wiki-cafe/wiki-security-passportjs
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add new logic for restricted wikis

Browse Source
This commit is contained in:
Robert Best
2024-09-20 21:26:32 -04:00
committed by 3wc
parent b28d90fcc3
commit 5d7c53d1a2
1 changed files with 23 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
server/social.coffee
View File

@ -385,24 +385,31 @@ module.exports = exports = (log, loga, argv) ->
# see http://ward.asia.wiki.org/login-to-view.html # see http://ward.asia.wiki.org/login-to-view.html
if argv.restricted? if argv.restricted?
allowedToView = (req) -> allowedToView = (req) ->
allowed = []
if argv.allowed_domains? if argv.allowed_domains?
if Array.isArray(argv.allowed_domains) try
allowed = argv.allowed_domains allowed_domains = argv.allowed_domains
else emails = req.session.passport.user.google.emails
# accommodate copy bug to be fixed soon for entry in emails
# https://github.com/fedwiki/wiki/blob/4c6eee69e78c1ba3f3fc8d61f4450f70afb78f10/farm.coffee#L98-L103 have = entry.value.split('@')[1]
for k, v of argv.allowed_domains for want in allowed_domains
allowed.push v return true if want == have
# emails = [ { value: 'ward.cunningham@gmail.com', type: 'account' } ] catch error
emails = req.session?.passport?.user?.google?.emails if emails?
return false unless emails console.log "argv.allowed_domains exists, but there was an error. Make sure it's value is an array in your config."
for entry in emails if argv.allowed_ids?
have = entry.value.split('@')[1] try
for want in allowed allowed_ids = argv.allowed_ids
return true if want == have idProvider = _.head(_.keys(req.session.passport.user))
switch idProvider
when 'github', 'twitter', 'oauth2'
id = req.session.passport.user[idProvider].id
return true if (allowed_ids.length == 1 and allowed_ids[0] == "*")
for want in allowed_ids
return true if want == id
catch error
if idProvider?
console.log "argv.allowed_ids exists, but there was an error. Make sure it's value is an array in your config."
false false
app.all '*', (req, res, next) -> app.all '*', (req, res, next) ->