overleaf/services/web/app/coffee/router.coffee

283 lines
16 KiB
CoffeeScript
Raw Normal View History

AdminController = require('./Features/ServerAdmin/AdminController')
2014-06-20 16:17:24 +00:00
ErrorController = require('./Features/Errors/ErrorController')
ProjectController = require("./Features/Project/ProjectController")
2014-02-12 10:23:40 +00:00
ProjectApiController = require("./Features/Project/ProjectApiController")
SpellingController = require('./Features/Spelling/SpellingController')
EditorController = require("./Features/Editor/EditorController")
EditorRouter = require("./Features/Editor/EditorRouter")
2014-02-12 10:23:40 +00:00
Settings = require('settings-sharelatex')
TpdsController = require('./Features/ThirdPartyDataStore/TpdsController')
SubscriptionRouter = require './Features/Subscription/SubscriptionRouter'
UploadsRouter = require './Features/Uploads/UploadsRouter'
metrics = require('./infrastructure/Metrics')
ReferalController = require('./Features/Referal/ReferalController')
ReferalMiddleware = require('./Features/Referal/ReferalMiddleware')
AuthenticationController = require('./Features/Authentication/AuthenticationController')
TagsController = require("./Features/Tags/TagsController")
NotificationsController = require("./Features/Notifications/NotificationsController")
CollaboratorsRouter = require('./Features/Collaborators/CollaboratorsRouter')
UserInfoController = require('./Features/User/UserInfoController')
UserController = require("./Features/User/UserController")
UserPagesController = require('./Features/User/UserPagesController')
2014-02-12 10:23:40 +00:00
DocumentController = require('./Features/Documents/DocumentController')
CompileManager = require("./Features/Compile/CompileManager")
CompileController = require("./Features/Compile/CompileController")
HealthCheckController = require("./Features/HealthCheck/HealthCheckController")
ProjectDownloadsController = require "./Features/Downloads/ProjectDownloadsController"
FileStoreController = require("./Features/FileStore/FileStoreController")
2014-03-05 16:31:52 +00:00
TrackChangesController = require("./Features/TrackChanges/TrackChangesController")
2014-05-15 15:20:23 +00:00
PasswordResetRouter = require("./Features/PasswordReset/PasswordResetRouter")
2014-06-20 16:17:24 +00:00
StaticPagesRouter = require("./Features/StaticPages/StaticPagesRouter")
ChatController = require("./Features/Chat/ChatController")
2014-07-09 18:49:39 +00:00
BlogController = require("./Features/Blog/BlogController")
2014-09-08 13:19:24 +00:00
Modules = require "./infrastructure/Modules"
2015-02-04 15:05:26 +00:00
RateLimiterMiddlewear = require('./Features/Security/RateLimiterMiddlewear')
RealTimeProxyRouter = require('./Features/RealTimeProxy/RealTimeProxyRouter')
2015-08-13 21:50:39 +00:00
InactiveProjectController = require("./Features/InactiveData/InactiveProjectController")
ContactRouter = require("./Features/Contacts/ContactRouter")
ReferencesController = require('./Features/References/ReferencesController')
AuthorizationMiddlewear = require('./Features/Authorization/AuthorizationMiddlewear')
2016-06-07 12:41:50 +00:00
BetaProgramController = require('./Features/BetaProgram/BetaProgramController')
2014-05-15 15:20:23 +00:00
2014-02-12 10:23:40 +00:00
logger = require("logger-sharelatex")
_ = require("underscore")
2014-02-12 10:23:40 +00:00
module.exports = class Router
constructor: (webRouter, apiRouter)->
if !Settings.allowPublicAccess
webRouter.all '*', AuthenticationController.requireGlobalLogin
webRouter.get '/login', UserPagesController.loginPage
