overleaf/services/web/app/coffee/Features/TokenAccess/TokenAccessController.coffee

107 lines
4.5 KiB
CoffeeScript
Raw Normal View History

ProjectController = require "../Project/ProjectController"
2017-09-22 09:54:35 -04:00
AuthenticationController = require '../Authentication/AuthenticationController'
TokenAccessHandler = require './TokenAccessHandler'
2017-10-25 05:34:18 -04:00
EditorRealTimeController = require "../Editor/EditorRealTimeController"
Errors = require '../Errors/Errors'
2017-10-03 09:04:59 -04:00
logger = require 'logger-sharelatex'
2017-09-22 09:54:35 -04:00
module.exports = TokenAccessController =
_loadEditor: (projectId, req, res, next) ->
req.params.Project_id = projectId.toString()
return ProjectController.loadEditor(req, res, next)
2017-09-22 09:54:35 -04:00
readAndWriteToken: (req, res, next) ->
userId = AuthenticationController.getLoggedInUserId(req)
token = req.params['read_and_write_token']
logger.log {userId, token}, "requesting read-and-write token access"
TokenAccessHandler.findProjectWithReadAndWriteToken token, (err, project) ->
if err?
logger.err {err, token, userId},
"error getting project by readAndWrite token"
return next(err)
if !project?
logger.log {token, userId},
"no project found for readAndWrite token"
if !userId?
logger.log {token},
"No project found with read-write token, anonymous user"
return next(new Errors.NotFoundError())
TokenAccessHandler
.findPrivateOverleafProjectWithReadAndWriteToken token, (err, project) ->
if err?
logger.err {err, token, userId},
"error getting project by readAndWrite token"
return next(err)
if !project?
logger.log {token, userId},
"no private-overleaf project found with readAndWriteToken"
return next(new Errors.NotFoundError())
logger.log {token, projectId: project._id}, "redirecting user to project"
res.redirect(302, "/project/#{project._id}")
else
if !userId?
if TokenAccessHandler.ANONYMOUS_READ_AND_WRITE_ENABLED
logger.log {token, projectId: project._id},
"allow anonymous read-and-write token access"
TokenAccessHandler.grantSessionTokenAccess(req, project._id, token)
req._anonymousAccessToken = token
return TokenAccessController._loadEditor(project._id, req, res, next)
else
logger.log {token, projectId: project._id},
"deny anonymous read-and-write token access"
return next(new Errors.NotFoundError())
if project.owner_ref.toString() == userId
logger.log {userId, projectId: project._id},
"user is already project owner"
return TokenAccessController._loadEditor(project._id, req, res, next)
logger.log {userId, projectId: project._id},
"adding user to project with readAndWrite token"
TokenAccessHandler.addReadAndWriteUserToProject userId, project._id, (err) ->
if err?
logger.err {err, token, userId, projectId: project._id},
"error adding user to project with readAndWrite token"
return next(err)
2017-10-25 06:29:05 -04:00
# TODO: check if this is still needed by the client
2017-10-25 05:34:18 -04:00
setTimeout( () ->
EditorRealTimeController.emitToRoom(
'project:membership:changed',
{tokenMembers: true}
)
, 1000)
return TokenAccessController._loadEditor(project._id, req, res, next)
2017-09-22 09:54:35 -04:00
readOnlyToken: (req, res, next) ->
userId = AuthenticationController.getLoggedInUserId(req)
token = req.params['read_only_token']
logger.log {userId, token}, "requesting read-only token access"
TokenAccessHandler.findProjectWithReadOnlyToken token, (err, project) ->
if err?
2017-10-03 09:04:59 -04:00
logger.err {err, token, userId},
2017-09-22 09:54:35 -04:00
"error getting project by readOnly token"
return next(err)
if !project?
logger.log {token, userId},
"no project found for readAndWrite token"
return next(new Errors.NotFoundError())
2017-09-22 09:54:35 -04:00
if !userId?
logger.log {userId, projectId: project._id},
"adding anonymous user to project with readOnly token"
TokenAccessHandler.grantSessionTokenAccess(req, project._id, token)
req._anonymousAccessToken = token
return TokenAccessController._loadEditor(project._id, req, res, next)
2017-09-22 09:54:35 -04:00
else
if project.owner_ref.toString() == userId
logger.log {userId, projectId: project._id},
"user is already project owner"
return TokenAccessController._loadEditor(project._id, req, res, next)
2017-09-22 09:54:35 -04:00
logger.log {userId, projectId: project._id},
"adding user to project with readOnly token"
TokenAccessHandler.addReadOnlyUserToProject userId, project._id, (err) ->
if err?
logger.err {err, token, userId, projectId: project._id},
"error adding user to project with readAndWrite token"
return next(err)
return TokenAccessController._loadEditor(project._id, req, res, next)
2017-09-22 09:54:35 -04:00