Merge pull request #3270 from overleaf/msm-fix-login-requirement-rw-sharing

requireLogin() conditional on Settings.allowAnonymousReadAndWriteSharing GitOrigin-RevId: 6fc3790f902c414a8104e34a508289ea32d83737
2025-03-15 04:24:52 +00:00 · 2020-10-27 11:53:44 +01:00 · 2020-10-27 11:53:44 +01:00 · 09a07c1dc0
commit 09a07c1dc0
parent dd123944ed
2 changed files with 28 additions and 12 deletions
--- a/services/web/app/src/Features/Contacts/ContactRouter.js
+++ b/services/web/app/src/Features/Contacts/ContactRouter.js
@ -1,18 +1,26 @@
-// TODO: This file was created by bulk-decaffeinate.
-// Sanity-check the conversion and remove this comment.
-/*
- * decaffeinate suggestions:
- * DS102: Remove unnecessary code created because of implicit returns
- * Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
- */
 const AuthenticationController = require('../Authentication/AuthenticationController')
 const ContactController = require('./ContactController')
+const Settings = require('settings-sharelatex')
+
+function contactsAuthenticationMiddleware() {
+  if (!Settings.allowAnonymousReadAndWriteSharing) {
+    return AuthenticationController.requireLogin()
+  } else {
+    return (req, res, next) => {
+      if (AuthenticationController.isUserLoggedIn(req)) {
+        next()
+      } else {
+        res.send({ contacts: [] })
+      }
+    }
+  }
+}

 module.exports = {
-  apply(webRouter, apiRouter) {
-    return webRouter.get(
+  apply(webRouter) {
+    webRouter.get(
      '/user/contacts',
-      AuthenticationController.requireLogin(),
+      contactsAuthenticationMiddleware(),
      ContactController.getContacts
    )
  }
--- a/services/web/app/src/router.js
+++ b/services/web/app/src/router.js
@ -606,13 +606,21 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) {
  webRouter.get(
    '/project/:project_id/metadata',
    AuthorizationMiddleware.ensureUserCanReadProject,
-    AuthenticationController.requireLogin(),
+    Settings.allowAnonymousReadAndWriteSharing
+      ? (req, res, next) => {
+          next()
+        }
+      : AuthenticationController.requireLogin(),
    MetaController.getMetadata
  )
  webRouter.post(
    '/project/:project_id/doc/:doc_id/metadata',
    AuthorizationMiddleware.ensureUserCanReadProject,
-    AuthenticationController.requireLogin(),
+    Settings.allowAnonymousReadAndWriteSharing
+      ? (req, res, next) => {
+          next()
+        }
+      : AuthenticationController.requireLogin(),
    MetaController.broadcastMetadataForDoc
  )
  privateApiRouter.post(