From 8ddd2e9013e18095a22cd647d25364225453e2e4 Mon Sep 17 00:00:00 2001 From: rxbn_ Date: Mon, 31 Aug 2020 09:42:38 +0200 Subject: [PATCH] web,db - path rules are now handled by db queries --- bin/database/models.js | 10 +++++++++ bin/database/module.js | 25 +++++++++++++++++++++ bin/web/routes/rules.js | 47 +++------------------------------------- bin/web/routes/static.js | 34 ++++++++++++++--------------- 4 files changed, 55 insertions(+), 61 deletions(-) diff --git a/bin/database/models.js b/bin/database/models.js index 911aacf..01b0087 100644 --- a/bin/database/models.js +++ b/bin/database/models.js @@ -51,6 +51,15 @@ models.group = new Schema({ roles: {type: String, default: ""} // roles; separated by commas "a,b,a.b,c.*,d.z.*" }); +// pathRules for access management +models.pathRules = new Schema({ + group: Schema.Types.ObjectId, // reference to group + expression: String, // path expression; e.g.: "(/blocks/.*)" + rule: String, // e.g.: block + type: String, // e.g: "404", "missing_permission", "login", + options: {type: Object, default: {}} // more options... +}); + // application | service models.application = new Schema({ name: String, // recognizable application name; ex. "passRXBN - Password Manager" @@ -81,6 +90,7 @@ module.exports = (con) => { // initialize models mdls.user = con.model('User', models.user); mdls.group = con.model('Group', models.group); + mdls.pathRules = con.model('PathRules', models.pathRules); mdls.application = con.model('Application', models.application); mdls.activity = con.model('Activity', models.activity); mdls.authCode = con.model('AuthCode', models.authCode); diff --git a/bin/database/module.js b/bin/database/module.js index 865f5b7..98b5bf9 100644 --- a/bin/database/module.js +++ b/bin/database/module.js @@ -260,6 +260,31 @@ methods.addActivity = async (id, data) => { } }; +// //////// //////// ////////// // // //////// +// // // // // // // // // +// //////// // // // // // // +// // //////// // //////// //////// +// // // // // // // // +// // // // // // // //////// +// +//////////////////////////////////////////////////////////// + + +/** + * get pathrules + * @author Ruben Meyer + * @async + * @return {Object} async(rules, err) + */ +methods.getPathRules = async () => { + var PathRules = models.pathRules; + try { + rules = await PathRules.find({}).exec(); + return {reply: rules}; + } catch(err) { + return {err: err}; + } +}; // //////// //////// //////// ////// // // // // // // // // diff --git a/bin/web/routes/rules.js b/bin/web/routes/rules.js index 63d4b10..651faf2 100644 --- a/bin/web/routes/rules.js +++ b/bin/web/routes/rules.js @@ -7,11 +7,6 @@ /** * EXPLANATIONS: * - * groups: ["anon", "user", "admin"] - * - anon: not logged in; no cookies - * - user: logged in; non-special group - * - admin: logged in; admin group 999 or equivalent - * * expressions: RegExp tested on req.path * - ex.: * - req.path = "/profile/456"; @@ -25,44 +20,8 @@ * - 404: File not found * - missing_permission: Missing Permission page * - login: login page + * + * NOW ADDED TO DATABASE */ -let rules = [ - { - group: "anon", - expression: "(/blocks/.*)", - rule: "block", - type: "404" - }, - { - group: "anon", - expression: "(/error/.*)", - rule: "block", - type: "404" - }, - { - group: "anon", - expression: "(/admin/.*)", - rule: "block", - type: "login" - }, - { - group: "user", - expression: "(/blocks/.*)", - rule: "block", - type: "404" - }, - { - group: "user", - expression: "(/error/.*)", - rule: "block", - type: "404" - }, - { - group: "user", - expression: "(/admin/.*)", - rule: "block", - type: "missing_permission" - } -]; -module.exports = rules; +module.exports = []; diff --git a/bin/web/routes/static.js b/bin/web/routes/static.js index 4ccff68..681c69d 100644 --- a/bin/web/routes/static.js +++ b/bin/web/routes/static.js @@ -90,30 +90,36 @@ let getRoutes = async () => { * all other routes * @url /* * @method all - * @TODO comments */ - route.all('/*', asyncer(async (req, res, next) => { + route.get('/*', asyncer(async (req, res, next) => { // passthrough to next route if(req.path.startsWith('/api')) return next(); if(req.path == "/request") return res.render('error/404'); - let pathRules = require("./rules"); + let pathRules = await db.getPathRules(); - let group = "anon"; + // retrieve guest group - set as default + let groups = await db.getGroups(); + guestId = null; + groups.reply.forEach((group) => { + if(group.name == "Guest") guestId = group._id; + }); + let group = guestId; + + // set user group if(req.session && req.session.user) { - group = "user"; - if(req.session.user.group == 999) group = "admin"; + group = req.session.user.group; } - pathRules.forEach((rule) => { + for(i = 0; i < pathRules.reply.length; i++) { + rule = pathRules.reply[i]; if(rule.rule == "block") { - if(group == rule.group) { + if(group == String(rule.group)) { let regex = new RegExp(rule.expression, "g"); if(regex.test(req.path)) { if(rule.type == "404") { - global['logs'].info("[web] (404) path not found: "+req.path); return res.status(404).render('error/404', { error_code: 404, error_msg: 'msg.request.file.not_found', @@ -126,7 +132,7 @@ let getRoutes = async () => { session: req.session, cfg: cfg }); - } else if(rule.type == "login") { + } else if(rule.type == "login" && (!req.session || !req.session.user)) { return res.status(401).render('error/login', { error_code: 401, session: req.session, @@ -142,15 +148,13 @@ let getRoutes = async () => { } } } - }); - + }; let dir = global['__dirname'] + '/bin/web/views'; let path_j = path.join(dir, req.path.toLowerCase()); if(fs.existsSync(path_j+'.pug')) { return res.render(req.path.replace(/^\//, ''), { session: req.session, - apps: apps.reply, cfg: cfg }); } else { @@ -162,10 +166,6 @@ let getRoutes = async () => { cfg: cfg }); } - - // TODO: try to login - // TODO: role-based authorization - // TODO: show login page or page })); return route;