wiki-cafe
/
wiki-security-passportjs
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

protect assets and sitemap hints that login is required

This commit is contained in:
Paul Rodwell 2023-08-21 12:17:48 +01:00
parent cec8c04417
commit ec05842d31
No known key found for this signature in database
GPG Key ID: 083BA337597C49E6
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
server/social.coffee
View File

@ -400,15 +400,17 @@ module.exports = exports = (log, loga, argv) ->
false
app.all '*', (req, res, next) ->
# todo: think about assets??
return next() unless /\.(json|html)$/.test req.url
# everything is restricted except site flag,
return next() if req.url is '/favicon.png'
return next() unless /\.(json|html)$/.test req.url or req.url.startsWith('/assets')
# prepare to examine remote server's forwarded session
res.header 'Access-Control-Allow-Origin', req.get('Origin')||'*'
res.header 'Access-Control-Allow-Credentials', 'true'
return next() if isAuthorized(req) || allowedToView(req)
# protect unclaimed by adding "add owner isnt ''" - maybe via parameter
return next() if isAuthorized(req) or allowedToView(req)
return res.redirect("/view/#{m[1]}") if m = req.url.match /\/(.*)\.html/
return res.json([]) if req.url == '/system/sitemap.json'
return res.json(['Login Required']) if req.url == '/system/sitemap.json'
# not happy, explain why these pages can't be viewed
problem = "This is a restricted wiki requires users to login to view pages. You do not have to be the site owner but you do need to login with a participating email address."