mirror of
https://github.com/HabitRPG/habitica.git
synced 2025-12-19 15:48:04 +01:00
remove accessControl for now, move custom session handling to ealier
in process
This commit is contained in:
Tyler Renelle
@@ -1,5 +1,5 @@
|
|||||||
// Generated by CoffeeScript 1.3.3
|
// Generated by CoffeeScript 1.3.3
|
||||||
var ONE_YEAR, app, customMiddleware, derby, express, expressApp, gzippo, http, path, publicPath, racer, root, server, serverError, store;
|
var ONE_YEAR, app, derby, express, expressApp, gzippo, habitrpgMobile, habitrpgSessions, http, path, publicPath, racer, root, server, serverError, store;
|
||||||
|
|
||||||
http = require('http');
|
http = require('http');
|
||||||
|
|
||||||
@@ -37,28 +37,27 @@ store = derby.createStore({
|
|||||||
listen: server
|
listen: server
|
||||||
});
|
});
|
||||||
|
|
||||||
require('./setupStore').accessControl(store);
|
|
||||||
|
|
||||||
ONE_YEAR = 1000 * 60 * 60 * 24 * 365;
|
ONE_YEAR = 1000 * 60 * 60 * 24 * 365;
|
||||||
|
|
||||||
root = path.dirname(path.dirname(__dirname));
|
root = path.dirname(path.dirname(__dirname));
|
||||||
|
|
||||||
publicPath = path.join(root, 'public');
|
publicPath = path.join(root, 'public');
|
||||||
|
|
||||||
customMiddleware = function(that) {
|
habitrpgMobile = function(req, res, next) {
|
||||||
return function(req, res, next) {
|
var model;
|
||||||
var acceptableUid, model, uidParam;
|
model = req.getModel();
|
||||||
model = req.getModel();
|
model.set('_mobileDevice', /Android|webOS|iPhone|iPad|iPod|BlackBerry/i.test(req.header('User-Agent')));
|
||||||
model.set('_mobileDevice', /Android|webOS|iPhone|iPad|iPod|BlackBerry/i.test(req.header('User-Agent')));
|
return next();
|
||||||
uidParam = req.url.split('/')[1];
|
};
|
||||||
acceptableUid = require('guid').isGuid(uidParam) || (uidParam === '3' || uidParam === '4' || uidParam === '9');
|
|
||||||
if (acceptableUid && model.session.userId !== uidParam) {
|
habitrpgSessions = function(req, res, next) {
|
||||||
model.set('_userId', uidParam);
|
var acceptableUid, uidParam;
|
||||||
model.session.userId = uidParam;
|
uidParam = req.url.split('/')[1];
|
||||||
}
|
acceptableUid = require('guid').isGuid(uidParam) || (uidParam === '3' || uidParam === '4' || uidParam === '9');
|
||||||
next();
|
if (acceptableUid && req.session.userId !== uidParam) {
|
||||||
return that;
|
req.session.userId = uidParam;
|
||||||
};
|
}
|
||||||
|
return next();
|
||||||
};
|
};
|
||||||
|
|
||||||
expressApp.use(express.favicon()).use(gzippo.staticGzip(publicPath, {
|
expressApp.use(express.favicon()).use(gzippo.staticGzip(publicPath, {
|
||||||
@@ -68,7 +67,7 @@ expressApp.use(express.favicon()).use(gzippo.staticGzip(publicPath, {
|
|||||||
cookie: {
|
cookie: {
|
||||||
maxAge: ONE_YEAR
|
maxAge: ONE_YEAR
|
||||||
}
|
}
|
||||||
})).use(store.modelMiddleware()).use(customMiddleware(this)).use(app.router()).use(expressApp.router).use(serverError(root));
|
})).use(habitrpgSessions).use(store.modelMiddleware()).use(habitrpgMobile).use(app.router()).use(expressApp.router).use(serverError(root));
|
||||||
|
|
||||||
expressApp.all('*', function(req) {
|
expressApp.all('*', function(req) {
|
||||||
throw "404: " + req.url;
|
throw "404: " + req.url;
|
||||||
|
|||||||
@@ -24,31 +24,26 @@ derby.use(require 'racer-db-mongo')
|
|||||||
store = derby.createStore
|
store = derby.createStore
|
||||||
db: {type: 'Mongo', uri: process.env.NODE_DB_URI}
