UNPKG

@themost/web/handlers/restrict-access.js

Version:

4.69 kBJavaScriptView Raw

1/**
* @license
* MOST Web Framework 2.0 Codename Blueshift
* Copyright (c) 2017, THEMOST LP All rights reserved
*
* Use of this source code is governed by an BSD-3-Clause license that can be
* found in the LICENSE file at https://themost.io/license
*/
9var _ = require('lodash');
10var TraceUtils = require('@themost/common/utils').TraceUtils;
11var HttpUnauthorizedError = require('@themost/common/errors').HttpUnauthorizedError;
12var HttpBadRequestError = require('@themost/common/errors').HttpBadRequestError;
13var url = require('url');
14/**
* @class
* @constructor
*/
18// eslint-disable-next-line no-unused-vars
19function LocationSetting() {
  /**
   * Gets or sets a string that represents the description of this object
   * @type {string}
   */
  this.description = null;
  /**
   * Gets or sets a string that represents the target path associated with access settings.
   * @type {*}
   */
  this.path = null;
  /**
   * Gets or sets a comma delimited string that represents the collection of users or groups where this access setting will be applied. A wildcard (*) may be used.
   * @type {*}
   */
  this.allow = null;
  /**
   * Gets or sets a string that represents the collection of users or groups where this access setting will be applied. A wildcard (*) may be used.
   * @type {*}
   */
  this.deny = null;
40}
41/**
* @class
* @constructor
* @augments AuthorizeRequestHandler
*/
46function RestrictHandler() {
  //
48}
49/**
* Authenticates an HTTP request and sets user or anonymous identity.
* @param {HttpContext} context
* @param {Function} callback
*/
54RestrictHandler.prototype.authorizeRequest = function (context, callback) {
  try {
      if (context.is('OPTIONS')) { return callback(); }
      if (context.user.name === 'anonymous')
      {
          RestrictHandler.prototype.isRestricted(context, function(err, result) {
              if (err) {
                  TraceUtils.error(err);
                  callback(new HttpUnauthorizedError('Access denied'));
              }
              else if (result) {
                  return callback(new HttpUnauthorizedError());
              }
              else {
                  callback();
              }
          });
      }
      else {
          callback();
      }
  }
  catch (e) {
      callback(e);
  }
79};
80/**
* @param {HttpContext} context
* @param {Function} callback
* @returns {*}
*/
85RestrictHandler.prototype.isNotRestricted = function(context, callback) {
  try {
      if (_.isNil(context)) {
          return callback(new HttpBadRequestError());
      }
      if (_.isNil(context.request)) {
          return callback(new HttpBadRequestError());
      }
      //get application settings
      var settings = context.getApplication().getConfiguration().settings;
      /**
       * @type {{loginPage:string=,locations:Array}|*}
       */
      settings.auth = settings.auth || {};
      //get login page, request url and locations
      var loginPage = settings.auth.loginPage || '/login.html',
          requestUrl = url.parse(context.request.url),
          locations = settings.auth.locations || [];
      if (requestUrl.pathname===loginPage) {
          return callback(null, true);
      }
      for (var i = 0; i < locations.length; i++) {
          /**
           * @type {*|LocationSetting}
           */
          var location = locations[i];
          if (/\*$/.test(location.path)) {
              //wildcard search /something/*
              if ((requestUrl.pathname.indexOf(location.path.replace(/\*$/,'')) === 0) && (location.allow === '*')) {
                  return callback(null, true);
              }
          }
          else {
              if ((requestUrl.pathname===location.path) && (location.allow === '*')) {
                  return callback(null, true);
              }
          }
      }
      return callback(null, false);
  }
  catch(err) {
      TraceUtils.error(err);
      return callback(null, false);
  }
129
130};
131
132RestrictHandler.prototype.isRestricted = function(context, callback) {
  RestrictHandler.prototype.isNotRestricted(context, function(err, result) {
      if (err) { return callback(err); }
      callback(null, !result);
  });
137};
138
139/**
* Creates a new instance of AuthHandler class
* @returns {RestrictHandler}
*/
143RestrictHandler.createInstance = function() {
  return new RestrictHandler();
145};
146
147if (typeof exports !== 'undefined') {
  module.exports.createInstance = RestrictHandler.createInstance;
  module.exports.RestrictHandler = RestrictHandler;
150}
\No newline at end of file