AuthenticationController.addEndpointToLoginWhitelist '/login'
webRouter.post '/login', AuthenticationController.login
webRouter.get '/logout', UserController.logout
webRouter.get '/restricted', AuthorizationMiddlewear.restricted
2014-02-12 10:23:40 +00:00
# Left as a placeholder for implementing a public register page
webRouter.get '/register', UserPagesController.registerPage
AuthenticationController.addEndpointToLoginWhitelist '/register'
2014-02-12 10:23:40 +00:00
EditorRouter.apply(webRouter, apiRouter)
CollaboratorsRouter.apply(webRouter, apiRouter)
SubscriptionRouter.apply(webRouter, apiRouter)
UploadsRouter.apply(webRouter, apiRouter)
PasswordResetRouter.apply(webRouter, apiRouter)
StaticPagesRouter.apply(webRouter, apiRouter)
RealTimeProxyRouter.apply(webRouter, apiRouter)
ContactRouter.apply(webRouter, apiRouter)
Modules.applyRouter(webRouter, apiRouter)
2014-02-12 10:23:40 +00:00
2014-07-09 18:49:39 +00:00
2014-02-12 10:23:40 +00:00
if Settings.enableSubscriptions
webRouter.get '/user/bonus', AuthenticationController.requireLogin(), ReferalMiddleware.getUserReferalId, ReferalController.bonus
webRouter.get '/blog', BlogController.getIndexPage
webRouter.get '/blog/*', BlogController.getPage
webRouter.get '/user/activate', UserPagesController.activateAccountPage
AuthenticationController.addEndpointToLoginWhitelist '/user/activate'
webRouter.get '/user/settings', AuthenticationController.requireLogin(), UserPagesController.settingsPage
webRouter.post '/user/settings', AuthenticationController.requireLogin(), UserController.updateUserSettings
webRouter.post '/user/password/update', AuthenticationController.requireLogin(), UserController.changePassword
2014-05-15 15:20:23 +00:00
webRouter.delete '/user/newsletter/unsubscribe', AuthenticationController.requireLogin(), UserController.unsubscribe
webRouter.delete '/user', AuthenticationController.requireLogin(), UserController.deleteUser
2014-02-12 10:23:40 +00:00
2016-03-10 17:15:14 +00:00
webRouter.get '/user/personal_info', AuthenticationController.requireLogin(), UserInfoController.getLoggedInUsersPersonalInfo
apiRouter.get '/user/:user_id/personal_info', AuthenticationController.httpAuth, UserInfoController.getPersonalInfo
webRouter.get '/project', AuthenticationController.requireLogin(), ProjectController.projectListPage
webRouter.post '/project/new', AuthenticationController.requireLogin(), ProjectController.newProject
2014-04-28 16:47:47 +00:00
webRouter.get '/Project/:Project_id', RateLimiterMiddlewear.rateLimit({
2015-02-04 15:05:26 +00:00
endpointName: "open-project"
params: ["Project_id"]
maxRequests: 10
timeInterval: 60
}), AuthorizationMiddlewear.ensureUserCanReadProject, ProjectController.loadEditor
webRouter.get '/Project/:Project_id/file/:File_id', AuthorizationMiddlewear.ensureUserCanReadProject, FileStoreController.getFile
webRouter.post '/project/:Project_id/settings', AuthorizationMiddlewear.ensureUserCanWriteProjectSettings, ProjectController.updateProjectSettings
webRouter.post '/project/:Project_id/settings/admin', AuthorizationMiddlewear.ensureUserCanAdminProject, ProjectController.updateProjectAdminSettings
2014-02-12 10:23:40 +00:00
webRouter.post '/project/:Project_id/compile', AuthorizationMiddlewear.ensureUserCanReadProject, CompileController.compile
2016-07-14 13:48:46 +00:00
webRouter.post '/project/:Project_id/compile/stop', AuthorizationMiddlewear.ensureUserCanReadProject, CompileController.stopCompile
# Used by the web download buttons, adds filename header
webRouter.get '/project/:Project_id/output/output.pdf', AuthorizationMiddlewear.ensureUserCanReadProject, CompileController.downloadPdf
