mirror of
https://github.com/overleaf/overleaf.git
synced 2024-09-16 02:52:31 -04:00
Merge pull request #1581 from sharelatex/spd-wearing-middle
Fix spelling of "middleware" GitOrigin-RevId: d2b2b20ad8a6871cd6366303e75b340f0f2f2dda
This commit is contained in:
Simon Detheridge
James Allen
parent
939922485c
commit
3553fb2d9d
20 changed files with 206 additions and 206 deletions
|
|
@ -6,10 +6,10 @@ Errors = require "../Errors/Errors"
|
|||
AuthenticationController = require "../Authentication/AuthenticationController"
|
||||
TokenAccessHandler = require '../TokenAccess/TokenAccessHandler'
|
||||
|
||||
module.exports = AuthorizationMiddlewear =
|
||||
module.exports = AuthorizationMiddleware =
|
||||
ensureUserCanReadMultipleProjects: (req, res, next) ->
|
||||
project_ids = (req.query.project_ids or "").split(",")
|
||||
AuthorizationMiddlewear._getUserId req, (error, user_id) ->
|
||||
AuthorizationMiddleware._getUserId req, (error, user_id) ->
|
||||
return next(error) if error?
|
||||
# Remove the projects we have access to. Note rejectSeries doesn't use
|
||||
# errors in callbacks
|
||||
|
|
@ -20,12 +20,12 @@ module.exports = AuthorizationMiddlewear =
|
|||
cb(canRead)
|
||||
, (unauthorized_project_ids) ->
|
||||
if unauthorized_project_ids.length > 0
|
||||
AuthorizationMiddlewear.redirectToRestricted req, res, next
|
||||
AuthorizationMiddleware.redirectToRestricted req, res, next
|
||||
else
|
||||
next()
|
||||
|
||||
ensureUserCanReadProject: (req, res, next) ->
|
||||
AuthorizationMiddlewear._getUserAndProjectId req, (error, user_id, project_id) ->
|
||||
AuthorizationMiddleware._getUserAndProjectId req, (error, user_id, project_id) ->
|
||||
return next(error) if error?
|
||||
token = TokenAccessHandler.getRequestToken(req, project_id)
|
||||
AuthorizationManager.canUserReadProject user_id, project_id, token, (error, canRead) ->
|
||||
|
|
@ -38,10 +38,10 @@ module.exports = AuthorizationMiddlewear =
|
|||
if req.headers?['accept']?.match(/^application\/json.*$/)
|
||||
res.sendStatus(403)
|
||||
else
|
||||
AuthorizationMiddlewear.redirectToRestricted req, res, next
|
||||
AuthorizationMiddleware.redirectToRestricted req, res, next
|
||||
|
||||
ensureUserCanWriteProjectSettings: (req, res, next) ->
|
||||
AuthorizationMiddlewear._getUserAndProjectId req, (error, user_id, project_id) ->
|
||||
AuthorizationMiddleware._getUserAndProjectId req, (error, user_id, project_id) ->
|
||||
return next(error) if error?
|
||||
token = TokenAccessHandler.getRequestToken(req, project_id)
|
||||
AuthorizationManager.canUserWriteProjectSettings user_id, project_id, token, (error, canWrite) ->
|
||||
|
|
@ -51,10 +51,10 @@ module.exports = AuthorizationMiddlewear =
|
|||
next()
|
||||
else
|
||||
logger.log {user_id, project_id}, "denying user write access to project settings"
|
||||
AuthorizationMiddlewear.redirectToRestricted req, res, next
|
||||
AuthorizationMiddleware.redirectToRestricted req, res, next
|
||||
|
||||
ensureUserCanWriteProjectContent: (req, res, next) ->
|
||||
AuthorizationMiddlewear._getUserAndProjectId req, (error, user_id, project_id) ->
|
||||
AuthorizationMiddleware._getUserAndProjectId req, (error, user_id, project_id) ->
|
||||
return next(error) if error?
|
||||
token = TokenAccessHandler.getRequestToken(req, project_id)
|
||||
AuthorizationManager.canUserWriteProjectContent user_id, project_id, token, (error, canWrite) ->
|
||||
|
|
@ -64,10 +64,10 @@ module.exports = AuthorizationMiddlewear =
|
|||
next()
|
||||
else
|
||||
logger.log {user_id, project_id}, "denying user write access to project settings"
|
||||
AuthorizationMiddlewear.redirectToRestricted req, res, next
|
||||
AuthorizationMiddleware.redirectToRestricted req, res, next
|
||||
|
||||
ensureUserCanAdminProject: (req, res, next) ->
|
||||
AuthorizationMiddlewear._getUserAndProjectId req, (error, user_id, project_id) ->
|
||||
AuthorizationMiddleware._getUserAndProjectId req, (error, user_id, project_id) ->
|
||||
return next(error) if error?
|
||||
token = TokenAccessHandler.getRequestToken(req, project_id)
|
||||
AuthorizationManager.canUserAdminProject user_id, project_id, token, (error, canAdmin) ->
|
||||
|
|
@ -77,10 +77,10 @@ module.exports = AuthorizationMiddlewear =
|
|||
next()
|
||||
else
|
||||
logger.log {user_id, project_id}, "denying user admin access to project"
|
||||
AuthorizationMiddlewear.redirectToRestricted req, res, next
|
||||
AuthorizationMiddleware.redirectToRestricted req, res, next
|
||||
|
||||
ensureUserIsSiteAdmin: (req, res, next) ->
|
||||
AuthorizationMiddlewear._getUserId req, (error, user_id) ->
|
||||
AuthorizationMiddleware._getUserId req, (error, user_id) ->
|
||||
return next(error) if error?
|
||||
AuthorizationManager.isUserSiteAdmin user_id, (error, isAdmin) ->
|
||||
return next(error) if error?
