2017-09-22 09:54:35 -04:00
|
|
|
Project = require('../../models/Project').Project
|
2017-11-01 07:50:04 -04:00
|
|
|
CollaboratorsHandler = require('../Collaborators/CollaboratorsHandler')
|
2017-09-22 09:54:35 -04:00
|
|
|
PublicAccessLevels = require '../Authorization/PublicAccessLevels'
|
2017-10-19 11:26:01 -04:00
|
|
|
PrivilegeLevels = require '../Authorization/PrivilegeLevels'
|
2017-09-22 09:54:35 -04:00
|
|
|
ObjectId = require("mongojs").ObjectId
|
2017-10-18 08:04:37 -04:00
|
|
|
Settings = require('settings-sharelatex')
|
2017-09-22 09:54:35 -04:00
|
|
|
|
|
|
|
module.exports = TokenAccessHandler =
|
|
|
|
|
2017-10-18 08:04:37 -04:00
|
|
|
ANONYMOUS_READ_AND_WRITE_ENABLED:
|
|
|
|
Settings.allowAnonymousReadAndWriteSharing == true
|
|
|
|
|
2018-09-24 12:06:11 -04:00
|
|
|
findProjectWithReadOnlyToken: (token, callback=(err, project, projectExists)->) ->
|
2017-09-22 09:54:35 -04:00
|
|
|
Project.findOne {
|
2018-09-24 12:06:11 -04:00
|
|
|
'tokens.readOnly': token
|
|
|
|
}, {_id: 1, publicAccesLevel: 1, owner_ref: 1}, (err, project) ->
|
|
|
|
if err?
|
|
|
|
return callback(err)
|
|
|
|
if !project?
|
|
|
|
return callback(null, null, false)
|
|
|
|
if project.publicAccesLevel != PublicAccessLevels.TOKEN_BASED
|
|
|
|
return callback(null, null, true)
|
|
|
|
return callback(null, project, true)
|
2017-09-22 09:54:35 -04:00
|
|
|
|
|
|
|
findProjectWithReadAndWriteToken: (token, callback=(err, project)->) ->
|
|
|
|
Project.findOne {
|
|
|
|
'tokens.readAndWrite': token,
|
|
|
|
'publicAccesLevel': PublicAccessLevels.TOKEN_BASED
|
2017-10-16 11:44:20 -04:00
|
|
|
}, {_id: 1, publicAccesLevel: 1, owner_ref: 1}, callback
|
2017-09-22 09:54:35 -04:00
|
|
|
|
2018-09-12 06:06:05 -04:00
|
|
|
findProjectWithHigherAccess: (token, userId, callback=(err, project, projectExists)->) ->
|
2017-10-16 08:20:15 -04:00
|
|
|
Project.findOne {
|
2017-11-01 07:50:04 -04:00
|
|
|
$or: [
|
|
|
|
{'tokens.readAndWrite': token},
|
|
|
|
{'tokens.readOnly': token}
|
|
|
|
]
|
|
|
|
}, {_id: 1}, (err, project) ->
|
|
|
|
if err?
|
|
|
|
return callback(err)
|
|
|
|
if !project?
|
2018-09-12 06:06:05 -04:00
|
|
|
return callback(null, null, false) # Project doesn't exist, so we handle differently
|
2017-11-01 07:50:04 -04:00
|
|
|
projectId = project._id
|
|
|
|
CollaboratorsHandler.isUserInvitedMemberOfProject userId, projectId, (err, isMember) ->
|
|
|
|
if err?
