Implement a 'requireSession' mode, which requires any user to have a valid session

This commit is contained in:
Jordan 2011-11-21 01:45:37 -05:00
parent 55a2f46ca9
commit 9850ba43ee
5 changed files with 49 additions and 16 deletions

View File

@ -23,6 +23,7 @@ var async = require("async");
var authorManager = require("./AuthorManager"); var authorManager = require("./AuthorManager");
var padManager = require("./PadManager"); var padManager = require("./PadManager");
var sessionManager = require("./SessionManager"); var sessionManager = require("./SessionManager");
var settings = require("../utils/Settings")
/** /**
* This function controlls the access to a pad, it checks if the user can access a pad. * This function controlls the access to a pad, it checks if the user can access a pad.
@ -33,6 +34,19 @@ var sessionManager = require("./SessionManager");
* @param callback will be called with (err, {accessStatus: grant|deny|wrongPassword|needPassword, authorID: a.xxxxxx}) * @param callback will be called with (err, {accessStatus: grant|deny|wrongPassword|needPassword, authorID: a.xxxxxx})
*/ */
exports.checkAccess = function (padID, sessionID, token, password, callback) exports.checkAccess = function (padID, sessionID, token, password, callback)
{
// a valid session is required (api-only mode)
if(settings.requireSession)
{
// no sessionID, access is denied
if(!sessionID)
{
callback(null, {accessStatus: "deny"});
return;
}
}
// a session is not required, so we'll check if it's a public pad
else
{ {
// it's not a group pad, means we can grant access // it's not a group pad, means we can grant access
if(padID.indexOf("$") == -1) if(padID.indexOf("$") == -1)
@ -47,6 +61,7 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
//don't continue //don't continue
return; return;
} }
}
var groupID = padID.split("$")[0]; var groupID = padID.split("$")[0];
var padExists = false; var padExists = false;

View File

@ -210,10 +210,13 @@ async.waterfall([
return; return;
} }
hasPadAccess(req, res, function()
{
res.header("Server", serverName); res.header("Server", serverName);
var filePath = path.normalize(__dirname + "/../static/pad.html"); var filePath = path.normalize(__dirname + "/../static/pad.html");
res.sendfile(filePath, { maxAge: exports.maxAge }); res.sendfile(filePath, { maxAge: exports.maxAge });
}); });
});
//serve timeslider.html under /p/$padname/timeslider //serve timeslider.html under /p/$padname/timeslider
app.get('/p/:pad/timeslider', function(req, res, next) app.get('/p/:pad/timeslider', function(req, res, next)
@ -225,10 +228,13 @@ async.waterfall([
return; return;
} }
hasPadAccess(req, res, function()
{
res.header("Server", serverName); res.header("Server", serverName);
var filePath = path.normalize(__dirname + "/../static/timeslider.html"); var filePath = path.normalize(__dirname + "/../static/timeslider.html");
res.sendfile(filePath, { maxAge: exports.maxAge }); res.sendfile(filePath, { maxAge: exports.maxAge });
}); });
});
//serve timeslider.html under /p/$padname/timeslider //serve timeslider.html under /p/$padname/timeslider
app.get('/p/:pad/export/:type', function(req, res, next) app.get('/p/:pad/export/:type', function(req, res, next)

View File

@ -42,6 +42,12 @@ exports.dbSettings = { "filename" : "../var/dirty.db" };
* The default Text of a new pad * The default Text of a new pad
*/ */
exports.defaultPadText = "Welcome to Etherpad Lite!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nEtherpad Lite on Github: http:\/\/j.mp/ep-lite\n"; exports.defaultPadText = "Welcome to Etherpad Lite!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nEtherpad Lite on Github: http:\/\/j.mp/ep-lite\n";
/**
* A flag that requires any user to have a valid session (via the api) before accessing a pad
*/
exports.requireSession = false;
/** /**
* A flag that shows if minification is enabled or not * A flag that shows if minification is enabled or not
*/ */

View File

@ -29,6 +29,9 @@
//the default text of a pad //the default text of a pad
"defaultPadText" : "Welcome to Etherpad Lite!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nEtherpad Lite on Github: http:\/\/j.mp/ep-lite\n", "defaultPadText" : "Welcome to Etherpad Lite!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nEtherpad Lite on Github: http:\/\/j.mp/ep-lite\n",
/* Users must have a session to access pads. This effectively locks etherpad down to using only the API. */
"requireSession" : false,
/* if true, all css & js will be minified before sending to the client. This will improve the loading performance massivly, /* if true, all css & js will be minified before sending to the client. This will improve the loading performance massivly,
but makes it impossible to debug the javascript/css */ but makes it impossible to debug the javascript/css */
"minify" : true, "minify" : true,

View File

@ -28,6 +28,9 @@
//the default text of a pad //the default text of a pad
"defaultPadText" : "Welcome to Etherpad Lite!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nEtherpad Lite on Github: http:\/\/j.mp/ep-lite\n", "defaultPadText" : "Welcome to Etherpad Lite!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nEtherpad Lite on Github: http:\/\/j.mp/ep-lite\n",
/* Users must have a session to access pads. This effectively locks etherpad down to using only the API. */
"requireSession" : false,
/* if true, all css & js will be minified before sending to the client. This will improve the loading performance massivly, /* if true, all css & js will be minified before sending to the client. This will improve the loading performance massivly,
but makes it impossible to debug the javascript/css */ but makes it impossible to debug the javascript/css */
"minify" : false, "minify" : false,