|
||||
|
|
@ -89,7 +89,7 @@ module.exports = AuthorizationMiddlewear =
|
|||
next()
|
||||
else
|
||||
logger.log {user_id}, "denying user admin access to site"
|
||||
AuthorizationMiddlewear.redirectToRestricted req, res, next
|
||||
AuthorizationMiddleware.redirectToRestricted req, res, next
|
||||
|
||||
_getUserAndProjectId: (req, callback = (error, user_id, project_id) ->) ->
|
||||
project_id = req.params?.project_id or req.params?.Project_id
|
||||
|
|
@ -97,7 +97,7 @@ module.exports = AuthorizationMiddlewear =
|
|||
return callback(new Error("Expected project_id in request parameters"))
|
||||
if !ObjectId.isValid(project_id)
|
||||
return callback(new Errors.NotFoundError("invalid project_id: #{project_id}"))
|
||||
AuthorizationMiddlewear._getUserId req, (error, user_id) ->
|
||||
AuthorizationMiddleware._getUserId req, (error, user_id) ->
|
||||
return callback(error) if error?
|
||||
callback(null, user_id, project_id)
|
||||
|
||||
|
|
@ -1,33 +1,33 @@
|
|||
CollaboratorsController = require('./CollaboratorsController')
|
||||
AuthenticationController = require('../Authentication/AuthenticationController')
|
||||
AuthorizationMiddlewear = require('../Authorization/AuthorizationMiddlewear')
|
||||
AuthorizationMiddleware = require('../Authorization/AuthorizationMiddleware')
|
||||
CollaboratorsInviteController = require('./CollaboratorsInviteController')
|
||||
RateLimiterMiddlewear = require('../Security/RateLimiterMiddlewear')
|
||||
RateLimiterMiddleware = require('../Security/RateLimiterMiddleware')
|
||||
CaptchaMiddleware = require '../Captcha/CaptchaMiddleware'
|
||||
|
||||
module.exports =
|
||||
apply: (webRouter, apiRouter) ->
|
||||
webRouter.post '/project/:Project_id/leave', AuthenticationController.requireLogin(), CollaboratorsController.removeSelfFromProject
|
||||
|
||||
webRouter.delete '/project/:Project_id/users/:user_id', AuthorizationMiddlewear.ensureUserCanAdminProject, CollaboratorsController.removeUserFromProject
|
||||
webRouter.delete '/project/:Project_id/users/:user_id', AuthorizationMiddleware.ensureUserCanAdminProject, CollaboratorsController.removeUserFromProject
|
||||
|
||||
webRouter.get(
|
||||
'/project/:Project_id/members',
|
||||
AuthenticationController.requireLogin(),
|
||||
AuthorizationMiddlewear.ensureUserCanAdminProject,
|
||||
AuthorizationMiddleware.ensureUserCanAdminProject,
|
||||
CollaboratorsController.getAllMembers
|
||||
)
|
||||
|
||||
# invites
|
||||
webRouter.post(
|
||||
'/project/:Project_id/invite',
|
||||
RateLimiterMiddlewear.rateLimit({
|
||||
RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "invite-to-project-by-project-id"
|
||||
params: ["Project_id"]
|
||||
maxRequests: 100
|
||||
timeInterval: 60 * 10
|
||||
}),
|
||||
RateLimiterMiddlewear.rateLimit({
|
||||
RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "invite-to-project-by-ip"
|
||||
ipOnly:true
|
||||
maxRequests: 100
|
||||
|
|
@ -35,34 +35,34 @@ module.exports =
|
|||
}),
|
||||
CaptchaMiddleware.validateCaptcha,
|
||||
AuthenticationController.requireLogin(),
|
||||
AuthorizationMiddlewear.ensureUserCanAdminProject,
|
||||
AuthorizationMiddleware.ensureUserCanAdminProject,
|
||||
CollaboratorsInviteController.inviteToProject
|
||||
)
|
||||
|
||||
webRouter.get(
|
||||
'/project/:Project_id/invites',
|
||||
AuthenticationController.requireLogin(),
|
||||
AuthorizationMiddlewear.ensureUserCanAdminProject,
|
||||
AuthorizationMiddleware.ensureUserCanAdminProject,
|
||||
CollaboratorsInviteController.getAllInvites
|
||||
)
|
||||
|
||||
webRouter.delete(
|
||||
'/project/:Project_id/invite/:invite_id',
|
||||
AuthenticationController.requireLogin(),
|
||||
AuthorizationMiddlewear.ensureUserCanAdminProject,
|
||||
AuthorizationMiddleware.ensureUserCanAdminProject,
|
||||
CollaboratorsInviteController.revokeInvite
|
||||
)
|
||||
|
||||
webRouter.post(
|
||||
'/project/:Project_id/invite/:invite_id/resend',
|
||||
RateLimiterMiddlewear.rateLimit({
|
||||
RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "resend-invite"
|
||||
params: ["Project_id"]
|
||||
maxRequests: 200
|
||||
timeInterval: 60 * 10
|
||||
}),
|
||||
AuthenticationController.requireLogin(),
|
||||
AuthorizationMiddlewear.ensureUserCanAdminProject,
|
||||
AuthorizationMiddleware.ensureUserCanAdminProject,
|
||||
CollaboratorsInviteController.resendInvite
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ CooldownManager = require('./CooldownManager')
|
|||
logger = require('logger-sharelatex')
|
||||
|
||||
|
||||
module.exports = CooldownMiddlewear =
|
||||
module.exports = CooldownMiddleware =
|
||||
|
||||
freezeProject: (req, res, next) ->
|
||||
projectId = req.params.Project_id
|
||||
|
|
@ -1,31 +1,31 @@
|
|||
EditorHttpController = require('./EditorHttpController')
|
||||
AuthenticationController = require "../Authentication/AuthenticationController"
|
||||
AuthorizationMiddlewear = require('../Authorization/AuthorizationMiddlewear')
|
||||
RateLimiterMiddlewear = require('../Security/RateLimiterMiddlewear')
|
||||
AuthorizationMiddleware = require('../Authorization/AuthorizationMiddleware')
|
||||
RateLimiterMiddleware = require('../Security/RateLimiterMiddleware')
|
||||
|
||||
module.exports =
|
||||
apply: (webRouter, apiRouter) ->
|
||||
webRouter.post '/project/:Project_id/doc', AuthorizationMiddlewear.ensureUserCanWriteProjectContent,
|
||||
RateLimiterMiddlewear.rateLimit({
|
||||
webRouter.post '/project/:Project_id/doc', AuthorizationMiddleware.ensureUserCanWriteProjectContent,
|
||||
RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "add-doc-to-project"
|
||||
params: ["Project_id"]
