web - dynamic path rules

bin/web/module.js

@@ -33,7 +33,7 @@ methods.start = () => {
 	// Access Control Headers
 	app.use( (req, res, next) => {
 		res.set({
-			'X-Powered-By': global['gds'].cfg
+			'X-Powered-By': global['gds'].cfg.web.poweredBy
 		});
 		res.header("Access-Control-Allow-Origin", "*");
 		res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
@@ -78,6 +78,10 @@ methods.start = () => {
 	}));
 	app.use(cp(global['gds'].cfg.web.cookieKey));
 
+	// Pretty print
+	if(app.get('env') === 'debug')
+		app.locals.pretty = true;
+
 	// Sessions
 	session_options = {
 		secret: global['gds'].cfg.web.sessionKey,

bin/web/routes/rules.js

@@ -6,10 +6,25 @@
 
 /**
  * EXPLANATIONS:
+ *
  * groups: ["anon", "user", "admin"]
  * - anon: not logged in; no cookies
  * - user: logged in; non-special group
  * - admin: logged in; admin group 999 or equivalent
+ *
+ * expressions: RegExp tested on req.path
+ * - ex.:
+ * - req.path = "/profile/456";
+ * - expression = "(/profile/.*)";
+ * - (new RegExp(expression, "g")).test(req.path) ~> true
+ *
+ * rules: rules which can be rolled out
+ * - block: block direct access
+ *
+ * types: ["404", "missing_permission"]
+ * - 404: File not found
+ * - missing_permission: Missing Permission page
+ * - login: login page
  */
 let rules = [
 	{
@@ -24,6 +39,12 @@ let rules = [
 		rule: "block",
 		type: "404"
 	},
+	{
+		group: "anon",
+		expression: "(/admin/.*)",
+		rule: "block",
+		type: "login"
+	},
 	{
 		group: "user",
 		expression: "(/blocks/.*)",
@@ -35,6 +56,12 @@ let rules = [
 		expression: "(/error/.*)",
 		rule: "block",
 		type: "404"
+	},
+	{
+		group: "user",
+		expression: "(/admin/.*)",
+		rule: "block",
+		type: "missing_permission"
 	}
 ];
 

bin/web/routes/static.js

@@ -77,18 +77,25 @@ route.all('/*', (req, res, next) => {
 				let regex = new RegExp(rule.expression, "g");
 				if(regex.test(req.path)) {
 					if(rule.type == "404") {
-						resSent = true;
 						return res.status(404).render('error/404', {
 							error_code: 404,
 							error_msg: 'msg.request.file.not_found',
-							user: req.session.user
+							session: req.session
 						});
 					} else if(rule.type == "missing_permission") {
-						resSent = true;
 						return res.status(401).render('error/permission', {
 							error_code: 401,
-							error_msg: 'msg.auth.login.required',
-							user: req.session.user
+							session: req.session
+						});
+					} else if(rule.type == "login") {
+						return res.status(401).render('error/login', {
+							error_code: 401,
+							session: req.session
+						});
+					} else {
+						return res.status(401).render('error/error', {
+							error_code: 401,
+							session: req.session
 						});
 					}
 				}
@@ -98,13 +105,14 @@ route.all('/*', (req, res, next) => {
 
 	if(fileCheck(req.path)) {
 		return res.render(req.path.replace(/^\//, ''), {
-			user: req.session.user
+			session: req.session,
+			cfg: global['gds'].cfg
 		});
 	} else {
 		return res.status(404).render('error/404', {
 			error_code: 404,
 			error_msg: 'msg.request.file.not_found',
-			user: req.session.user
+			session: req.session
 		});
 	}