# Used by the pdf viewers
webRouter.get /^\/project\/([^\/]*)\/output\/(.*)$/,
2014-02-12 10:23:40 +00:00
((req, res, next) ->
params =
"Project_id": req.params[0]
"file": req.params[1]
req.params = params
next()
), AuthorizationMiddlewear.ensureUserCanReadProject, CompileController.getFileFromClsi
# direct url access to output files for a specific build (query string not required)
webRouter.get /^\/project\/([^\/]*)\/build\/([0-9a-f-]+)\/output\/(.*)$/,
((req, res, next) ->
params =
"Project_id": req.params[0]
"build_id": req.params[1]
"file": req.params[2]
2016-07-14 13:48:46 +00:00
req.params = params
next()
), AuthorizationMiddlewear.ensureUserCanReadProject, CompileController.getFileFromClsi
# direct url access to output files for user but no build, to retrieve files when build fails
2016-07-14 13:48:46 +00:00
webRouter.get /^\/project\/([^\/]*)\/user\/([0-9a-f-]+)\/output\/(.*)$/,
((req, res, next) ->
params =
"Project_id": req.params[0]
"user_id": req.params[1]
"file": req.params[2]
req.params = params
next()
), AuthorizationMiddlewear.ensureUserCanReadProject, CompileController.getFileFromClsi
# direct url access to output files for a specific user and build (query string not required)
webRouter.get /^\/project\/([^\/]*)\/user\/([0-9a-f]+)\/build\/([0-9a-f-]+)\/output\/(.*)$/,
((req, res, next) ->
params =
"Project_id": req.params[0]
"user_id": req.params[1]
"build_id": req.params[2]
"file": req.params[3]
req.params = params
next()
), AuthorizationMiddlewear.ensureUserCanReadProject, CompileController.getFileFromClsi
webRouter.delete "/project/:Project_id/output", AuthorizationMiddlewear.ensureUserCanReadProject, CompileController.deleteAuxFiles
webRouter.get "/project/:Project_id/sync/code", AuthorizationMiddlewear.ensureUserCanReadProject, CompileController.proxySyncCode
webRouter.get "/project/:Project_id/sync/pdf", AuthorizationMiddlewear.ensureUserCanReadProject, CompileController.proxySyncPdf
webRouter.get "/project/:Project_id/wordcount", AuthorizationMiddlewear.ensureUserCanReadProject, CompileController.wordCount
2014-02-12 10:23:40 +00:00
webRouter.delete '/Project/:Project_id', AuthorizationMiddlewear.ensureUserCanAdminProject, ProjectController.deleteProject
webRouter.post '/Project/:Project_id/restore', AuthorizationMiddlewear.ensureUserCanAdminProject, ProjectController.restoreProject
webRouter.post '/Project/:Project_id/clone', AuthorizationMiddlewear.ensureUserCanReadProject, ProjectController.cloneProject
2014-04-28 16:47:47 +00:00
webRouter.post '/project/:Project_id/rename', AuthorizationMiddlewear.ensureUserCanAdminProject, ProjectController.renameProject
2014-03-05 16:31:52 +00:00
webRouter.get "/project/:Project_id/updates", AuthorizationMiddlewear.ensureUserCanReadProject, TrackChangesController.proxyToTrackChangesApi
webRouter.get "/project/:Project_id/doc/:doc_id/diff", AuthorizationMiddlewear.ensureUserCanReadProject, TrackChangesController.proxyToTrackChangesApi
webRouter.post "/project/:Project_id/doc/:doc_id/version/:version_id/restore", AuthorizationMiddlewear.ensureUserCanReadProject, TrackChangesController.proxyToTrackChangesApi
2014-02-12 10:23:40 +00:00
webRouter.get '/Project/:Project_id/download/zip', AuthorizationMiddlewear.ensureUserCanReadProject, ProjectDownloadsController.downloadProject
webRouter.get '/project/download/zip', AuthorizationMiddlewear.ensureUserCanReadMultipleProjects, ProjectDownloadsController.downloadMultipleProjects
2014-02-12 10:23:40 +00:00
