1
0
Fork 0

web,db - path rules are now handled by db queries

This commit is contained in:
Ruben Meyer 2020-08-31 09:42:38 +02:00
parent 2420bd2e80
commit 8ddd2e9013
Signed by: rxbn_
GPG Key ID: BE3BF898BE352FE2
4 changed files with 55 additions and 61 deletions

View File

@ -51,6 +51,15 @@ models.group = new Schema({
roles: {type: String, default: ""} // roles; separated by commas "a,b,a.b,c.*,d.z.*"
});
// pathRules for access management
models.pathRules = new Schema({
group: Schema.Types.ObjectId, // reference to group
expression: String, // path expression; e.g.: "(/blocks/.*)"
rule: String, // e.g.: block
type: String, // e.g: "404", "missing_permission", "login",
options: {type: Object, default: {}} // more options...
});
// application | service
models.application = new Schema({
name: String, // recognizable application name; ex. "passRXBN - Password Manager"
@ -81,6 +90,7 @@ module.exports = (con) => {
// initialize models
mdls.user = con.model('User', models.user);
mdls.group = con.model('Group', models.group);
mdls.pathRules = con.model('PathRules', models.pathRules);
mdls.application = con.model('Application', models.application);
mdls.activity = con.model('Activity', models.activity);
mdls.authCode = con.model('AuthCode', models.authCode);

View File

@ -260,6 +260,31 @@ methods.addActivity = async (id, data) => {
}
};
// //////// //////// ////////// // // ////////
// // // // // // // // //
// //////// // // // // // //
// // //////// // //////// ////////
// // // // // // // //
// // // // // // // ////////
//
////////////////////////////////////////////////////////////
/**
* get pathrules
* @author Ruben Meyer
* @async
* @return {Object} async(rules, err)
*/
methods.getPathRules = async () => {
var PathRules = models.pathRules;
try {
rules = await PathRules.find({}).exec();
return {reply: rules};
} catch(err) {
return {err: err};
}
};
// //////// //////// //////// //////
// // // // // // // //

View File

@ -7,11 +7,6 @@
/**
* EXPLANATIONS:
*
* groups: ["anon", "user", "admin"]
* - anon: not logged in; no cookies
* - user: logged in; non-special group
* - admin: logged in; admin group 999 or equivalent
*
* expressions: RegExp tested on req.path
* - ex.:
* - req.path = "/profile/456";
@ -25,44 +20,8 @@
* - 404: File not found
* - missing_permission: Missing Permission page
* - login: login page
*
* NOW ADDED TO DATABASE
*/
let rules = [
{
group: "anon",
expression: "(/blocks/.*)",
rule: "block",
type: "404"
},
{
group: "anon",
expression: "(/error/.*)",
rule: "block",
type: "404"
},
{
group: "anon",
expression: "(/admin/.*)",
rule: "block",
type: "login"
},
{
group: "user",
expression: "(/blocks/.*)",
rule: "block",
type: "404"
},
{
group: "user",
expression: "(/error/.*)",
rule: "block",
type: "404"
},
{
group: "user",
expression: "(/admin/.*)",
rule: "block",
type: "missing_permission"
}
];
module.exports = rules;
module.exports = [];

View File

@ -90,30 +90,36 @@ let getRoutes = async () => {
* all other routes
* @url /*
* @method all
* @TODO comments
*/
route.all('/*', asyncer(async (req, res, next) => {
route.get('/*', asyncer(async (req, res, next) => {
// passthrough to next route
if(req.path.startsWith('/api'))
return next();
if(req.path == "/request") return res.render('error/404');
let pathRules = require("./rules");
let pathRules = await db.getPathRules();
let group = "anon";
// retrieve guest group - set as default
let groups = await db.getGroups();
guestId = null;
groups.reply.forEach((group) => {
if(group.name == "Guest") guestId = group._id;
});
let group = guestId;
// set user group
if(req.session && req.session.user) {
group = "user";
if(req.session.user.group == 999) group = "admin";
group = req.session.user.group;
}
pathRules.forEach((rule) => {
for(i = 0; i < pathRules.reply.length; i++) {
rule = pathRules.reply[i];
if(rule.rule == "block") {
if(group == rule.group) {
if(group == String(rule.group)) {
let regex = new RegExp(rule.expression, "g");
if(regex.test(req.path)) {
if(rule.type == "404") {
global['logs'].info("[web] (404) path not found: "+req.path);
return res.status(404).render('error/404', {
error_code: 404,
error_msg: 'msg.request.file.not_found',
@ -126,7 +132,7 @@ let getRoutes = async () => {
session: req.session,
cfg: cfg
});
} else if(rule.type == "login") {
} else if(rule.type == "login" && (!req.session || !req.session.user)) {
return res.status(401).render('error/login', {
error_code: 401,
session: req.session,
@ -142,15 +148,13 @@ let getRoutes = async () => {
}
}
}
});
};
let dir = global['__dirname'] + '/bin/web/views';
let path_j = path.join(dir, req.path.toLowerCase());
if(fs.existsSync(path_j+'.pug')) {
return res.render(req.path.replace(/^\//, ''), {
session: req.session,
apps: apps.reply,
cfg: cfg
});
} else {
@ -162,10 +166,6 @@ let getRoutes = async () => {
cfg: cfg
});
}
// TODO: try to login
// TODO: role-based authorization
// TODO: show login page or page
}));
return route;