fix: Fixed socket.io guest authorization + rights

8 years ago · ed0253cd0d
6 changed files with 14 additions and 10 deletions
--- a/server/controllers/ws.js
+++ b/server/controllers/ws.js
@ -1,10 +1,16 @@
 'use strict'

+/* global appconfig, rights */
 /* eslint-disable standard/no-callback-literal */

 const _ = require('lodash')

 module.exports = (socket) => {
+  // Check if Guest
+  if (!socket.request.user.logged_in) {
+    socket.request.user = _.assign(rights.guest, socket.request.user)
+  }
+
  // -----------------------------------------
  // SEARCH
  // -----------------------------------------
@ -22,7 +28,7 @@ module.exports = (socket) => {
  // TREE VIEW (LIST ALL PAGES)
  // -----------------------------------------

-  if (socket.request.user.logged_in) {
+  if (appconfig.public || socket.request.user.logged_in) {
    socket.on('treeFetch', (data, cb) => {
      cb = cb || _.noop
      entries.getFromTree(data.basePath, socket.request.user).then((f) => {
--- a/server/index.js
+++ b/server/index.js
@ -92,14 +92,14 @@ require('./libs/auth')(passport)
 global.rights = require('./libs/rights')
 rights.init()

-var sessionStore = new SessionMongoStore({
+let sessionStore = new SessionMongoStore({
  mongooseConnection: db.connection,
  touchAfter: 15
 })

 app.use(cookieParser())
 app.use(session({
-  name: 'requarkswiki.sid',
+  name: 'wikijs.sid',
  store: sessionStore,
  secret: appconfig.sessionSecret,
  resave: false,
@ -221,16 +221,15 @@ server.on('listening', () => {
 // ----------------------------------------

 io.use(passportSocketIo.authorize({
-  key: 'requarkswiki.sid',
+  key: 'wikijs.sid',
  store: sessionStore,
  secret: appconfig.sessionSecret,
-  passport,
  cookieParser,
  success: (data, accept) => {
    accept()
  },
  fail: (data, message, error, accept) => {
-    return accept(new Error(message))
+    accept()
  }
 }))

--- a/server/libs/entries.js
+++ b/server/libs/entries.js
@ -399,7 +399,6 @@ module.exports = {
  getFromTree (basePath, usr) {
    return db.Entry.find({ parentPath: basePath }, 'title parentPath isDirectory isEntry').sort({ title: 'asc' }).then(results => {
      return _.filter(results, r => {
-        console.log(r._id, rights.checkRole(r._id, usr.rights, 'read'))
        return rights.checkRole('/' + r._id, usr.rights, 'read')
      })
    })
--- a/server/views/error-forbidden.pug
+++ b/server/views/error-forbidden.pug
@ -22,7 +22,7 @@ html(data-logic='error')

  body(class='is-forbidden')
    .container
-      a(href='/'): img(src='/favicons/android-icon-96x96.png')
+      a(href='/'): img(src='/images/logo.png')
      h1 Forbidden
      h2 Sorry, you don't have the necessary permissions to access this page.
      a.button.is-amber.is-inverted(href='/') Go Home
--- a/server/views/error-notexist.pug
+++ b/server/views/error-notexist.pug
@ -22,7 +22,7 @@ html(data-logic='error')

  body(class='is-notexist')
    .container
-      a(href='/'): img(src='/favicons/android-icon-96x96.png')
+      a(href='/'): img(src='/images/logo.png')
      h1= message
      h2 Would you like to create this entry?
      a.button.is-amber.is-inverted.is-featured(href='/create/' + newpath) Create
--- a/server/views/error.pug
+++ b/server/views/error.pug
@ -22,7 +22,7 @@ html(data-logic='error')

  body(class='is-error')
    .container
-      a(href='/'): img(src='/favicons/android-icon-96x96.png')
+      a(href='/'): img(src='/images/logo.png')
      h1= message
      h2 Oops, something went wrong
      a.button.is-amber.is-inverted.is-featured(href='/') Go Home