webRouter.get '/tag', AuthenticationController.requireLogin(), TagsController.getAllTags
webRouter.post '/tag', AuthenticationController.requireLogin(), TagsController.createTag
webRouter.post '/tag/:tag_id/rename', AuthenticationController.requireLogin(), TagsController.renameTag
webRouter.delete '/tag/:tag_id', AuthenticationController.requireLogin(), TagsController.deleteTag
2016-01-29 13:29:25 +00:00
webRouter.post '/tag/:tag_id/project/:project_id', AuthenticationController.requireLogin(), TagsController.addProjectToTag
webRouter.delete '/tag/:tag_id/project/:project_id', AuthenticationController.requireLogin(), TagsController.removeProjectFromTag
2014-02-12 10:23:40 +00:00
webRouter.get '/notifications', AuthenticationController.requireLogin(), NotificationsController.getAllUnreadNotifications
webRouter.delete '/notifications/:notification_id', AuthenticationController.requireLogin(), NotificationsController.markNotificationAsRead
# Deprecated in favour of /internal/project/:project_id but still used by versioning
apiRouter.get '/project/:project_id/details', AuthenticationController.httpAuth, ProjectApiController.getProjectDetails
2014-02-12 10:23:40 +00:00
# New 'stable' /internal API end points
apiRouter.get '/internal/project/:project_id', AuthenticationController.httpAuth, ProjectApiController.getProjectDetails
apiRouter.get '/internal/project/:Project_id/zip', AuthenticationController.httpAuth, ProjectDownloadsController.downloadProject
2015-07-08 12:29:10 +00:00
apiRouter.get '/internal/project/:project_id/compile/pdf', AuthenticationController.httpAuth, CompileController.compileAndDownloadPdf
2015-08-14 10:26:11 +00:00
apiRouter.post '/internal/deactivateOldProjects', AuthenticationController.httpAuth, InactiveProjectController.deactivateOldProjects
apiRouter.post '/internal/project/:project_id/deactivate', AuthenticationController.httpAuth, InactiveProjectController.deactivateProject
2015-08-13 21:50:39 +00:00
webRouter.get /^\/internal\/project\/([^\/]*)\/output\/(.*)$/,
((req, res, next) ->
params =
"Project_id": req.params[0]
"file": req.params[1]
req.params = params
next()
), AuthenticationController.httpAuth, CompileController.getFileFromClsi
2014-02-12 10:23:40 +00:00
apiRouter.get '/project/:Project_id/doc/:doc_id', AuthenticationController.httpAuth, DocumentController.getDocument
apiRouter.post '/project/:Project_id/doc/:doc_id', AuthenticationController.httpAuth, DocumentController.setDocument
2014-02-12 10:23:40 +00:00
apiRouter.post '/user/:user_id/update/*', AuthenticationController.httpAuth, TpdsController.mergeUpdate
apiRouter.delete '/user/:user_id/update/*', AuthenticationController.httpAuth, TpdsController.deleteUpdate
apiRouter.post '/project/:project_id/contents/*', AuthenticationController.httpAuth, TpdsController.updateProjectContents
apiRouter.delete '/project/:project_id/contents/*', AuthenticationController.httpAuth, TpdsController.deleteProjectContents
2014-02-12 10:23:40 +00:00
webRouter.post "/spelling/check", AuthenticationController.requireLogin(), SpellingController.proxyRequestToSpellingApi
webRouter.post "/spelling/learn", AuthenticationController.requireLogin(), SpellingController.proxyRequestToSpellingApi
2014-02-12 10:23:40 +00:00
webRouter.get "/project/:Project_id/messages", AuthorizationMiddlewear.ensureUserCanReadProject, ChatController.getMessages
webRouter.post "/project/:Project_id/messages", AuthorizationMiddlewear.ensureUserCanReadProject, ChatController.sendMessage
webRouter.post "/project/:Project_id/references/index", AuthorizationMiddlewear.ensureUserCanReadProject, ReferencesController.index