1	`/**`
2	`* @license`
3	`* MOST Web Framework 2.0 Codename Blueshift`
4	`* Copyright (c) 2017, THEMOST LP All rights reserved`
5	`*`
6	`* Use of this source code is governed by an BSD-3-Clause license that can be`
7	`* found in the LICENSE file at https://themost.io/license`
8	`*/`
9	`var _ = require('lodash');`
10	`var TraceUtils = require('@themost/common/utils').TraceUtils;`
11	`var HttpUnauthorizedError = require('@themost/common/errors').HttpUnauthorizedError;`
12	`var HttpBadRequestError = require('@themost/common/errors').HttpBadRequestError;`
13	`var url = require('url');`
14	`/**`
15	`* @class`
16	`* @constructor`
17	`*/`
18	`// eslint-disable-next-line no-unused-vars`
19	`function LocationSetting() {`
20	`/**`
21	`* Gets or sets a string that represents the description of this object`
22	`* @type {string}`
23	`*/`
24	`this.description = null;`
25	`/**`
26	`* Gets or sets a string that represents the target path associated with access settings.`
27	`* @type {*}`
28	`*/`
29	`this.path = null;`
30	`/**`
31	`* Gets or sets a comma delimited string that represents the collection of users or groups where this access setting will be applied. A wildcard (*) may be used.`
32	`* @type {*}`
33	`*/`
34	`this.allow = null;`
35	`/**`
36	`* Gets or sets a string that represents the collection of users or groups where this access setting will be applied. A wildcard (*) may be used.`
37	`* @type {*}`
38	`*/`
39	`this.deny = null;`
40	`}`
41	`/**`
42	`* @class`
43	`* @constructor`
44	`* @augments AuthorizeRequestHandler`
45	`*/`
46	`function RestrictHandler() {`
47	`//`
48	`}`
49	`/**`
50	`* Authenticates an HTTP request and sets user or anonymous identity.`
51	`* @param {HttpContext} context`
52	`* @param {Function} callback`
53	`*/`
54	`RestrictHandler.prototype.authorizeRequest = function (context, callback) {`
55	`try {`
56	`if (context.is('OPTIONS')) { return callback(); }`
57	`if (context.user.name === 'anonymous')`
58	`{`
59	`RestrictHandler.prototype.isRestricted(context, function(err, result) {`
60	`if (err) {`
61	`TraceUtils.error(err);`
62	`callback(new HttpUnauthorizedError('Access denied'));`
63	`}`
64	`else if (result) {`
65	`return callback(new HttpUnauthorizedError());`
66	`}`
67	`else {`
68	`callback();`
69	`}`
70	`});`
71	`}`
72	`else {`
73	`callback();`
74	`}`
75	`}`
76	`catch (e) {`
77	`callback(e);`
78	`}`
79	`};`
80	`/**`
81	`* @param {HttpContext} context`
82	`* @param {Function} callback`
83	`* @returns {*}`
84	`*/`
85	`RestrictHandler.prototype.isNotRestricted = function(context, callback) {`
86	`try {`
87	`if (_.isNil(context)) {`
88	`return callback(new HttpBadRequestError());`
89	`}`
90	`if (_.isNil(context.request)) {`
91	`return callback(new HttpBadRequestError());`
92	`}`
93	`//get application settings`
94	`var settings = context.getApplication().getConfiguration().settings;`
95	`/**`
96	`* @type {{loginPage:string=,locations:Array}\|*}`
97	`*/`
98	`settings.auth = settings.auth \|\| {};`
99	`//get login page, request url and locations`
100	`var loginPage = settings.auth.loginPage \|\| '/login.html',`
101	`requestUrl = url.parse(context.request.url),`
102	`locations = settings.auth.locations \|\| [];`
103	`if (requestUrl.pathname===loginPage) {`
104	`return callback(null, true);`
105	`}`
106	`for (var i = 0; i < locations.length; i++) {`
107	`/**`
108	`* @type {*\|LocationSetting}`
109	`*/`
110	`var location = locations[i];`
111	`if (/\*$/.test(location.path)) {`
112	`//wildcard search /something/*`
113	`if ((requestUrl.pathname.indexOf(location.path.replace(/\$/,'')) === 0) && (location.allow === '')) {`
114	`return callback(null, true);`
115	`}`
116	`}`
117	`else {`
118	`if ((requestUrl.pathname===location.path) && (location.allow === '*')) {`
119	`return callback(null, true);`
120	`}`
121	`}`
122	`}`
123	`return callback(null, false);`
124	`}`
125	`catch(err) {`
126	`TraceUtils.error(err);`
127	`return callback(null, false);`
128	`}`
129
130	`};`
131
132	`RestrictHandler.prototype.isRestricted = function(context, callback) {`
133	`RestrictHandler.prototype.isNotRestricted(context, function(err, result) {`
134	`if (err) { return callback(err); }`
135	`callback(null, !result);`
136	`});`
137	`};`
138
139	`/**`
140	`* Creates a new instance of AuthHandler class`
141	`* @returns {RestrictHandler}`
142	`*/`
143	`RestrictHandler.createInstance = function() {`
144	`return new RestrictHandler();`
145	`};`
146
147	`if (typeof exports !== 'undefined') {`
148	`module.exports.createInstance = RestrictHandler.createInstance;`
149	`module.exports.RestrictHandler = RestrictHandler;`
150	`}`
\	No newline at end of file