overleaf/services/web/app/coffee/router.coffee

334 lines
18 KiB
CoffeeScript
Raw Normal View History

AdminController = require('./Features/ServerAdmin/AdminController')
2014-06-20 12:17:24 -04:00
ErrorController = require('./Features/Errors/ErrorController')
ProjectController = require("./Features/Project/ProjectController")
2014-02-12 05:23:40 -05:00
ProjectApiController = require("./Features/Project/ProjectApiController")
SpellingController = require('./Features/Spelling/SpellingController')
SecurityManager = require('./managers/SecurityManager')
2014-02-12 05:23:40 -05:00
AuthorizationManager = require('./Features/Security/AuthorizationManager')
EditorController = require("./Features/Editor/EditorController")
2014-06-05 11:18:25 -04:00
EditorHttpController = require("./Features/Editor/EditorHttpController")
2014-02-12 05:23:40 -05:00
EditorUpdatesController = require("./Features/Editor/EditorUpdatesController")
Settings = require('settings-sharelatex')
TpdsController = require('./Features/ThirdPartyDataStore/TpdsController')
dropboxHandler = require('./Features/Dropbox/DropboxHandler')
SubscriptionRouter = require './Features/Subscription/SubscriptionRouter'
UploadsRouter = require './Features/Uploads/UploadsRouter'
metrics = require('./infrastructure/Metrics')
ReferalController = require('./Features/Referal/ReferalController')
ReferalMiddleware = require('./Features/Referal/ReferalMiddleware')
TemplatesController = require('./Features/Templates/TemplatesController')
TemplatesMiddlewear = require('./Features/Templates/TemplatesMiddlewear')
AuthenticationController = require('./Features/Authentication/AuthenticationController')
TagsController = require("./Features/Tags/TagsController")
CollaboratorsController = require('./Features/Collaborators/CollaboratorsController')
UserInfoController = require('./Features/User/UserInfoController')
UserController = require("./Features/User/UserController")
UserPagesController = require('./Features/User/UserPagesController')
2014-02-12 05:23:40 -05:00
DocumentController = require('./Features/Documents/DocumentController')
CompileManager = require("./Features/Compile/CompileManager")
CompileController = require("./Features/Compile/CompileController")
HealthCheckController = require("./Features/HealthCheck/HealthCheckController")
ProjectDownloadsController = require "./Features/Downloads/ProjectDownloadsController"
FileStoreController = require("./Features/FileStore/FileStoreController")
2014-03-05 11:31:52 -05:00
TrackChangesController = require("./Features/TrackChanges/TrackChangesController")
DropboxUserController = require("./Features/Dropbox/DropboxUserController")
2014-05-15 11:20:23 -04:00
PasswordResetRouter = require("./Features/PasswordReset/PasswordResetRouter")
2014-06-20 12:17:24 -04:00
StaticPagesRouter = require("./Features/StaticPages/StaticPagesRouter")
2014-05-15 11:20:23 -04:00
2014-02-12 05:23:40 -05:00
logger = require("logger-sharelatex")
_ = require("underscore")
2014-02-12 05:23:40 -05:00
httpAuth = require('express').basicAuth (user, pass)->
isValid = Settings.httpAuthUsers[user] == pass
if !isValid
logger.err user:user, pass:pass, "invalid login details"
return isValid
module.exports = class Router
constructor: (app, io, socketSessions)->
app.use(app.router)
app.get '/login', UserPagesController.loginPage
2014-02-12 05:23:40 -05:00
app.post '/login', AuthenticationController.login
app.get '/logout', UserController.logout
app.get '/restricted', SecurityManager.restricted
2014-02-12 05:23:40 -05:00
app.get '/register', UserPagesController.registerPage
app.post '/register', UserController.register
2014-02-12 05:23:40 -05:00
SubscriptionRouter.apply(app)
UploadsRouter.apply(app)
2014-05-15 11:20:23 -04:00
PasswordResetRouter.apply(app)
2014-06-20 12:17:24 -04:00