webRouter.post "/project/:Project_id/references/indexAll", AuthorizationMiddlewear.ensureUserCanReadProject, ReferencesController.indexAll
2016-06-08 14:11:39 +00:00
webRouter.get "/beta/participate", AuthenticationController.requireLogin(), BetaProgramController.optInPage
2016-06-07 10:15:56 +00:00
webRouter.post "/beta/opt-in", AuthenticationController.requireLogin(), BetaProgramController.optIn
2016-06-08 14:11:39 +00:00
webRouter.post "/beta/opt-out", AuthenticationController.requireLogin(), BetaProgramController.optOut
2016-06-07 10:15:56 +00:00
2014-02-12 10:23:40 +00:00
#Admin Stuff
webRouter.get '/admin', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.index
webRouter.get '/admin/user', AuthorizationMiddlewear.ensureUserIsSiteAdmin, (req, res)-> res.redirect("/admin/register") #this gets removed by admin-panel addon
webRouter.get '/admin/register', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.registerNewUser
webRouter.post '/admin/register', AuthorizationMiddlewear.ensureUserIsSiteAdmin, UserController.register
webRouter.post '/admin/closeEditor', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.closeEditor
webRouter.post '/admin/dissconectAllUsers', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.dissconectAllUsers
webRouter.post '/admin/syncUserToSubscription', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.syncUserToSubscription
webRouter.post '/admin/flushProjectToTpds', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.flushProjectToTpds
webRouter.post '/admin/pollDropboxForUser', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.pollDropboxForUser
webRouter.post '/admin/messages', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.createMessage
webRouter.post '/admin/messages/clear', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.clearMessages
apiRouter.get '/perfTest', (req,res)->
2014-02-12 10:23:40 +00:00
res.send("hello")
apiRouter.get '/status', (req,res)->
2014-02-12 10:23:40 +00:00
res.send("websharelatex is up")
webRouter.get '/dev/csrf', (req, res) ->
res.send res.locals.csrfToken
2014-02-12 10:23:40 +00:00
apiRouter.get '/health_check', HealthCheckController.check
apiRouter.get '/health_check/redis', HealthCheckController.checkRedis
2014-02-12 10:23:40 +00:00
apiRouter.get "/status/compiler/:Project_id", AuthorizationMiddlewear.ensureUserCanReadProject, (req, res) ->
sendRes = _.once (statusCode, message)->
res.writeHead statusCode
res.end message
2014-02-12 10:23:40 +00:00
CompileManager.compile req.params.Project_id, "test-compile", {}, () ->
sendRes 200, "Compiler returned in less than 10 seconds"
2014-02-12 10:23:40 +00:00
setTimeout (() ->
sendRes 500, "Compiler timed out"
2014-02-12 10:23:40 +00:00
), 10000
apiRouter.get "/ip", (req, res, next) ->
2014-06-25 10:06:04 +00:00
res.send({
ip: req.ip
ips: req.ips
headers: req.headers
})
webRouter.get '/oops-express', (req, res, next) -> next(new Error("Test error"))
webRouter.get '/oops-internal', (req, res, next) -> throw new Error("Test error")
webRouter.get '/oops-mongo', (req, res, next) ->
2014-02-12 10:23:40 +00:00
require("./models/Project").Project.findOne {}, () ->
throw new Error("Test error")
apiRouter.get '/opps-small', (req, res, next)->
2014-09-18 13:37:23 +00:00
logger.err "test error occured"
res.send()
webRouter.post '/error/client', (req, res, next) ->
logger.warn err: req.body.error, meta: req.body.meta, "client side error"
metrics.inc("client-side-error")
2015-07-08 15:56:38 +00:00
res.sendStatus(204)
2016-01-22 05:41:22 +00:00
webRouter.get '*', ErrorController.notFound