|
||||
maxRequests: 30
|
||||
timeInterval: 60
|
||||
}), EditorHttpController.addDoc
|
||||
webRouter.post '/project/:Project_id/folder', AuthorizationMiddlewear.ensureUserCanWriteProjectContent,
|
||||
RateLimiterMiddlewear.rateLimit({
|
||||
webRouter.post '/project/:Project_id/folder', AuthorizationMiddleware.ensureUserCanWriteProjectContent,
|
||||
RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "add-folder-to-project"
|
||||
params: ["Project_id"]
|
||||
maxRequests: 60
|
||||
timeInterval: 60
|
||||
}), EditorHttpController.addFolder
|
||||
|
||||
webRouter.post '/project/:Project_id/:entity_type/:entity_id/rename', AuthorizationMiddlewear.ensureUserCanWriteProjectContent, EditorHttpController.renameEntity
|
||||
webRouter.post '/project/:Project_id/:entity_type/:entity_id/move', AuthorizationMiddlewear.ensureUserCanWriteProjectContent, EditorHttpController.moveEntity
|
||||
webRouter.post '/project/:Project_id/:entity_type/:entity_id/rename', AuthorizationMiddleware.ensureUserCanWriteProjectContent, EditorHttpController.renameEntity
|
||||
webRouter.post '/project/:Project_id/:entity_type/:entity_id/move', AuthorizationMiddleware.ensureUserCanWriteProjectContent, EditorHttpController.moveEntity
|
||||
|
||||
webRouter.delete '/project/:Project_id/file/:entity_id', AuthorizationMiddlewear.ensureUserCanWriteProjectContent, EditorHttpController.deleteFile
|
||||
webRouter.delete '/project/:Project_id/doc/:entity_id', AuthorizationMiddlewear.ensureUserCanWriteProjectContent, EditorHttpController.deleteDoc
|
||||
webRouter.delete '/project/:Project_id/folder/:entity_id', AuthorizationMiddlewear.ensureUserCanWriteProjectContent, EditorHttpController.deleteFolder
|
||||
webRouter.delete '/project/:Project_id/file/:entity_id', AuthorizationMiddleware.ensureUserCanWriteProjectContent, EditorHttpController.deleteFile
|
||||
webRouter.delete '/project/:Project_id/doc/:entity_id', AuthorizationMiddleware.ensureUserCanWriteProjectContent, EditorHttpController.deleteDoc
|
||||
webRouter.delete '/project/:Project_id/folder/:entity_id', AuthorizationMiddleware.ensureUserCanWriteProjectContent, EditorHttpController.deleteFolder
|
||||
|
||||
# Called by the real-time API to load up the current project state.
|
||||
# This is a post request because it's more than just a getting of data. We take actions
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ module.exports = ErrorController =
|
|||
logger.error err: error, "account merge error"
|
||||
ErrorController.accountMergeError req, res
|
||||
else
|
||||
logger.error err: error, url:req.url, method:req.method, user:user, "error passed to top level next middlewear"
|
||||
logger.error err: error, url:req.url, method:req.method, user:user, "error passed to top level next middleware"
|
||||
ErrorController.serverError req, res
|
||||
|
||||
handleApiError: (error, req, res, next) ->
|
||||
|
|
@ -57,5 +57,5 @@ module.exports = ErrorController =
|
|||
logger.warn {err: error, url: req.url}, "not found error"
|
||||
res.sendStatus(404)
|
||||
else
|
||||
logger.error err: error, url:req.url, method:req.method, "error passed to top level next middlewear"
|
||||
logger.error err: error, url:req.url, method:req.method, "error passed to top level next middleware"
|
||||
res.sendStatus(500)
|
||||
|
|
|
|||
|
|
@ -1,14 +1,14 @@
|
|||
AuthorizationMiddlewear = require('../Authorization/AuthorizationMiddlewear')
|
||||
AuthorizationMiddleware = require('../Authorization/AuthorizationMiddleware')
|
||||
AuthenticationController = require('../Authentication/AuthenticationController')
|
||||
RateLimiterMiddlewear = require('../Security/RateLimiterMiddlewear')
|
||||
RateLimiterMiddleware = require('../Security/RateLimiterMiddleware')
|
||||
LinkedFilesController = require "./LinkedFilesController"
|
||||
|
||||
module.exports =
|
||||
apply: (webRouter) ->
|
||||
webRouter.post '/project/:project_id/linked_file',
|
||||
AuthenticationController.requireLogin(),
|
||||
AuthorizationMiddlewear.ensureUserCanWriteProjectContent,
|
||||
RateLimiterMiddlewear.rateLimit({
|
||||
AuthorizationMiddleware.ensureUserCanWriteProjectContent,
|
||||
RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "create-linked-file"
|
||||
params: ["project_id"]
|
||||
maxRequests: 100
|
||||
|
|
@ -18,8 +18,8 @@ module.exports =
|
|||
|
||||
webRouter.post '/project/:project_id/linked_file/:file_id/refresh',
|
||||
AuthenticationController.requireLogin(),
|
||||
AuthorizationMiddlewear.ensureUserCanWriteProjectContent,
|
||||
RateLimiterMiddlewear.rateLimit({
|
||||
AuthorizationMiddleware.ensureUserCanWriteProjectContent,
|
||||
RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "refresh-linked-file"
|
||||
params: ["project_id"]
|
||||
maxRequests: 100
|
||||
|
|
|
|||
|
|
@ -2,13 +2,13 @@ RateLimiter = require "../../infrastructure/RateLimiter"
|
|||
logger = require "logger-sharelatex"
|
||||
AuthenticationController = require('../Authentication/AuthenticationController')
|
||||
|
||||
module.exports = RateLimiterMiddlewear =
|
||||
module.exports = RateLimiterMiddleware =
|
||||
###
|
||||
Do not allow more than opts.maxRequests from a single client in
|
||||
opts.timeInterval. Pass an array of opts.params to segment this based on
|
||||
parameters in the request URL, e.g.:
|
||||
|
||||
app.get "/project/:project_id", RateLimiterMiddlewear.rateLimit(endpointName: "open-editor", params: ["project_id"])
|
||||
app.get "/project/:project_id", RateLimiterMiddleware.rateLimit(endpointName: "open-editor", params: ["project_id"])
|
||||
|
||||
will rate limit each project_id separately.