StaticPagesRouter.apply(app)
2014-02-12 05:23:40 -05:00
if Settings.enableSubscriptions
app.get '/user/bonus', AuthenticationController.requireLogin(), ReferalMiddleware.getUserReferalId, ReferalController.bonus
app.get '/user/settings', AuthenticationController.requireLogin(), UserPagesController.settingsPage
app.post '/user/settings', AuthenticationController.requireLogin(), UserController.updateUserSettings
app.post '/user/password/update', AuthenticationController.requireLogin(), UserController.changePassword
2014-05-15 11:20:23 -04:00
app.del '/user/newsletter/unsubscribe', AuthenticationController.requireLogin(), UserController.unsubscribe
app.del '/user', AuthenticationController.requireLogin(), UserController.deleteUser
2014-02-12 05:23:40 -05:00
app.get '/dropbox/beginAuth', DropboxUserController.redirectUserToDropboxAuth
app.get '/dropbox/completeRegistration', DropboxUserController.completeDropboxRegistration
app.get '/dropbox/unlink', DropboxUserController.unlinkDropbox
2014-02-12 05:23:40 -05:00
app.get '/user/auth_token', AuthenticationController.requireLogin(), AuthenticationController.getAuthToken
app.get '/user/personal_info', AuthenticationController.requireLogin(allow_auth_token: true), UserInfoController.getLoggedInUsersPersonalInfo
app.get '/user/:user_id/personal_info', httpAuth, UserInfoController.getPersonalInfo
app.get '/project', AuthenticationController.requireLogin(), ProjectController.projectListPage
app.post '/project/new', AuthenticationController.requireLogin(), ProjectController.newProject
2014-04-28 12:47:47 -04:00
2014-02-12 05:23:40 -05:00
app.get '/project/new/template', TemplatesMiddlewear.saveTemplateDataInSession, AuthenticationController.requireLogin(), TemplatesController.createProjectFromZipTemplate
app.get '/Project/:Project_id', SecurityManager.requestCanAccessProject, ProjectController.loadEditor
app.get '/Project/:Project_id/file/:File_id', SecurityManager.requestCanAccessProject, FileStoreController.getFile
2014-02-12 05:23:40 -05:00
2014-06-22 07:10:42 -04:00
app.post '/project/:Project_id/doc', SecurityManager.requestCanModifyProject, EditorHttpController.addDoc
2014-06-22 09:39:38 -04:00
app.post '/project/:Project_id/folder', SecurityManager.requestCanModifyProject, EditorHttpController.addFolder
2014-06-22 07:10:42 -04:00
2014-06-22 15:08:56 -04:00
app.post '/project/:Project_id/:entity_type/:entity_id/rename', SecurityManager.requestCanModifyProject, EditorHttpController.renameEntity
app.post '/project/:Project_id/:entity_type/:entity_id/move', SecurityManager.requestCanModifyProject, EditorHttpController.moveEntity
2014-06-22 15:49:58 -04:00
app.delete '/project/:Project_id/:entity_type/:entity_id', SecurityManager.requestCanModifyProject, EditorHttpController.deleteEntity
2014-06-22 15:08:56 -04:00
app.post '/project/:Project_id/compile', SecurityManager.requestCanAccessProject, CompileController.compile
app.get '/Project/:Project_id/output/output.pdf', SecurityManager.requestCanAccessProject, CompileController.downloadPdf
2014-02-12 05:23:40 -05:00
app.get /^\/project\/([^\/]*)\/output\/(.*)$/,
((req, res, next) ->
params =
"Project_id": req.params[0]
"file": req.params[1]
req.params = params
next()
), SecurityManager.requestCanAccessProject, CompileController.getFileFromClsi
app.del "/project/:Project_id/output", SecurityManager.requestCanAccessProject, CompileController.deleteAuxFiles
2014-04-08 11:49:21 -04:00
app.get "/project/:Project_id/sync/code", SecurityManager.requestCanAccessProject, CompileController.proxySync
app.get "/project/:Project_id/sync/pdf", SecurityManager.requestCanAccessProject, CompileController.proxySync
2014-02-12 05:23:40 -05:00
app.del '/Project/:Project_id', SecurityManager.requestIsOwner, ProjectController.deleteProject
