Reinstate fork changes

2024-10-30 22:22:57 -04:00 · 2024-10-30 22:22:57 -04:00 · f9538b8a96
commit f9538b8a96
parent a10c577037
3 changed files with 39 additions and 20 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -11,6 +11,7 @@
      "dependencies": {
        "@passport-js/passport-twitter": "^1.0.8",
        "coffeescript": "^2.4.1",
+        "jwt-decode": "^4.0.0",
        "lodash": "^4.17.19",
        "passport": "^0.3.2",
        "passport-github2": "^0.1.12",
@ -4329,6 +4330,14 @@
      "dev": true,
      "license": "ISC"
    },
+    "node_modules/jwt-decode": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/jwt-decode/-/jwt-decode-4.0.0.tgz",
+      "integrity": "sha512-+KJGIyHgkGuIq3IEBNftfhW/LfWhXUIY6OmyVWjliu5KH1y0fw7VQ8YndE2O4qZdMSd9SqbnC8GOcZEy0Om7sA==",
+      "engines": {
+        "node": ">=18"
+      }
+    },
    "node_modules/lodash": {
      "version": "4.17.21",
      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
--- a/package.json
+++ b/package.json
@ -7,6 +7,7 @@
  "dependencies": {
    "@passport-js/passport-twitter": "^1.0.8",
    "coffeescript": "^2.4.1",
+    "jwt-decode": "^4.0.0",
    "lodash": "^4.17.19",
    "passport": "^0.3.2",
    "passport-github2": "^0.1.12",
--- a/server/social.coffee
+++ b/server/social.coffee
@ -17,6 +17,8 @@ url = require 'url'
 _ = require 'lodash'
 glob = require 'glob'

+{ jwtDecode } = require('jwt-decode');
+
 passport = require('passport')

 # Export a function that generates security handler
@ -188,6 +190,8 @@ module.exports = exports = (log, loga, argv) ->
        userInfoURL: argv.oauth2_UserInfoURL
        }, (accessToken, refreshToken, params, profile, cb) ->

+          token = jwtDecode(accessToken)
+
          extractUserInfo = (uiParam, uiDef) ->
            uiPath = ''
            if typeof uiParam == 'undefined' then (uiPath = uiDef) else (uiPath = uiParam)
@ -195,6 +199,8 @@ module.exports = exports = (log, loga, argv) ->
            sParts = uiPath.split('.')
            sFrom = sParts.shift()
            switch sFrom
+              when "token"
+                obj = token
              when "params"
                obj = params
              when "profile"
@ -207,10 +213,6 @@ module.exports = exports = (log, loga, argv) ->
              obj = obj[sParts.shift()]
            return obj

-          console.log("accessToken", accessToken)
-          console.log("refreshToken", refreshToken)
-          console.log("params", params)
-          console.log("profile", profile)
          if argv.oauth2_UsernameField?
            username_query = argv.oauth2_UsernameField 
          else 
@ -388,24 +390,31 @@ module.exports = exports = (log, loga, argv) ->
    # see http://ward.asia.wiki.org/login-to-view.html

    if argv.restricted?
-
      allowedToView = (req) ->
-        allowed = []
        if argv.allowed_domains?
-          if Array.isArray(argv.allowed_domains)
-            allowed = argv.allowed_domains
-          else
-            # accommodate copy bug to be fixed soon
-            # https://github.com/fedwiki/wiki/blob/4c6eee69e78c1ba3f3fc8d61f4450f70afb78f10/farm.coffee#L98-L103
-            for k, v of argv.allowed_domains
-              allowed.push v
-        # emails = [ { value: 'ward.cunningham@gmail.com', type: 'account' } ]
-        emails = req.session?.passport?.user?.google?.emails
-        return false unless emails
-        for entry in emails
-          have = entry.value.split('@')[1]
-          for want in allowed
-            return true if want == have
+          try
+            allowed_domains = argv.allowed_domains
+            emails = req.session.passport.user.google.emails
+            for entry in emails
+              have = entry.value.split('@')[1]
+              for want in allowed_domains
+                return true if want == have
+          catch error
+            if emails?
+              console.log "argv.allowed_domains exists, but there was an error. Make sure it's value is an array in your config."
+        if argv.allowed_ids?
+          try
+            allowed_ids = argv.allowed_ids
+            idProvider = _.head(_.keys(req.session.passport.user))
+            switch idProvider
+              when 'github', 'twitter', 'oauth2'
+                id = req.session.passport.user[idProvider].id
+                return true if (allowed_ids.length == 1 and allowed_ids[0] == "*")
+                for want in allowed_ids
+                  return true if want == id
+          catch error
+            if idProvider?
+              console.log "argv.allowed_ids exists, but there was an error. Make sure it's value is an array in your config."
        false

      app.all '*', (req, res, next) ->