web - dynamic path rules
This commit is contained in:
Ruben Meyer
parent
183f3b660c
commit
4eff02408d
@ -33,7 +33,7 @@ methods.start = () => {
|
|||||||
// Access Control Headers
|
// Access Control Headers
|
||||||
app.use( (req, res, next) => {
|
app.use( (req, res, next) => {
|
||||||
res.set({
|
res.set({
|
||||||
'X-Powered-By': global['gds'].cfg
|
'X-Powered-By': global['gds'].cfg.web.poweredBy
|
||||||
});
|
});
|
||||||
res.header("Access-Control-Allow-Origin", "*");
|
res.header("Access-Control-Allow-Origin", "*");
|
||||||
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
|
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
|
||||||
@ -78,6 +78,10 @@ methods.start = () => {
|
|||||||
}));
|
}));
|
||||||
app.use(cp(global['gds'].cfg.web.cookieKey));
|
app.use(cp(global['gds'].cfg.web.cookieKey));
|
||||||
|
|
||||||
|
// Pretty print
|
||||||
|
if(app.get('env') === 'debug')
|
||||||
|
app.locals.pretty = true;
|
||||||
|
|
||||||
// Sessions
|
// Sessions
|
||||||
session_options = {
|
session_options = {
|
||||||
secret: global['gds'].cfg.web.sessionKey,
|
secret: global['gds'].cfg.web.sessionKey,
|
||||||
|
|||||||
@ -6,10 +6,25 @@
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* EXPLANATIONS:
|
* EXPLANATIONS:
|
||||||
|
*
|
||||||
* groups: ["anon", "user", "admin"]
|
* groups: ["anon", "user", "admin"]
|
||||||
* - anon: not logged in; no cookies
|
* - anon: not logged in; no cookies
|
||||||
* - user: logged in; non-special group
|
* - user: logged in; non-special group
|
||||||
* - admin: logged in; admin group 999 or equivalent
|
* - admin: logged in; admin group 999 or equivalent
|
||||||
|
*
|
||||||
|
* expressions: RegExp tested on req.path
|
||||||
|
* - ex.:
|
||||||
|
* - req.path = "/profile/456";
|
||||||
|
* - expression = "(/profile/.*)";
|
||||||
|
* - (new RegExp(expression, "g")).test(req.path) ~> true
|
||||||
|
*
|
||||||
|
* rules: rules which can be rolled out
|
||||||
|
* - block: block direct access
|
||||||
|
*
|
||||||
|
* types: ["404", "missing_permission"]
|
||||||
|
* - 404: File not found
|
||||||
|
* - missing_permission: Missing Permission page
|
||||||
|
* - login: login page
|
||||||
*/
|
*/
|
||||||
let rules = [
|
let rules = [
|
||||||
{
|
{
|
||||||
@ -24,6 +39,12 @@ let rules = [
|
|||||||
rule: "block",
|
rule: "block",
|
||||||
type: "404"
|
type: "404"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
group: "anon",
|
||||||
|
expression: "(/admin/.*)",
|
||||||
|
rule: "block",
|
||||||
|
type: "login"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
group: "user",
|
group: "user",
|
||||||
expression: "(/blocks/.*)",
|
expression: "(/blocks/.*)",
|
||||||
@ -35,6 +56,12 @@ let rules = [
|
|||||||
expression: "(/error/.*)",
|
expression: "(/error/.*)",
|
||||||
rule: "block",
|
rule: "block",
|
||||||
type: "404"
|
type: "404"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
group: "user",
|
||||||
|
expression: "(/admin/.*)",
|
||||||
|
rule: "block",
|
||||||
|
type: "missing_permission"
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|||||||
@ -77,18 +77,25 @@ route.all('/*', (req, res, next) => {
|
|||||||
let regex = new RegExp(rule.expression, "g");
|
let regex = new RegExp(rule.expression, "g");
|
||||||
if(regex.test(req.path)) {
|
if(regex.test(req.path)) {
|
||||||
if(rule.type == "404") {
|
if(rule.type == "404") {
|
||||||
resSent = true;
|
|
||||||
return res.status(404).render('error/404', {
|
return res.status(404).render('error/404', {
|
||||||
error_code: 404,
|
error_code: 404,
|
||||||
error_msg: 'msg.request.file.not_found',
|
error_msg: 'msg.request.file.not_found',
|
||||||
user: req.session.user
|
session: req.session
|
||||||
});
|
});
|
||||||
} else if(rule.type == "missing_permission") {
|
} else if(rule.type == "missing_permission") {
|
||||||
resSent = true;
|
|
||||||
return res.status(401).render('error/permission', {
|
return res.status(401).render('error/permission', {
|
||||||
error_code: 401,
|
error_code: 401,
|
||||||
error_msg: 'msg.auth.login.required',
|
session: req.session
|
||||||
user: req.session.user
|
});
|
||||||
|
} else if(rule.type == "login") {
|
||||||
|
return res.status(401).render('error/login', {
|
||||||
|
error_code: 401,
|
||||||
|
session: req.session
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
return res.status(401).render('error/error', {
|
||||||
|
error_code: 401,
|
||||||
|
session: req.session
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -98,13 +105,14 @@ route.all('/*', (req, res, next) => {
|
|||||||
|
|
||||||
if(fileCheck(req.path)) {
|
if(fileCheck(req.path)) {
|
||||||
return res.render(req.path.replace(/^\//, ''), {
|
return res.render(req.path.replace(/^\//, ''), {
|
||||||
user: req.session.user
|
session: req.session,
|
||||||
|
cfg: global['gds'].cfg
|
||||||
});
|
});
|
||||||
} else {
|
} else {
|
||||||
return res.status(404).render('error/404', {
|
return res.status(404).render('error/404', {
|
||||||
error_code: 404,
|
error_code: 404,
|
||||||
error_msg: 'msg.request.file.not_found',
|
error_msg: 'msg.request.file.not_found',
|
||||||
user: req.session.user
|
session: req.session
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user