app.post '/Project/:Project_id/restore', SecurityManager.requestIsOwner, ProjectController.restoreProject
app.post '/Project/:Project_id/clone', SecurityManager.requestCanAccessProject, ProjectController.cloneProject
2014-02-12 05:23:40 -05:00
2014-04-28 12:47:47 -04:00
app.post '/project/:Project_id/rename', SecurityManager.requestIsOwner, ProjectController.renameProject
app.get "/project/:Project_id/updates", SecurityManager.requestCanAccessProject, TrackChangesController.proxyToTrackChangesApi
app.get "/project/:Project_id/doc/:doc_id/diff", SecurityManager.requestCanAccessProject, TrackChangesController.proxyToTrackChangesApi
app.post "/project/:Project_id/doc/:doc_id/version/:version_id/restore", SecurityManager.requestCanAccessProject, TrackChangesController.proxyToTrackChangesApi
2014-03-05 11:31:52 -05:00
2014-06-05 11:18:25 -04:00
app.post "/project/:Project_id/doc/:doc_id/restore", SecurityManager.requestCanAccessProject, EditorHttpController.restoreDoc
2014-02-12 05:23:40 -05:00
app.post '/project/:project_id/leave', AuthenticationController.requireLogin(), CollaboratorsController.removeSelfFromProject
app.get '/project/:Project_id/collaborators', SecurityManager.requestCanAccessProject(allow_auth_token: true), CollaboratorsController.getCollaborators
2014-02-12 05:23:40 -05:00
app.get '/Project/:Project_id/download/zip', SecurityManager.requestCanAccessProject, ProjectDownloadsController.downloadProject
app.get '/project/download/zip', SecurityManager.requestCanAccessMultipleProjects, ProjectDownloadsController.downloadMultipleProjects
2014-02-12 05:23:40 -05:00
app.get '/tag', AuthenticationController.requireLogin(), TagsController.getAllTags
app.post '/project/:project_id/tag', AuthenticationController.requireLogin(), TagsController.processTagsUpdate
app.get '/project/:project_id/details', httpAuth, ProjectApiController.getProjectDetails
app.get '/internal/project/:Project_id/zip', httpAuth, ProjectDownloadsController.downloadProject
app.get '/internal/project/:project_id/compile/pdf', httpAuth, CompileController.compileAndDownloadPdf
app.get '/project/:Project_id/doc/:doc_id', httpAuth, DocumentController.getDocument
app.post '/project/:Project_id/doc/:doc_id', httpAuth, DocumentController.setDocument
app.ignoreCsrf('post', '/project/:Project_id/doc/:doc_id')
app.post '/user/:user_id/update/*', httpAuth, TpdsController.mergeUpdate
2014-02-12 05:23:40 -05:00
app.del '/user/:user_id/update/*', httpAuth, TpdsController.deleteUpdate
app.ignoreCsrf('post', '/user/:user_id/update/*')
app.ignoreCsrf('delete', '/user/:user_id/update/*')
app.post "/spelling/check", AuthenticationController.requireLogin(), SpellingController.proxyRequestToSpellingApi
app.post "/spelling/learn", AuthenticationController.requireLogin(), SpellingController.proxyRequestToSpellingApi
#Admin Stuff
app.get '/admin', SecurityManager.requestIsAdmin, AdminController.index
app.post '/admin/closeEditor', SecurityManager.requestIsAdmin, AdminController.closeEditor
app.post '/admin/dissconectAllUsers', SecurityManager.requestIsAdmin, AdminController.dissconectAllUsers
app.post '/admin/writeAllDocsToMongo', SecurityManager.requestIsAdmin, AdminController.writeAllToMongo
app.post '/admin/syncUserToSubscription', SecurityManager.requestIsAdmin, AdminController.syncUserToSubscription
app.post '/admin/flushProjectToTpds', SecurityManager.requestIsAdmin, AdminController.flushProjectToTpds
app.post '/admin/pollUsersWithDropbox', SecurityManager.requestIsAdmin, AdminController.pollUsersWithDropbox
app.post '/admin/updateProjectCompiler', SecurityManager.requestIsAdmin, AdminController.updateProjectCompiler
2014-02-12 05:23:40 -05:00
app.get '/perfTest', (req,res)->
res.send("hello")
req.session.destroy()
app.get '/status', (req,res)->
res.send("websharelatex is up")
req.session.destroy()