|
||||
|
||||
|
|
@ -2,7 +2,7 @@ AuthenticationController = require('../Authentication/AuthenticationController')
|
|||
SubscriptionController = require('./SubscriptionController')
|
||||
SubscriptionGroupController = require './SubscriptionGroupController'
|
||||
TeamInvitesController = require './TeamInvitesController'
|
||||
RateLimiterMiddlewear = require('../Security/RateLimiterMiddlewear')
|
||||
RateLimiterMiddleware = require('../Security/RateLimiterMiddleware')
|
||||
Settings = require "settings-sharelatex"
|
||||
|
||||
module.exports =
|
||||
|
|
@ -26,7 +26,7 @@ module.exports =
|
|||
TeamInvitesController.viewInvite
|
||||
webRouter.put '/subscription/invites/:token/',
|
||||
AuthenticationController.requireLogin(),
|
||||
RateLimiterMiddlewear.rateLimit({
|
||||
RateLimiterMiddleware.rateLimit({
|
||||
endpointName: 'team-invite',
|
||||
maxRequests: 10
|
||||
timeInterval: 60
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ AuthenticationController = require '../Authentication/AuthenticationController'
|
|||
Settings = require 'settings-sharelatex'
|
||||
|
||||
|
||||
module.exports = SudoModeMiddlewear =
|
||||
module.exports = SudoModeMiddleware =
|
||||
|
||||
protectPage: (req, res, next) ->
|
||||
if req.externalAuthenticationSystemUsed() and !Settings.overleaf?
|
||||
|
|
@ -1,14 +1,14 @@
|
|||
AuthenticationController = require('../Authentication/AuthenticationController')
|
||||
TemplatesController = require("./TemplatesController")
|
||||
TemplatesMiddlewear = require('./TemplatesMiddlewear')
|
||||
RateLimiterMiddlewear = require('../Security/RateLimiterMiddlewear')
|
||||
TemplatesMiddleware = require('./TemplatesMiddleware')
|
||||
RateLimiterMiddleware = require('../Security/RateLimiterMiddleware')
|
||||
|
||||
module.exports =
|
||||
apply: (app)->
|
||||
|
||||
app.get '/project/new/template/:Template_version_id', TemplatesMiddlewear.saveTemplateDataInSession, AuthenticationController.requireLogin(), TemplatesController.getV1Template
|
||||
app.get '/project/new/template/:Template_version_id', TemplatesMiddleware.saveTemplateDataInSession, AuthenticationController.requireLogin(), TemplatesController.getV1Template
|
||||
|
||||
app.post '/project/new/template', AuthenticationController.requireLogin(), RateLimiterMiddlewear.rateLimit({
|
||||
app.post '/project/new/template', AuthenticationController.requireLogin(), RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "create-project-from-template"
|
||||
maxRequests: 20
|
||||
timeInterval: 60
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
AuthorizationMiddlewear = require('../Authorization/AuthorizationMiddlewear')
|
||||
AuthorizationMiddleware = require('../Authorization/AuthorizationMiddleware')
|
||||
AuthenticationController = require('../Authentication/AuthenticationController')
|
||||
ProjectUploadController = require "./ProjectUploadController"
|
||||
RateLimiterMiddlewear = require('../Security/RateLimiterMiddlewear')
|
||||
RateLimiterMiddleware = require('../Security/RateLimiterMiddleware')
|
||||
Settings = require('settings-sharelatex')
|
||||
multer = require('multer')
|
||||
|
||||
|
|
@ -21,7 +21,7 @@ module.exports =
|
|||
apply: (webRouter, apiRouter) ->
|
||||
webRouter.post '/project/new/upload',
|
||||
AuthenticationController.requireLogin(),
|
||||
RateLimiterMiddlewear.rateLimit({
|
||||
RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "project-upload"
|
||||
maxRequests: 20
|
||||
timeInterval: 60
|
||||
|
|
@ -30,13 +30,13 @@ module.exports =
|
|||
ProjectUploadController.uploadProject
|
||||
|
||||
webRouter.post '/Project/:Project_id/upload',
|
||||
RateLimiterMiddlewear.rateLimit({
|
||||
RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "file-upload"
|
||||
params: ["Project_id"]
|
||||
maxRequests: 200
|
||||
timeInterval: 60 * 30
|
||||
}),
|
||||
AuthenticationController.requireLogin(),
|
||||
AuthorizationMiddlewear.ensureUserCanWriteProjectContent,
|
||||
AuthorizationMiddleware.ensureUserCanWriteProjectContent,
|
||||
upload.single('qqfile'),
|
||||
ProjectUploadController.uploadFile
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
AuthenticationController = require('../Authentication/AuthenticationController')
|
||||
AuthorizationMiddlewear = require('../Authorization/AuthorizationMiddlewear')
|
||||
AuthorizationMiddleware = require('../Authorization/AuthorizationMiddleware')
|
||||
UserMembershipHandler = require('./UserMembershipHandler')
|
||||
EntityConfigs = require('./UserMembershipEntityConfigs')
|
||||
Errors = require('../Errors/Errors')
|
||||
|
|
@ -63,7 +63,7 @@ module.exports = UserMembershipAuthorization =
|
|||
req.params.id = body.brand.slug
|
||||
UserMembershipAuthorization.requirePublisherMetricsAccess(req, res, next)
|
||||
else
|
||||
AuthorizationMiddlewear.ensureUserIsSiteAdmin(req, res, next)
|
||||
AuthorizationMiddleware.ensureUserIsSiteAdmin(req, res, next)
|
||||
|
||||
requireGraphAccess: (req, res, next) ->
|
||||
req.params.id = req.query.resource_id
|
||||
|
|
@ -80,7 +80,7 @@ module.exports = UserMembershipAuthorization =
|
|||
requireAccessToEntity = (entityName, entityId, req, res, next, requiredStaffAccess=null) ->
|
||||
loggedInUser = AuthenticationController.getSessionUser(req)
|
||||
unless loggedInUser
|
||||
return AuthorizationMiddlewear.redirectToRestricted req, res, next
|
||||
return AuthorizationMiddleware.redirectToRestricted req, res, next
|
||||
|
||||
getEntity entityName, entityId, loggedInUser, requiredStaffAccess, (error, entity, entityConfig, entityExists) ->
|
||||
return next(error) if error?
