|
|
@ -90,30 +90,36 @@ let getRoutes = async () => { |
|
|
|
* all other routes |
|
|
|
* @url /* |
|
|
|
* @method all |
|
|
|
* @TODO comments |
|
|
|
*/ |
|
|
|
route.all('/*', asyncer(async (req, res, next) => { |
|
|
|
route.get('/*', asyncer(async (req, res, next) => { |
|
|
|
// passthrough to next route
|
|
|
|
if(req.path.startsWith('/api')) |
|
|
|
return next(); |
|
|
|
|
|
|
|
if(req.path == "/request") return res.render('error/404'); |
|
|
|
|
|
|
|
let pathRules = require("./rules"); |
|
|
|
let pathRules = await db.getPathRules(); |
|
|
|
|
|
|
|
let group = "anon"; |
|
|
|
// retrieve guest group - set as default
|
|
|
|
let groups = await db.getGroups(); |
|
|
|
guestId = null; |
|
|
|
groups.reply.forEach((group) => { |
|
|
|
if(group.name == "Guest") guestId = group._id; |
|
|
|
}); |
|
|
|
let group = guestId; |
|
|
|
|
|
|
|
// set user group
|
|
|
|
if(req.session && req.session.user) { |
|
|
|
group = "user"; |
|
|
|
if(req.session.user.group == 999) group = "admin"; |
|
|
|
group = req.session.user.group; |
|
|
|
} |
|
|
|
|
|
|
|
pathRules.forEach((rule) => { |
|
|
|
for(i = 0; i < pathRules.reply.length; i++) { |
|
|
|
rule = pathRules.reply[i]; |
|
|
|
if(rule.rule == "block") { |
|
|
|
if(group == rule.group) { |
|
|
|
if(group == String(rule.group)) { |
|
|
|
let regex = new RegExp(rule.expression, "g"); |
|
|
|
if(regex.test(req.path)) { |
|
|
|
if(rule.type == "404") { |
|
|
|
global['logs'].info("[web] (404) path not found: "+req.path); |
|
|
|
return res.status(404).render('error/404', { |
|
|
|
error_code: 404, |
|
|
|
error_msg: 'msg.request.file.not_found', |
|
|
@ -126,7 +132,7 @@ let getRoutes = async () => { |
|
|
|
session: req.session, |
|
|
|
cfg: cfg |
|
|
|
}); |
|
|
|
} else if(rule.type == "login") { |
|
|
|
} else if(rule.type == "login" && (!req.session || !req.session.user)) { |
|
|
|
return res.status(401).render('error/login', { |
|
|
|
error_code: 401, |
|
|
|
session: req.session, |
|
|
@ -142,15 +148,13 @@ let getRoutes = async () => { |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
}); |
|
|
|
|
|
|
|
}; |
|
|
|
|
|
|
|
let dir = global['__dirname'] + '/bin/web/views'; |
|
|
|
let path_j = path.join(dir, req.path.toLowerCase()); |
|
|
|
if(fs.existsSync(path_j+'.pug')) { |
|
|
|
return res.render(req.path.replace(/^\//, ''), { |
|
|
|
session: req.session, |
|
|
|
apps: apps.reply, |
|
|
|
cfg: cfg |
|
|
|
}); |
|
|
|
} else { |
|
|
@ -162,10 +166,6 @@ let getRoutes = async () => { |
|
|
|
cfg: cfg |
|
|
|
}); |
|
|
|
} |
|
|
|
|
|
|
|
// TODO: try to login
|
|
|
|
// TODO: role-based authorization
|
|
|
|
// TODO: show login page or page
|
|
|
|
})); |
|
|
|
|
|
|
|
return route; |
|
|
|