wiki-cafe/wiki-security-passportjs
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #18 from fedwiki/ward/cors-origin

Browse Source 
handle forwarding of sessions
This commit is contained in:
Paul Rodwell
2018-09-17 11:00:17 +01:00
committed by GitHub
parent f7f34b2223 081743b48f
commit 648be74cff
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "wiki-security-passportjs", "name": "wiki-security-passportjs",
"version": "0.2.0", "version": "0.2.0-cors",
"description": "Security plugin for Federated Wiki, using passport.js", "description": "Security plugin for Federated Wiki, using passport.js",
"author": "Paul Rodwell <paul.rodwell@btinternet.com> (http://rodwell.me)", "author": "Paul Rodwell <paul.rodwell@btinternet.com> (http://rodwell.me)",
"license": "MIT", "license": "MIT",

7
server/social.coffee
View File

@ -413,12 +413,17 @@ module.exports = exports = (log, loga, argv) ->
false false
app.all '*', (req, res, next) -> app.all '*', (req, res, next) ->
# todo: think about assets??
return next() unless /\.(json|html)$/.test req.url return next() unless /\.(json|html)$/.test req.url
# prepare to examine remote server's forwarded session
res.header 'Access-Control-Allow-Origin', req.get('Origin')||'*'
res.header 'Access-Control-Allow-Credentials', 'true'
return next() if isAuthorized(req) || allowedToView(req) return next() if isAuthorized(req) || allowedToView(req)
return res.redirect("/view/#{m[1]}") if m = req.url.match /\/(.*)\.html/ return res.redirect("/view/#{m[1]}") if m = req.url.match /\/(.*)\.html/
return res.json([]) if req.url == '/system/sitemap.json' return res.json([]) if req.url == '/system/sitemap.json'
# explain why these pages can't be viewed # not happy, explain why these pages can't be viewed
problem = "This is a restricted wiki requires users to login to view pages. You do not have to be the site owner but you do need to login with a participating email address." problem = "This is a restricted wiki requires users to login to view pages. You do not have to be the site owner but you do need to login with a participating email address."
details = "[#{argv.details || 'http://ward.asia.wiki.org/login-to-view.html'} details]" details = "[#{argv.details || 'http://ward.asia.wiki.org/login-to-view.html'} details]"
res.status(200).json( res.status(200).json(