protect assets and sitemap hints that login is required
This commit is contained in:
parent
cec8c04417
commit
ec05842d31
|
@ -400,15 +400,17 @@ module.exports = exports = (log, loga, argv) ->
|
|||
false
|
||||
|
||||
app.all '*', (req, res, next) ->
|
||||
# todo: think about assets??
|
||||
return next() unless /\.(json|html)$/.test req.url
|
||||
# everything is restricted except site flag,
|
||||
return next() if req.url is '/favicon.png'
|
||||
return next() unless /\.(json|html)$/.test req.url or req.url.startsWith('/assets')
|
||||
|
||||
# prepare to examine remote server's forwarded session
|
||||
res.header 'Access-Control-Allow-Origin', req.get('Origin')||'*'
|
||||
res.header 'Access-Control-Allow-Credentials', 'true'
|
||||
return next() if isAuthorized(req) || allowedToView(req)
|
||||
# protect unclaimed by adding "add owner isnt ''" - maybe via parameter
|
||||
return next() if isAuthorized(req) or allowedToView(req)
|
||||
return res.redirect("/view/#{m[1]}") if m = req.url.match /\/(.*)\.html/
|
||||
return res.json([]) if req.url == '/system/sitemap.json'
|
||||
return res.json(['Login Required']) if req.url == '/system/sitemap.json'
|
||||
|
||||
# not happy, explain why these pages can't be viewed
|
||||
problem = "This is a restricted wiki requires users to login to view pages. You do not have to be the site owner but you do need to login with a participating email address."
|
||||
|
|
Loading…
Reference in New Issue