diff --git a/bin/web/routes/rules.js b/bin/web/routes/rules.js new file mode 100644 index 0000000..080c6bc --- /dev/null +++ b/bin/web/routes/rules.js @@ -0,0 +1,41 @@ +/* + * This file is part of the authRXBN single sign-on package. + * + * (c) Ruben Meyer + */ + +/** + * EXPLANATIONS: + * groups: ["anon", "user", "admin"] + * - anon: not logged in; no cookies + * - user: logged in; non-special group + * - admin: logged in; admin group 999 or equivalent + */ +let rules = [ + { + group: "anon", + expression: "(/blocks/.*)", + rule: "block", + type: "404" + }, + { + group: "anon", + expression: "(/error/.*)", + rule: "block", + type: "404" + }, + { + group: "user", + expression: "(/blocks/.*)", + rule: "block", + type: "404" + }, + { + group: "user", + expression: "(/error/.*)", + rule: "block", + type: "404" + } +]; + +module.exports = rules; diff --git a/bin/web/routes/static.js b/bin/web/routes/static.js index c500627..183f9b2 100644 --- a/bin/web/routes/static.js +++ b/bin/web/routes/static.js @@ -7,6 +7,27 @@ var express = require('express'); var route = express.Router(); +var fs = require('fs'); +var path = require('path'); + +var fileCheck = (file) => { + if(typeof global['gds'].cache.web == 'undefined') global['gds'].cache.web = {}; + let dir = global['__dirname'] + '/bin/web/views'; + let path_j = path.join(dir, file.toLowerCase()); + if(typeof global['gds'].cache.web[path_j] == 'undefined') { + if(fs.existsSync(path_j+'.pug')) { + global['gds'].cache.web[path_j] = true; + } else { + global['gds'].cache.web[path_j] = false; + } + } + + if(global['gds'].cache.web[path_j] === true) { + return path_j; + } else { + return false; + } +}; route.all('/', function(req, res, next) { // TODO: show login page or dashboard @@ -14,16 +35,82 @@ route.all('/', function(req, res, next) { res.render('index'); }); +// login page or app request +route.get('/authenticate', (req, res) => { + req.session.appRequest = {}; // TODO: data + + if(req.session && req.session.user) { + res.render('request', { + appRequest: req.session.appRequest + }); + } else { + res.render('login', { + login_title: "Login to use APP_NAME via authRxbn", // appRequest app name + appRequest: req.session.appRequest + }); + } +}); + +// authenticate user for server +route.post('/authenticate', (req, res) => { + +}); + route.all('/*', (req, res, next) => { // passthrough to next route if(req.path.startsWith('/api')) return next(); + if(req.path == "/request") return res.render('error/404'); + + let pathRules = require("./rules"); + + let group = "anon"; + if(req.session && req.session.user) { + group = "user"; + if(req.session.user.group == 999) group = "admin"; + } + + pathRules.forEach((rule) => { + if(rule.rule == "block") { + if(group == rule.group) { + let regex = new RegExp(rule.expression, "g"); + if(regex.test(req.path)) { + if(rule.type == "404") { + resSent = true; + return res.status(404).render('error/404', { + error_code: 404, + error_msg: 'msg.request.file.not_found', + user: req.session.user + }); + } else if(rule.type == "missing_permission") { + resSent = true; + return res.status(401).render('error/permission', { + error_code: 401, + error_msg: 'msg.auth.login.required', + user: req.session.user + }); + } + } + } + } + }); + + if(fileCheck(req.path)) { + return res.render(req.path.replace(/^\//, ''), { + user: req.session.user + }); + } else { + return res.status(404).render('error/404', { + error_code: 404, + error_msg: 'msg.request.file.not_found', + user: req.session.user + }); + } + // TODO: try to login // TODO: role-based authorization // TODO: show login page or page - - res.end('500 - LEL'); }); module.exports = route;