|
|
|
|
return callback(err)
|
2018-09-12 06:06:05 -04:00
|
|
|
callback(
|
|
|
|
null,
|
|
|
|
if isMember == true then project else null,
|
|
|
|
true # Project does exist, but user doesn't have access
|
|
|
|
)
|
2017-10-16 08:20:15 -04:00
|
|
|
|
2017-09-22 09:54:35 -04:00
|
|
|
addReadOnlyUserToProject: (userId, projectId, callback=(err)->) ->
|
|
|
|
userId = ObjectId(userId.toString())
|
|
|
|
projectId = ObjectId(projectId.toString())
|
|
|
|
Project.update {
|
|
|
|
_id: projectId
|
|
|
|
}, {
|
|
|
|
$addToSet: {tokenAccessReadOnly_refs: userId}
|
2017-10-03 09:14:22 -04:00
|
|
|
}, callback
|
2017-09-22 09:54:35 -04:00
|
|
|
|
|
|
|
addReadAndWriteUserToProject: (userId, projectId, callback=(err)->) ->
|
|
|
|
userId = ObjectId(userId.toString())
|
|
|
|
projectId = ObjectId(projectId.toString())
|
|
|
|
Project.update {
|
|
|
|
_id: projectId
|
|
|
|
}, {
|
|
|
|
$addToSet: {tokenAccessReadAndWrite_refs: userId}
|
2017-10-03 09:14:22 -04:00
|
|
|
}, callback
|
2017-09-22 09:54:35 -04:00
|
|
|
|
2017-10-18 08:04:37 -04:00
|
|
|
grantSessionTokenAccess: (req, projectId, token) ->
|
2017-09-22 09:54:35 -04:00
|
|
|
if req.session?
|
2017-10-18 08:04:37 -04:00
|
|
|
if !req.session.anonTokenAccess?
|
|
|
|
req.session.anonTokenAccess = {}
|
|
|
|
req.session.anonTokenAccess[projectId.toString()] = token.toString()
|
2017-09-22 09:54:35 -04:00
|
|
|
|
2017-10-13 06:20:57 -04:00
|
|
|
getRequestToken: (req, projectId) ->
|
2017-09-27 09:01:52 -04:00
|
|
|
token = (
|
2017-10-18 08:04:37 -04:00
|
|
|
req?.session?.anonTokenAccess?[projectId.toString()] or
|
2017-10-20 05:10:21 -04:00
|
|
|
req?.headers['x-sl-anonymous-access-token']
|
2017-09-27 09:01:52 -04:00
|
|
|
)
|
2017-10-13 06:20:57 -04:00
|
|
|
return token
|
|
|
|
|
2017-10-18 08:04:37 -04:00
|
|
|
isValidToken: (projectId, token, callback=(err, isValidReadAndWrite, isValidReadOnly)->) ->
|
2017-09-27 09:01:52 -04:00
|
|
|
if !token
|
2017-10-18 08:04:37 -04:00
|
|
|
return callback null, false, false
|
|
|
|
_validate = (project) ->
|
|
|
|
project? and
|
|
|
|
project.publicAccesLevel == PublicAccessLevels.TOKEN_BASED and
|
|
|
|
project._id.toString() == projectId.toString()
|
|
|
|
TokenAccessHandler.findProjectWithReadAndWriteToken token, (err, readAndWriteProject) ->
|
2017-09-27 09:01:52 -04:00
|
|
|
return callback(err) if err?
|
2017-10-18 08:04:37 -04:00
|
|
|
isValidReadAndWrite = _validate(readAndWriteProject)
|
|
|
|
TokenAccessHandler.findProjectWithReadOnlyToken token, (err, readOnlyProject) ->
|
|
|
|
return callback(err) if err?
|
|
|
|
isValidReadOnly = _validate(readOnlyProject)
|
|
|
|
callback null, isValidReadAndWrite, isValidReadOnly
|
2017-10-19 11:26:01 -04:00
|
|
|
|
|
|
|
protectTokens: (project, privilegeLevel) ->
|
|
|
|
if project? && project.tokens?
|
|
|
|
if privilegeLevel == PrivilegeLevels.OWNER
|
|
|
|
return
|
|
|
|
if privilegeLevel != PrivilegeLevels.READ_AND_WRITE
|
|
|
|
project.tokens.readAndWrite = ''
|
|
|
|
if privilegeLevel != PrivilegeLevels.READ_ONLY
|
|
|
|
project.tokens.readOnly = ''
|