app.get '/health_check', HealthCheckController.check
app.get "/status/compiler/:Project_id", SecurityManager.requestCanAccessProject, (req, res) ->
sendRes = _.once (statusCode, message)->
res.writeHead statusCode
res.end message
2014-02-12 05:23:40 -05:00
CompileManager.compile req.params.Project_id, "test-compile", {}, () ->
sendRes 200, "Compiler returned in less than 10 seconds"
2014-02-12 05:23:40 -05:00
setTimeout (() ->
sendRes 500, "Compiler timed out"
2014-02-12 05:23:40 -05:00
), 10000
req.session.destroy()
app.get '/test', (req, res) ->
res.render "tests",
2014-04-07 15:46:58 -04:00
privilegeLevel: "owner"
2014-02-12 05:23:40 -05:00
project:
name: "test"
date: Date.now()
layout: false
userCanSeeDropbox: true
languages: []
app.get "/ip", (req, res, next) ->
2014-06-25 06:06:04 -04:00
res.send({
ip: req.ip
ips: req.ips
headers: req.headers
})
2014-02-12 05:23:40 -05:00
app.get '/oops-express', (req, res, next) -> next(new Error("Test error"))
app.get '/oops-internal', (req, res, next) -> throw new Error("Test error")
app.get '/oops-mongo', (req, res, next) ->
require("./models/Project").Project.findOne {}, () ->
throw new Error("Test error")
app.post '/error/client', (req, res, next) ->
logger.error err: req.body.error, meta: req.body.meta, "client side error"
res.send(204)
2014-06-20 12:17:24 -04:00
app.get '*', ErrorController.notFound
2014-02-12 05:23:40 -05:00
socketSessions.on 'connection', (err, client, session)->
metrics.inc('socket-io.connection')
# This is not ideal - we should come up with a better way of handling
# anonymous users, but various logging lines rely on user._id
if !session or !session.user?
user = {_id: "anonymous-user"}
else
user = session.user
client.on 'joinProject', (data, callback) ->
EditorController.joinProject(client, user, data.project_id, callback)
client.on 'disconnect', () ->
metrics.inc ('socket-io.disconnect')
EditorController.leaveProject client, user
client.on 'reportError', (error, callback) ->
EditorController.reportError client, error, callback
client.on 'sendUpdate', (doc_id, windowName, change)->
AuthorizationManager.ensureClientCanEditProject client, (error, project_id) =>
EditorUpdatesController.applyAceUpdate(client, project_id, doc_id, windowName, change)
client.on 'applyOtUpdate', (doc_id, update) ->
AuthorizationManager.ensureClientCanEditProject client, (error, project_id) =>
EditorUpdatesController.applyOtUpdate(client, project_id, doc_id, update)
client.on 'clientTracking.updatePosition', (cursorData) ->
AuthorizationManager.ensureClientCanViewProject client, (error, project_id) =>
EditorController.updateClientPosition(client, cursorData)
client.on 'addUserToProject', (email, newPrivalageLevel, callback)->
AuthorizationManager.ensureClientCanAdminProject client, (error, project_id) =>
EditorController.addUserToProject project_id, email, newPrivalageLevel, callback
client.on 'removeUserFromProject', (user_id, callback)->
AuthorizationManager.ensureClientCanAdminProject client, (error, project_id) =>
EditorController.removeUserFromProject(project_id, user_id, callback)
client.on 'setSpellCheckLanguage', (compiler, callback)->
AuthorizationManager.ensureClientCanEditProject client, (error, project_id) =>
EditorController.setSpellCheckLanguage project_id, compiler, callback
client.on 'setCompiler', (compiler, callback)->
AuthorizationManager.ensureClientCanEditProject client, (error, project_id) =>
EditorController.setCompiler project_id, compiler, callback
client.on 'leaveDoc', (doc_id, callback)->
AuthorizationManager.ensureClientCanViewProject client, (error, project_id) =>
EditorController.leaveDoc(client, project_id, doc_id, callback)
client.on 'joinDoc', (args...)->
AuthorizationManager.ensureClientCanViewProject client, (error, project_id) =>
EditorController.joinDoc(client, project_id, args...)