|
||||
|
|
@ -91,7 +91,7 @@ requireAccessToEntity = (entityName, entityId, req, res, next, requiredStaffAcce
|
|||
return next()
|
||||
|
||||
if entityExists # user doesn't have access to entity
|
||||
return AuthorizationMiddlewear.redirectToRestricted(req, res, next)
|
||||
return AuthorizationMiddleware.redirectToRestricted(req, res, next)
|
||||
|
||||
if loggedInUser.isAdmin and entityConfig.canCreate
|
||||
# entity doesn't exists, admin can create it
|
||||
|
|
|
|||
|
|
@ -2,8 +2,8 @@ UserMembershipAuthorization = require './UserMembershipAuthorization'
|
|||
UserMembershipController = require './UserMembershipController'
|
||||
SubscriptionGroupController = require '../Subscription/SubscriptionGroupController'
|
||||
TeamInvitesController = require '../Subscription/TeamInvitesController'
|
||||
AuthorizationMiddlewear = require('../Authorization/AuthorizationMiddlewear')
|
||||
RateLimiterMiddlewear = require('../Security/RateLimiterMiddlewear')
|
||||
AuthorizationMiddleware = require('../Authorization/AuthorizationMiddleware')
|
||||
RateLimiterMiddleware = require('../Security/RateLimiterMiddleware')
|
||||
|
||||
module.exports =
|
||||
apply: (webRouter) ->
|
||||
|
|
@ -13,7 +13,7 @@ module.exports =
|
|||
UserMembershipController.index
|
||||
webRouter.post '/manage/groups/:id/invites',
|
||||
UserMembershipAuthorization.requireGroupManagementAccess,
|
||||
RateLimiterMiddlewear.rateLimit({
|
||||
RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "create-team-invite"
|
||||
maxRequests: 100
|
||||
timeInterval: 60
|
||||
|
|
@ -27,7 +27,7 @@ module.exports =
|
|||
TeamInvitesController.revokeInvite
|
||||
webRouter.get '/manage/groups/:id/members/export',
|
||||
UserMembershipAuthorization.requireGroupManagementAccess,
|
||||
RateLimiterMiddlewear.rateLimit({
|
||||
RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "export-team-csv"
|
||||
maxRequests: 30
|
||||
timeInterval: 60
|
||||
|
|
|
|||
|
|
@ -33,16 +33,16 @@ StaticPagesRouter = require("./Features/StaticPages/StaticPagesRouter")
|
|||
ChatController = require("./Features/Chat/ChatController")
|
||||
BlogController = require("./Features/Blog/BlogController")
|
||||
Modules = require "./infrastructure/Modules"
|
||||
RateLimiterMiddlewear = require('./Features/Security/RateLimiterMiddlewear')
|
||||
CooldownMiddlewear = require('./Features/Cooldown/CooldownMiddlewear')
|
||||
RateLimiterMiddleware = require('./Features/Security/RateLimiterMiddleware')
|
||||
CooldownMiddleware = require('./Features/Cooldown/CooldownMiddleware')
|
||||
RealTimeProxyRouter = require('./Features/RealTimeProxy/RealTimeProxyRouter')
|
||||
InactiveProjectController = require("./Features/InactiveData/InactiveProjectController")
|
||||
ContactRouter = require("./Features/Contacts/ContactRouter")
|
||||
ReferencesController = require('./Features/References/ReferencesController')
|
||||
AuthorizationMiddlewear = require('./Features/Authorization/AuthorizationMiddlewear')
|
||||
AuthorizationMiddleware = require('./Features/Authorization/AuthorizationMiddleware')
|
||||
BetaProgramController = require('./Features/BetaProgram/BetaProgramController')
|
||||
SudoModeController = require('./Features/SudoMode/SudoModeController')
|
||||
SudoModeMiddlewear = require('./Features/SudoMode/SudoModeMiddlewear')
|
||||
SudoModeMiddleware = require('./Features/SudoMode/SudoModeMiddleware')
|
||||
AnalyticsRouter = require('./Features/Analytics/AnalyticsRouter')
|
||||
AnnouncementsController = require("./Features/Announcements/AnnouncementsController")
|
||||
MetaController = require('./Features/Metadata/MetaController')
|
||||
|
|
@ -70,7 +70,7 @@ module.exports = class Router
|
|||
webRouter.get '/logout', UserPagesController.logoutPage
|
||||
webRouter.post '/logout', UserController.logout
|
||||
|
||||
webRouter.get '/restricted', AuthorizationMiddlewear.restricted
|
||||
webRouter.get '/restricted', AuthorizationMiddleware.restricted
|
||||
|
||||
|
||||
if Features.hasFeature('registration')
|
||||
|
|
@ -104,12 +104,12 @@ module.exports = class Router
|
|||
|
||||
webRouter.get '/user/settings',
|
||||
AuthenticationController.requireLogin(),
|
||||
SudoModeMiddlewear.protectPage,
|
||||
SudoModeMiddleware.protectPage,
|
||||
UserPagesController.settingsPage
|
||||
webRouter.post '/user/settings', AuthenticationController.requireLogin(), UserController.updateUserSettings
|
||||
webRouter.post '/user/password/update',
|
||||
AuthenticationController.requireLogin(),
|
||||
RateLimiterMiddlewear.rateLimit({
|
||||
RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "change-password"
|
||||
maxRequests: 10
|
||||
timeInterval: 60
|
||||
|
|
@ -121,7 +121,7 @@ module.exports = class Router
|
|||
webRouter.get '/user/emails/confirm',
|
||||
UserEmailsController.showConfirm
|
||||
webRouter.post '/user/emails/confirm',
|
||||
RateLimiterMiddlewear.rateLimit({
|
||||
RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "confirm-email"
|
||||
maxRequests: 10
|
||||
timeInterval: 60
|
||||
|
|
@ -129,7 +129,7 @@ module.exports = class Router
|
|||
UserEmailsController.confirm
|
||||
webRouter.post '/user/emails/resend_confirmation',
|
||||
AuthenticationController.requireLogin(),
|
||||
RateLimiterMiddlewear.rateLimit({
|
||||
RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "resend-confirmation"
|
||||
maxRequests: 10
|
||||
timeInterval: 60
