1
0
Fork 0

web - dynamic path rules

master
Ruben Meyer 3 years ago
parent 183f3b660c
commit 4eff02408d
  1. 6
      bin/web/module.js
  2. 27
      bin/web/routes/rules.js
  3. 22
      bin/web/routes/static.js

@ -33,7 +33,7 @@ methods.start = () => {
// Access Control Headers
app.use( (req, res, next) => {
res.set({
'X-Powered-By': global['gds'].cfg
'X-Powered-By': global['gds'].cfg.web.poweredBy
});
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
@ -78,6 +78,10 @@ methods.start = () => {
}));
app.use(cp(global['gds'].cfg.web.cookieKey));
// Pretty print
if(app.get('env') === 'debug')
app.locals.pretty = true;
// Sessions
session_options = {
secret: global['gds'].cfg.web.sessionKey,

@ -6,10 +6,25 @@
/**
* EXPLANATIONS:
*
* groups: ["anon", "user", "admin"]
* - anon: not logged in; no cookies
* - user: logged in; non-special group
* - admin: logged in; admin group 999 or equivalent
*
* expressions: RegExp tested on req.path
* - ex.:
* - req.path = "/profile/456";
* - expression = "(/profile/.*)";
* - (new RegExp(expression, "g")).test(req.path) ~> true
*
* rules: rules which can be rolled out
* - block: block direct access
*
* types: ["404", "missing_permission"]
* - 404: File not found
* - missing_permission: Missing Permission page
* - login: login page
*/
let rules = [
{
@ -24,6 +39,12 @@ let rules = [
rule: "block",
type: "404"
},
{
group: "anon",
expression: "(/admin/.*)",
rule: "block",
type: "login"
},
{
group: "user",
expression: "(/blocks/.*)",
@ -35,6 +56,12 @@ let rules = [
expression: "(/error/.*)",
rule: "block",
type: "404"
},
{
group: "user",
expression: "(/admin/.*)",
rule: "block",
type: "missing_permission"
}
];

@ -77,18 +77,25 @@ route.all('/*', (req, res, next) => {
let regex = new RegExp(rule.expression, "g");
if(regex.test(req.path)) {
if(rule.type == "404") {
resSent = true;
return res.status(404).render('error/404', {
error_code: 404,
error_msg: 'msg.request.file.not_found',
user: req.session.user
session: req.session
});
} else if(rule.type == "missing_permission") {
resSent = true;
return res.status(401).render('error/permission', {
error_code: 401,
error_msg: 'msg.auth.login.required',
user: req.session.user
session: req.session
});
} else if(rule.type == "login") {
return res.status(401).render('error/login', {
error_code: 401,
session: req.session
});
} else {
return res.status(401).render('error/error', {
error_code: 401,
session: req.session
});
}
}
@ -98,13 +105,14 @@ route.all('/*', (req, res, next) => {
if(fileCheck(req.path)) {
return res.render(req.path.replace(/^\//, ''), {
user: req.session.user
session: req.session,
cfg: global['gds'].cfg
});
} else {
return res.status(404).render('error/404', {
error_code: 404,
error_msg: 'msg.request.file.not_found',
user: req.session.user
session: req.session
});
}

Loading…
Cancel
Save