1
0
Fork 0

web - simple routing

This commit is contained in:
Ruben Meyer 2019-09-12 23:44:31 +02:00
parent 093732bd54
commit 4bb5d804cd
2 changed files with 130 additions and 2 deletions

41
bin/web/routes/rules.js Normal file
View File

@ -0,0 +1,41 @@
/*
* This file is part of the authRXBN single sign-on package.
*
* (c) Ruben Meyer <contact@rxbn.de>
*/
/**
* EXPLANATIONS:
* groups: ["anon", "user", "admin"]
* - anon: not logged in; no cookies
* - user: logged in; non-special group
* - admin: logged in; admin group 999 or equivalent
*/
let rules = [
{
group: "anon",
expression: "(/blocks/.*)",
rule: "block",
type: "404"
},
{
group: "anon",
expression: "(/error/.*)",
rule: "block",
type: "404"
},
{
group: "user",
expression: "(/blocks/.*)",
rule: "block",
type: "404"
},
{
group: "user",
expression: "(/error/.*)",
rule: "block",
type: "404"
}
];
module.exports = rules;

View File

@ -7,6 +7,27 @@
var express = require('express');
var route = express.Router();
var fs = require('fs');
var path = require('path');
var fileCheck = (file) => {
if(typeof global['gds'].cache.web == 'undefined') global['gds'].cache.web = {};
let dir = global['__dirname'] + '/bin/web/views';
let path_j = path.join(dir, file.toLowerCase());
if(typeof global['gds'].cache.web[path_j] == 'undefined') {
if(fs.existsSync(path_j+'.pug')) {
global['gds'].cache.web[path_j] = true;
} else {
global['gds'].cache.web[path_j] = false;
}
}
if(global['gds'].cache.web[path_j] === true) {
return path_j;
} else {
return false;
}
};
route.all('/', function(req, res, next) {
// TODO: show login page or dashboard
@ -14,16 +35,82 @@ route.all('/', function(req, res, next) {
res.render('index');
});
// login page or app request
route.get('/authenticate', (req, res) => {
req.session.appRequest = {}; // TODO: data
if(req.session && req.session.user) {
res.render('request', {
appRequest: req.session.appRequest
});
} else {
res.render('login', {
login_title: "Login to use APP_NAME via authRxbn", // appRequest app name
appRequest: req.session.appRequest
});
}
});
// authenticate user for server
route.post('/authenticate', (req, res) => {
});
route.all('/*', (req, res, next) => {
// passthrough to next route
if(req.path.startsWith('/api'))
return next();
if(req.path == "/request") return res.render('error/404');
let pathRules = require("./rules");
let group = "anon";
if(req.session && req.session.user) {
group = "user";
if(req.session.user.group == 999) group = "admin";
}
pathRules.forEach((rule) => {
if(rule.rule == "block") {
if(group == rule.group) {
let regex = new RegExp(rule.expression, "g");
if(regex.test(req.path)) {
if(rule.type == "404") {
resSent = true;
return res.status(404).render('error/404', {
error_code: 404,
error_msg: 'msg.request.file.not_found',
user: req.session.user
});
} else if(rule.type == "missing_permission") {
resSent = true;
return res.status(401).render('error/permission', {
error_code: 401,
error_msg: 'msg.auth.login.required',
user: req.session.user
});
}
}
}
}
});
if(fileCheck(req.path)) {
return res.render(req.path.replace(/^\//, ''), {
user: req.session.user
});
} else {
return res.status(404).render('error/404', {
error_code: 404,
error_msg: 'msg.request.file.not_found',
user: req.session.user
});
}
// TODO: try to login
// TODO: role-based authorization
// TODO: show login page or page
res.end('500 - LEL');
});
module.exports = route;