|
||||
|
|
@ -139,7 +139,7 @@ module.exports = class Router
|
|||
if Features.hasFeature 'affiliations'
|
||||
webRouter.post '/user/emails',
|
||||
AuthenticationController.requireLogin(),
|
||||
RateLimiterMiddlewear.rateLimit({
|
||||
RateLimiterMiddleware.rateLimit({
|
||||
endpointName: 'add-email',
|
||||
maxRequests: 10
|
||||
timeInterval: 60
|
||||
|
|
@ -147,7 +147,7 @@ module.exports = class Router
|
|||
UserEmailsController.add
|
||||
webRouter.post '/user/emails/delete',
|
||||
AuthenticationController.requireLogin(),
|
||||
RateLimiterMiddlewear.rateLimit({
|
||||
RateLimiterMiddleware.rateLimit({
|
||||
endpointName: 'delete-email',
|
||||
maxRequests: 10
|
||||
timeInterval: 60
|
||||
|
|
@ -158,7 +158,7 @@ module.exports = class Router
|
|||
UserEmailsController.setDefault
|
||||
webRouter.post '/user/emails/endorse',
|
||||
AuthenticationController.requireLogin(),
|
||||
RateLimiterMiddlewear.rateLimit({
|
||||
RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "endorse-email"
|
||||
maxRequests: 30
|
||||
timeInterval: 60
|
||||
|
|
@ -168,7 +168,7 @@ module.exports = class Router
|
|||
|
||||
webRouter.get '/user/sessions',
|
||||
AuthenticationController.requireLogin(),
|
||||
SudoModeMiddlewear.protectPage,
|
||||
SudoModeMiddleware.protectPage,
|
||||
UserPagesController.sessionsPage
|
||||
webRouter.post '/user/sessions/clear', AuthenticationController.requireLogin(), UserController.clearSessions
|
||||
|
||||
|
|
@ -180,37 +180,37 @@ module.exports = class Router
|
|||
|
||||
webRouter.get '/user/projects', AuthenticationController.requireLogin(), ProjectController.userProjectsJson
|
||||
webRouter.get '/project/:Project_id/entities', AuthenticationController.requireLogin(),
|
||||
AuthorizationMiddlewear.ensureUserCanReadProject,
|
||||
AuthorizationMiddleware.ensureUserCanReadProject,
|
||||
ProjectController.projectEntitiesJson
|
||||
|
||||
webRouter.get '/project', AuthenticationController.requireLogin(), ProjectController.projectListPage
|
||||
webRouter.post '/project/new', AuthenticationController.requireLogin(), RateLimiterMiddlewear.rateLimit({
|
||||
webRouter.post '/project/new', AuthenticationController.requireLogin(), RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "create-project"
|
||||
maxRequests: 20
|
||||
timeInterval: 60
|
||||
}), ProjectController.newProject
|
||||
|
||||
webRouter.get '/Project/:Project_id', RateLimiterMiddlewear.rateLimit({
|
||||
webRouter.get '/Project/:Project_id', RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "open-project"
|
||||
params: ["Project_id"]
|
||||
maxRequests: 15
|
||||
timeInterval: 60
|
||||
}), AuthorizationMiddlewear.ensureUserCanReadProject, ProjectController.loadEditor
|
||||
webRouter.get '/Project/:Project_id/file/:File_id', AuthorizationMiddlewear.ensureUserCanReadProject, FileStoreController.getFile
|
||||
webRouter.post '/project/:Project_id/settings', AuthorizationMiddlewear.ensureUserCanWriteProjectSettings, ProjectController.updateProjectSettings
|
||||
webRouter.post '/project/:Project_id/settings/admin', AuthorizationMiddlewear.ensureUserCanAdminProject, ProjectController.updateProjectAdminSettings
|
||||
}), AuthorizationMiddleware.ensureUserCanReadProject, ProjectController.loadEditor
|
||||
webRouter.get '/Project/:Project_id/file/:File_id', AuthorizationMiddleware.ensureUserCanReadProject, FileStoreController.getFile
|
||||
webRouter.post '/project/:Project_id/settings', AuthorizationMiddleware.ensureUserCanWriteProjectSettings, ProjectController.updateProjectSettings
|
||||
webRouter.post '/project/:Project_id/settings/admin', AuthorizationMiddleware.ensureUserCanAdminProject, ProjectController.updateProjectAdminSettings
|
||||
|
||||
webRouter.post '/project/:Project_id/compile', RateLimiterMiddlewear.rateLimit({
|
||||
webRouter.post '/project/:Project_id/compile', RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "compile-project-http"
|
||||
params: ["Project_id"]
|
||||
maxRequests: 800
|
||||
timeInterval: 60 * 60
|
||||
}), AuthorizationMiddlewear.ensureUserCanReadProject, CompileController.compile
|
||||
}), AuthorizationMiddleware.ensureUserCanReadProject, CompileController.compile
|
||||
|
||||
webRouter.post '/project/:Project_id/compile/stop', AuthorizationMiddlewear.ensureUserCanReadProject, CompileController.stopCompile
|
||||
webRouter.post '/project/:Project_id/compile/stop', AuthorizationMiddleware.ensureUserCanReadProject, CompileController.stopCompile
|
||||
|
||||
# Used by the web download buttons, adds filename header
|
||||
webRouter.get '/project/:Project_id/output/output.pdf', AuthorizationMiddlewear.ensureUserCanReadProject, CompileController.downloadPdf
|
||||
webRouter.get '/project/:Project_id/output/output.pdf', AuthorizationMiddleware.ensureUserCanReadProject, CompileController.downloadPdf
|
||||
# Used by the pdf viewers
|
||||
webRouter.get /^\/project\/([^\/]*)\/output\/(.*)$/,
|
||||
((req, res, next) ->
|
||||
|
|
@ -219,7 +219,7 @@ module.exports = class Router
|
|||
"file": req.params[1]
|
||||
req.params = params
|
||||
next()
|
||||
), AuthorizationMiddlewear.ensureUserCanReadProject, CompileController.getFileFromClsi
|
||||
), AuthorizationMiddleware.ensureUserCanReadProject, CompileController.getFileFromClsi
|
||||
# direct url access to output files for a specific build (query string not required)
|
||||