client.on 'addDoc', (folder_id, docName, callback)->
AuthorizationManager.ensureClientCanEditProject client, (error, project_id) =>
EditorController.addDoc(project_id, folder_id, docName, [""], callback)
client.on 'addFolder', (folder_id, folderName, callback)->
AuthorizationManager.ensureClientCanEditProject client, (error, project_id) =>
EditorController.addFolder(project_id, folder_id, folderName, callback)
client.on 'deleteEntity', (entity_id, entityType, callback)->
AuthorizationManager.ensureClientCanEditProject client, (error, project_id) =>
EditorController.deleteEntity(project_id, entity_id, entityType, callback)
client.on 'renameEntity', (entity_id, entityType, newName, callback)->
AuthorizationManager.ensureClientCanEditProject client, (error, project_id) =>
EditorController.renameEntity(project_id, entity_id, entityType, newName, callback)
2014-02-12 05:23:40 -05:00
client.on 'moveEntity', (entity_id, folder_id, entityType, callback)->
AuthorizationManager.ensureClientCanEditProject client, (error, project_id) =>
EditorController.moveEntity(project_id, entity_id, folder_id, entityType, callback)
2014-02-12 05:23:40 -05:00
client.on 'setProjectName', (newName, callback)->
2014-02-12 05:23:40 -05:00
AuthorizationManager.ensureClientCanEditProject client, (error, project_id) =>
EditorController.renameProject(project_id, newName, callback)
2014-02-12 05:23:40 -05:00
client.on 'setRootDoc', (newRootDocID, callback)->
AuthorizationManager.ensureClientCanEditProject client, (error, project_id) =>
EditorController.setRootDoc(project_id, newRootDocID, callback)
2014-02-12 05:23:40 -05:00
client.on 'setPublicAccessLevel', (newAccessLevel, callback)->
AuthorizationManager.ensureClientCanAdminProject client, (error, project_id) =>
EditorController.setPublicAccessLevel(project_id, newAccessLevel, callback)
2014-02-12 05:23:40 -05:00
# Deprecated and can be removed after deploying.
2014-02-12 05:23:40 -05:00
client.on 'pdfProject', (opts, callback)->
AuthorizationManager.ensureClientCanViewProject client, (error, project_id) =>
CompileManager.compile project_id, user._id, opts, (error, status, outputFiles) ->
return callback error, status == "success", outputFiles
2014-02-12 05:23:40 -05:00
client.on 'getRootDocumentsList', (callback)->
AuthorizationManager.ensureClientCanEditProject client, (error, project_id) =>
EditorController.getListOfDocPaths project_id, callback
client.on 'forceResyncOfDropbox', (callback)->
AuthorizationManager.ensureClientCanAdminProject client, (error, project_id) =>
EditorController.forceResyncOfDropbox project_id, callback
client.on 'getUserDropboxLinkStatus', (owner_id, callback)->
AuthorizationManager.ensureClientCanAdminProject client, (error, project_id) =>
dropboxHandler.getUserRegistrationStatus owner_id, callback
client.on 'publishProjectAsTemplate', (user_id, callback)->
AuthorizationManager.ensureClientCanAdminProject client, (error, project_id) =>
TemplatesController.publishProject user_id, project_id, callback
client.on 'unPublishProjectAsTemplate', (user_id, callback)->
AuthorizationManager.ensureClientCanAdminProject client, (error, project_id) =>
TemplatesController.unPublishProject user_id, project_id, callback
client.on 'updateProjectDescription', (description, callback)->
AuthorizationManager.ensureClientCanEditProject client, (error, project_id) =>
EditorController.updateProjectDescription project_id, description, callback
client.on "getLastTimePollHappned", (callback)->
EditorController.getLastTimePollHappned(callback)
client.on "getPublishedDetails", (user_id, callback)->
AuthorizationManager.ensureClientCanViewProject client, (error, project_id) =>
TemplatesController.getTemplateDetails user_id, project_id, callback