1 |
|
2 |
|
3 |
|
4 |
|
5 |
|
6 |
|
7 |
|
8 |
|
9 | var _ = require('lodash');
|
10 | var TraceUtils = require('@themost/common/utils').TraceUtils;
|
11 | var HttpUnauthorizedError = require('@themost/common/errors').HttpUnauthorizedError;
|
12 | var HttpBadRequestError = require('@themost/common/errors').HttpBadRequestError;
|
13 | var url = require('url');
|
14 |
|
15 |
|
16 |
|
17 |
|
18 |
|
19 | function LocationSetting() {
|
20 | |
21 |
|
22 |
|
23 |
|
24 | this.description = null;
|
25 | |
26 |
|
27 |
|
28 |
|
29 | this.path = null;
|
30 | |
31 |
|
32 |
|
33 |
|
34 | this.allow = null;
|
35 | |
36 |
|
37 |
|
38 |
|
39 | this.deny = null;
|
40 | }
|
41 |
|
42 |
|
43 |
|
44 |
|
45 |
|
46 | function RestrictHandler() {
|
47 |
|
48 | }
|
49 |
|
50 |
|
51 |
|
52 |
|
53 |
|
54 | RestrictHandler.prototype.authorizeRequest = function (context, callback) {
|
55 | try {
|
56 | if (context.is('OPTIONS')) { return callback(); }
|
57 | if (context.user.name === 'anonymous')
|
58 | {
|
59 | RestrictHandler.prototype.isRestricted(context, function(err, result) {
|
60 | if (err) {
|
61 | TraceUtils.error(err);
|
62 | callback(new HttpUnauthorizedError('Access denied'));
|
63 | }
|
64 | else if (result) {
|
65 | return callback(new HttpUnauthorizedError());
|
66 | }
|
67 | else {
|
68 | callback();
|
69 | }
|
70 | });
|
71 | }
|
72 | else {
|
73 | callback();
|
74 | }
|
75 | }
|
76 | catch (e) {
|
77 | callback(e);
|
78 | }
|
79 | };
|
80 |
|
81 |
|
82 |
|
83 |
|
84 |
|
85 | RestrictHandler.prototype.isNotRestricted = function(context, callback) {
|
86 | try {
|
87 | if (_.isNil(context)) {
|
88 | return callback(new HttpBadRequestError());
|
89 | }
|
90 | if (_.isNil(context.request)) {
|
91 | return callback(new HttpBadRequestError());
|
92 | }
|
93 |
|
94 | var settings = context.getApplication().getConfiguration().settings;
|
95 | |
96 |
|
97 |
|
98 | settings.auth = settings.auth || {};
|
99 |
|
100 | var loginPage = settings.auth.loginPage || '/login.html',
|
101 | requestUrl = url.parse(context.request.url),
|
102 | locations = settings.auth.locations || [];
|
103 | if (requestUrl.pathname===loginPage) {
|
104 | return callback(null, true);
|
105 | }
|
106 | for (var i = 0; i < locations.length; i++) {
|
107 | |
108 |
|
109 |
|
110 | var location = locations[i];
|
111 | if (/\*$/.test(location.path)) {
|
112 |
|
113 | if ((requestUrl.pathname.indexOf(location.path.replace(/\*$/,'')) === 0) && (location.allow === '*')) {
|
114 | return callback(null, true);
|
115 | }
|
116 | }
|
117 | else {
|
118 | if ((requestUrl.pathname===location.path) && (location.allow === '*')) {
|
119 | return callback(null, true);
|
120 | }
|
121 | }
|
122 | }
|
123 | return callback(null, false);
|
124 | }
|
125 | catch(err) {
|
126 | TraceUtils.error(err);
|
127 | return callback(null, false);
|
128 | }
|
129 |
|
130 | };
|
131 |
|
132 | RestrictHandler.prototype.isRestricted = function(context, callback) {
|
133 | RestrictHandler.prototype.isNotRestricted(context, function(err, result) {
|
134 | if (err) { return callback(err); }
|
135 | callback(null, !result);
|
136 | });
|
137 | };
|
138 |
|
139 |
|
140 |
|
141 |
|
142 |
|
143 | RestrictHandler.createInstance = function() {
|
144 | return new RestrictHandler();
|
145 | };
|
146 |
|
147 | if (typeof exports !== 'undefined') {
|
148 | module.exports.createInstance = RestrictHandler.createInstance;
|
149 | module.exports.RestrictHandler = RestrictHandler;
|
150 | } |
\ | No newline at end of file |