allowed from config, redirect html req
This commit is contained in:
Ward Cunningham
@ -387,73 +387,52 @@ module.exports = exports = (log, loga, argv) ->
|
|||||||
}
|
}
|
||||||
res.render(path.join(__dirname, '..', 'views', 'done.html'), info)
|
res.render(path.join(__dirname, '..', 'views', 'done.html'), info)
|
||||||
|
|
||||||
|
|
||||||
# if configured, enforce restricted access to json
|
# if configured, enforce restricted access to json
|
||||||
|
# see http://ward.asia.wiki.org/login-to-view.html
|
||||||
|
|
||||||
if argv.restricted?
|
if argv.restricted?
|
||||||
|
|
||||||
loginToView = (req) ->
|
allowedToView = (req) ->
|
||||||
# things = [ { value: 'ward.cunningham@gmail.com', type: 'account' } ]
|
allowed = []
|
||||||
allowed = [
|
if argv.allowed_domains?
|
||||||
"dayton.k12.or.us", "stu.dayton.k12.or.us",
|
if Array.isArray(argv.allowed_domains)
|
||||||
"newberg.k12.or.us", "stu.newberg.k12.or.us",
|
allowed = argv.allowed_domains
|
||||||
"innovateoregon.org",
|
else
|
||||||
"newrelic.com",
|
# accommodate copy bug to be fixed soon
|
||||||
"c2.com",
|
# https://github.com/fedwiki/wiki/blob/4c6eee69e78c1ba3f3fc8d61f4450f70afb78f10/farm.coffee#L98-L103
|
||||||
"andysylvester.com"
|
for k, v of argv.allowed_domains
|
||||||
]
|
allowed.push v
|
||||||
things = req.session?.passport?.user?.google?.emails
|
# emails = [ { value: 'ward.cunningham@gmail.com', type: 'account' } ]
|
||||||
return false unless things
|
emails = req.session?.passport?.user?.google?.emails
|
||||||
for entry in things
|
return false unless emails
|
||||||
|
for entry in emails
|
||||||
have = entry.value.split('@')[1]
|
have = entry.value.split('@')[1]
|
||||||
for want in allowed
|
for want in allowed
|
||||||
return true if want == have
|
return true if want == have
|
||||||
false
|
false
|
||||||
|
|
||||||
app.all '*', (req, res, next) ->
|
app.all '*', (req, res, next) ->
|
||||||
return next() unless /\.json$/.test req.url
|
return next() unless /\.(json|html)$/.test req.url
|
||||||
|
return next() if isAuthorized(req) || allowedToView(req)
|
||||||
|
return res.redirect("/view/#{m[1]}") if m = req.url.match /\/(.*)\.html/
|
||||||
|
return res.json([]) if req.url == '/system/sitemap.json'
|
||||||
|
|
||||||
# like authorized(req,res,nex) but more universal and adjustable
|
# explain why these pages can't be viewed
|
||||||
console.log '--------------------------------------------'
|
problem = "This is a restricted wiki requires users to login to view pages. You do not have to be the site owner but you do need to login with a participating email address."
|
||||||
console.log 'url',req.url
|
details = "[#{argv.details || 'http://ward.asia.wiki.org/login-to-view.html'} details]"
|
||||||
console.log 'owner',owner
|
res.status(200).json(
|
||||||
console.log 'owner email',owner.google?.emails
|
{
|
||||||
console.log 'user',req.session?.passport?.user
|
"title": "Login Required",
|
||||||
console.log 'user emails',req.session?.passport?.user?.google?.emails
|
"story": [
|
||||||
console.log 'wikiDomains',argv.wikiDomains
|
{
|
||||||
console.log 'wikiHost', wikiHost
|
"type": "paragraph",
|
||||||
console.log 'argv.wiki_domain', argv.wiki_domain
|
"id": "55d44b367ed64875",
|
||||||
console.log '--------------------------------------------'
|
"text": "#{problem} #{details}"
|
||||||
|
}
|
||||||
# if access if to be allowed call `next()`
|
]
|
||||||
|
}
|
||||||
if isAuthorized(req) || loginToView(req)
|
)
|
||||||
next()
|
|
||||||
|
|
||||||
# if access is not allowed display a splash screen,
|
|
||||||
# this will need a login link that call the same code as clicking on the padlock
|
|
||||||
|
|
||||||
else
|
|
||||||
json = if req.url == '/system/sitemap.json'
|
|
||||||
[]
|
|
||||||
else
|
|
||||||
{
|
|
||||||
"title": "Login Required",
|
|
||||||
"story": [
|
|
||||||
{
|
|
||||||
"type": "paragraph",
|
|
||||||
"id": "55d44b367ed64875",
|
|
||||||
"text": "This is a restricted wiki which requires users to login to view pages. You do not have to be the site owner but you do need to login with a participating email address."
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"type": "reference",
|
|
||||||
"id": "08a48446dfc81098",
|
|
||||||
"site": "path.ward.asia.wiki.org",
|
|
||||||
"slug": "login-to-view",
|
|
||||||
"title": "Login to View",
|
|
||||||
"text": "We imagine controlling visibility of wiki pages on a site or farm similar to operating a server on a private LAN but using distinguished logins rather than network access."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
res.status(200).json(json)
|
|
||||||
|
|
||||||
|
|
||||||
app.get '/auth/addAuthDialog', (req, res) ->
|
app.get '/auth/addAuthDialog', (req, res) ->
|
||||||
@ -598,7 +577,7 @@ module.exports = exports = (log, loga, argv) ->
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
when "google" then {
|
when "google" then {
|
||||||
name: user.google.displayName || (user.google.emails[0].value.split('@')[0]) || 'unknown'
|
name: user.google.displayName || (user.google.emails[0]?.value?.split('@')[0]) || 'unknown'
|
||||||
google: {
|
google: {
|
||||||
id: user.google.id
|
id: user.google.id
|
||||||
emails: user.google.emails
|
emails: user.google.emails
|
||||||
|
|||||||
Reference in New Issue
Block a user