|
db: {type: 'Mongo', uri: process.env.NODE_DB_URI}
|
||||||
listen: server
|
listen: server
|
||||||
require('./setupStore').accessControl(store)
|
# require('./setupStore').accessControl(store)
|
||||||
|
|
||||||
ONE_YEAR = 1000 * 60 * 60 * 24 * 365
|
ONE_YEAR = 1000 * 60 * 60 * 24 * 365
|
||||||
root = path.dirname path.dirname __dirname
|
root = path.dirname path.dirname __dirname
|
||||||
publicPath = path.join root, 'public'
|
publicPath = path.join root, 'public'
|
||||||
|
|
||||||
customMiddleware = (that) ->
|
habitrpgMobile = (req, res, next) ->
|
||||||
return (req, res, next) ->
|
model = req.getModel()
|
||||||
# Setup for mobile-device customizations
|
model.set '_mobileDevice', /Android|webOS|iPhone|iPad|iPod|BlackBerry/i.test(req.header 'User-Agent')
|
||||||
model = req.getModel()
|
next()
|
||||||
model.set '_mobileDevice', /Android|webOS|iPhone|iPad|iPod|BlackBerry/i.test(req.header 'User-Agent')
|
|
||||||
|
# PURL pseudo-auth: Previously saved session (eg, http://localhost/{guid}) (temporary solution until authentication built)
|
||||||
uidParam = req.url.split('/')[1]
|
habitrpgSessions = (req, res, next) ->
|
||||||
# PURL pseudo-auth: Previously saved session (eg, http://localhost/{guid}) (temporary solution until authentication built)
|
uidParam = req.url.split('/')[1]
|
||||||
#TODO use racer's uuid dependency to validate guid instead of Guid here, to reduce deps
|
acceptableUid = require('guid').isGuid(uidParam) or (uidParam in ['3','4','9'])
|
||||||
acceptableUid = require('guid').isGuid(uidParam) or (uidParam in ['3','4','9'])
|
if acceptableUid and req.session.userId!=uidParam
|
||||||
if acceptableUid and model.session.userId!=uidParam
|
# model.fetch "users.#{uidParam}", (err, user) -> #test whether user exists
|
||||||
##FIXME why isn't this working?
|
# if user.get('id')
|
||||||
# model.fetch "users.#{uidParam}", (err, user) ->
|
req.session.userId = uidParam # and for next requests
|
||||||
# console.log {uidParam:uidParam, split:req.url.split('/'), err:err, user:user}
|
next()
|
||||||
# unless user.get('id')
|
|
||||||
model.set '_userId', uidParam # set for this request
|
|
||||||
model.session.userId = uidParam # and for next requests
|
|
||||||
next()
|
|
||||||
return that
|
|
||||||
|
|
||||||
expressApp
|
expressApp
|
||||||
.use(express.favicon())
|
.use(express.favicon())
|
||||||
@@ -68,12 +63,13 @@ expressApp
|
|||||||
secret: process.env.SESSION_SECRET || 'YOUR SECRET HERE'
|
secret: process.env.SESSION_SECRET || 'YOUR SECRET HERE'
|
||||||
cookie: {maxAge: ONE_YEAR}
|
cookie: {maxAge: ONE_YEAR}
|
||||||
)
|
)
|
||||||
|
.use(habitrpgSessions)
|
||||||
|
|
||||||
# Adds req.getModel method
|
# Adds req.getModel method
|
||||||
.use(store.modelMiddleware())
|
.use(store.modelMiddleware())
|
||||||
# Middelware can be inserted after the modelMiddleware and before
|
# Middelware can be inserted after the modelMiddleware and before
|
||||||
# the app router to pass server accessible data to a model
|
# the app router to pass server accessible data to a model
|
||||||
.use(customMiddleware(this))
|
.use(habitrpgMobile)
|
||||||
# Creates an express middleware from the app's routes
|
# Creates an express middleware from the app's routes
|
||||||
.use(app.router())
|
.use(app.router())
|
||||||
.use(expressApp.router)
|
.use(expressApp.router)
|
||||||
|
|||||||
Reference in New Issue
Block a user