webRouter.get /^\/project\/([^\/]*)\/build\/([0-9a-f-]+)\/output\/(.*)$/,
|
||||
((req, res, next) ->
|
||||
|
|
@ -229,7 +229,7 @@ module.exports = class Router
|
|||
"file": req.params[2]
|
||||
req.params = params
|
||||
next()
|
||||
), AuthorizationMiddlewear.ensureUserCanReadProject, CompileController.getFileFromClsi
|
||||
), AuthorizationMiddleware.ensureUserCanReadProject, CompileController.getFileFromClsi
|
||||
|
||||
# direct url access to output files for user but no build, to retrieve files when build fails
|
||||
webRouter.get /^\/project\/([^\/]*)\/user\/([0-9a-f-]+)\/output\/(.*)$/,
|
||||
|
|
@ -240,7 +240,7 @@ module.exports = class Router
|
|||
"file": req.params[2]
|
||||
req.params = params
|
||||
next()
|
||||
), AuthorizationMiddlewear.ensureUserCanReadProject, CompileController.getFileFromClsi
|
||||
), AuthorizationMiddleware.ensureUserCanReadProject, CompileController.getFileFromClsi
|
||||
|
||||
# direct url access to output files for a specific user and build (query string not required)
|
||||
webRouter.get /^\/project\/([^\/]*)\/user\/([0-9a-f]+)\/build\/([0-9a-f-]+)\/output\/(.*)$/,
|
||||
|
|
@ -252,67 +252,67 @@ module.exports = class Router
|
|||
"file": req.params[3]
|
||||
req.params = params
|
||||
next()
|
||||
), AuthorizationMiddlewear.ensureUserCanReadProject, CompileController.getFileFromClsi
|
||||
), AuthorizationMiddleware.ensureUserCanReadProject, CompileController.getFileFromClsi
|
||||
|
||||
|
||||
webRouter.delete "/project/:Project_id/output", AuthorizationMiddlewear.ensureUserCanReadProject, CompileController.deleteAuxFiles
|
||||
webRouter.get "/project/:Project_id/sync/code", AuthorizationMiddlewear.ensureUserCanReadProject, CompileController.proxySyncCode
|
||||
webRouter.get "/project/:Project_id/sync/pdf", AuthorizationMiddlewear.ensureUserCanReadProject, CompileController.proxySyncPdf
|
||||
webRouter.get "/project/:Project_id/wordcount", AuthorizationMiddlewear.ensureUserCanReadProject, CompileController.wordCount
|
||||
webRouter.delete "/project/:Project_id/output", AuthorizationMiddleware.ensureUserCanReadProject, CompileController.deleteAuxFiles
|
||||
webRouter.get "/project/:Project_id/sync/code", AuthorizationMiddleware.ensureUserCanReadProject, CompileController.proxySyncCode
|
||||
webRouter.get "/project/:Project_id/sync/pdf", AuthorizationMiddleware.ensureUserCanReadProject, CompileController.proxySyncPdf
|
||||
webRouter.get "/project/:Project_id/wordcount", AuthorizationMiddleware.ensureUserCanReadProject, CompileController.wordCount
|
||||
|
||||
webRouter.delete '/Project/:Project_id', AuthorizationMiddlewear.ensureUserCanAdminProject, ProjectController.deleteProject
|
||||
webRouter.post '/Project/:Project_id/restore', AuthorizationMiddlewear.ensureUserCanAdminProject, ProjectController.restoreProject
|
||||
webRouter.post '/Project/:Project_id/clone', AuthorizationMiddlewear.ensureUserCanReadProject, ProjectController.cloneProject
|
||||
webRouter.delete '/Project/:Project_id', AuthorizationMiddleware.ensureUserCanAdminProject, ProjectController.deleteProject
|
||||
webRouter.post '/Project/:Project_id/restore', AuthorizationMiddleware.ensureUserCanAdminProject, ProjectController.restoreProject
|
||||
webRouter.post '/Project/:Project_id/clone', AuthorizationMiddleware.ensureUserCanReadProject, ProjectController.cloneProject
|
||||
|
||||
webRouter.post '/project/:Project_id/rename', AuthorizationMiddlewear.ensureUserCanAdminProject, ProjectController.renameProject
|
||||
webRouter.post '/project/:Project_id/rename', AuthorizationMiddleware.ensureUserCanAdminProject, ProjectController.renameProject
|
||||
|
||||
webRouter.get "/project/:Project_id/updates", AuthorizationMiddlewear.ensureUserCanReadProject, HistoryController.selectHistoryApi, HistoryController.proxyToHistoryApiAndInjectUserDetails
|
||||
webRouter.get "/project/:Project_id/doc/:doc_id/diff", AuthorizationMiddlewear.ensureUserCanReadProject, HistoryController.selectHistoryApi, HistoryController.proxyToHistoryApi
|
||||
webRouter.get "/project/:Project_id/diff", AuthorizationMiddlewear.ensureUserCanReadProject, HistoryController.selectHistoryApi, HistoryController.proxyToHistoryApiAndInjectUserDetails
|
||||
webRouter.get "/project/:Project_id/filetree/diff", AuthorizationMiddlewear.ensureUserCanReadProject, HistoryController.selectHistoryApi, HistoryController.proxyToHistoryApi
|
||||
webRouter.post "/project/:Project_id/doc/:doc_id/version/:version_id/restore", AuthorizationMiddlewear.ensureUserCanWriteProjectContent, HistoryController.selectHistoryApi, HistoryController.proxyToHistoryApi
|
||||
webRouter.post '/project/:project_id/doc/:doc_id/restore', AuthorizationMiddlewear.ensureUserCanWriteProjectContent, HistoryController.restoreDocFromDeletedDoc
|
||||
webRouter.post "/project/:project_id/restore_file", AuthorizationMiddlewear.ensureUserCanWriteProjectContent, HistoryController.restoreFileFromV2
|
||||
webRouter.get "/project/:project_id/version/:version/zip", AuthorizationMiddlewear.ensureUserCanReadProject, HistoryController.downloadZipOfVersion
|
||||
webRouter.get "/project/:Project_id/updates", AuthorizationMiddleware.ensureUserCanReadProject, HistoryController.selectHistoryApi, HistoryController.proxyToHistoryApiAndInjectUserDetails
|
||||
webRouter.get "/project/:Project_id/doc/:doc_id/diff", AuthorizationMiddleware.ensureUserCanReadProject, HistoryController.selectHistoryApi, HistoryController.proxyToHistoryApi
