
commit
081743b48f
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "wiki-security-passportjs",
|
||||
"version": "0.2.0",
|
||||
"version": "0.2.0-cors",
|
||||
"description": "Security plugin for Federated Wiki, using passport.js",
|
||||
"author": "Paul Rodwell <paul.rodwell@btinternet.com> (http://rodwell.me)",
|
||||
"license": "MIT",
|
||||
|
|
|
@ -413,12 +413,17 @@ module.exports = exports = (log, loga, argv) ->
|
|||
false
|
||||
|
||||
app.all '*', (req, res, next) ->
|
||||
# todo: think about assets??
|
||||
return next() unless /\.(json|html)$/.test req.url
|
||||
|
||||
# prepare to examine remote server's forwarded session
|
||||
res.header 'Access-Control-Allow-Origin', req.get('Origin')||'*'
|
||||
res.header 'Access-Control-Allow-Credentials', 'true'
|
||||
return next() if isAuthorized(req) || allowedToView(req)
|
||||
return res.redirect("/view/#{m[1]}") if m = req.url.match /\/(.*)\.html/
|
||||
return res.json([]) if req.url == '/system/sitemap.json'
|
||||
|
||||
# explain why these pages can't be viewed
|
||||
# not happy, explain why these pages can't be viewed
|
||||
problem = "This is a restricted wiki requires users to login to view pages. You do not have to be the site owner but you do need to login with a participating email address."
|
||||
details = "[#{argv.details || 'http://ward.asia.wiki.org/login-to-view.html'} details]"
|
||||
res.status(200).json(
|
||||
|
|
Loading…
Reference in New Issue