|
||||
webRouter.get "/project/:Project_id/diff", AuthorizationMiddleware.ensureUserCanReadProject, HistoryController.selectHistoryApi, HistoryController.proxyToHistoryApiAndInjectUserDetails
|
||||
webRouter.get "/project/:Project_id/filetree/diff", AuthorizationMiddleware.ensureUserCanReadProject, HistoryController.selectHistoryApi, HistoryController.proxyToHistoryApi
|
||||
webRouter.post "/project/:Project_id/doc/:doc_id/version/:version_id/restore", AuthorizationMiddleware.ensureUserCanWriteProjectContent, HistoryController.selectHistoryApi, HistoryController.proxyToHistoryApi
|
||||
webRouter.post '/project/:project_id/doc/:doc_id/restore', AuthorizationMiddleware.ensureUserCanWriteProjectContent, HistoryController.restoreDocFromDeletedDoc
|
||||
webRouter.post "/project/:project_id/restore_file", AuthorizationMiddleware.ensureUserCanWriteProjectContent, HistoryController.restoreFileFromV2
|
||||
webRouter.get "/project/:project_id/version/:version/zip", AuthorizationMiddleware.ensureUserCanReadProject, HistoryController.downloadZipOfVersion
|
||||
privateApiRouter.post "/project/:Project_id/history/resync", AuthenticationController.httpAuth, HistoryController.resyncProjectHistory
|
||||
|
||||
webRouter.get "/project/:Project_id/labels", AuthorizationMiddlewear.ensureUserCanReadProject, HistoryController.selectHistoryApi, HistoryController.ensureProjectHistoryEnabled, HistoryController.getLabels
|
||||
webRouter.post "/project/:Project_id/labels", AuthorizationMiddlewear.ensureUserCanWriteProjectContent, HistoryController.selectHistoryApi, HistoryController.ensureProjectHistoryEnabled, HistoryController.createLabel
|
||||
webRouter.delete "/project/:Project_id/labels/:label_id", AuthorizationMiddlewear.ensureUserCanWriteProjectContent, HistoryController.selectHistoryApi, HistoryController.ensureProjectHistoryEnabled, HistoryController.deleteLabel
|
||||
webRouter.get "/project/:Project_id/labels", AuthorizationMiddleware.ensureUserCanReadProject, HistoryController.selectHistoryApi, HistoryController.ensureProjectHistoryEnabled, HistoryController.getLabels
|
||||
webRouter.post "/project/:Project_id/labels", AuthorizationMiddleware.ensureUserCanWriteProjectContent, HistoryController.selectHistoryApi, HistoryController.ensureProjectHistoryEnabled, HistoryController.createLabel
|
||||
webRouter.delete "/project/:Project_id/labels/:label_id", AuthorizationMiddleware.ensureUserCanWriteProjectContent, HistoryController.selectHistoryApi, HistoryController.ensureProjectHistoryEnabled, HistoryController.deleteLabel
|
||||
|
||||
webRouter.post '/project/:project_id/export/:brand_variation_id', AuthorizationMiddlewear.ensureUserCanWriteProjectContent, ExportsController.exportProject
|
||||
webRouter.get '/project/:project_id/export/:export_id', AuthorizationMiddlewear.ensureUserCanWriteProjectContent, ExportsController.exportStatus
|
||||
webRouter.get '/project/:project_id/export/:export_id/:type', AuthorizationMiddlewear.ensureUserCanWriteProjectContent, ExportsController.exportDownload
|
||||
webRouter.post '/project/:project_id/export/:brand_variation_id', AuthorizationMiddleware.ensureUserCanWriteProjectContent, ExportsController.exportProject
|
||||
webRouter.get '/project/:project_id/export/:export_id', AuthorizationMiddleware.ensureUserCanWriteProjectContent, ExportsController.exportStatus
|
||||
webRouter.get '/project/:project_id/export/:export_id/:type', AuthorizationMiddleware.ensureUserCanWriteProjectContent, ExportsController.exportDownload
|
||||
|
||||
webRouter.get '/Project/:Project_id/download/zip', AuthorizationMiddlewear.ensureUserCanReadProject, ProjectDownloadsController.downloadProject
|
||||
webRouter.get '/project/download/zip', AuthorizationMiddlewear.ensureUserCanReadMultipleProjects, ProjectDownloadsController.downloadMultipleProjects
|
||||
webRouter.get '/Project/:Project_id/download/zip', AuthorizationMiddleware.ensureUserCanReadProject, ProjectDownloadsController.downloadProject
|
||||
webRouter.get '/project/download/zip', AuthorizationMiddleware.ensureUserCanReadMultipleProjects, ProjectDownloadsController.downloadMultipleProjects
|
||||
|
||||
webRouter.get '/project/:project_id/metadata', AuthorizationMiddlewear.ensureUserCanReadProject, AuthenticationController.requireLogin(), MetaController.getMetadata
|
||||
webRouter.post '/project/:project_id/doc/:doc_id/metadata', AuthorizationMiddlewear.ensureUserCanReadProject, AuthenticationController.requireLogin(), MetaController.broadcastMetadataForDoc
|
||||
webRouter.get '/project/:project_id/metadata', AuthorizationMiddleware.ensureUserCanReadProject, AuthenticationController.requireLogin(), MetaController.getMetadata
|
||||
webRouter.post '/project/:project_id/doc/:doc_id/metadata', AuthorizationMiddleware.ensureUserCanReadProject, AuthenticationController.requireLogin(), MetaController.broadcastMetadataForDoc
|
||||
|
||||
|
||||
webRouter.get '/tag', AuthenticationController.requireLogin(), TagsController.getAllTags
|
||||
webRouter.post '/tag', AuthenticationController.requireLogin(), RateLimiterMiddlewear.rateLimit({
|
||||
webRouter.post '/tag', AuthenticationController.requireLogin(), RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "create-tag"
|
||||
maxRequests: 30
|
||||
timeInterval: 60
|
||||
}), TagsController.createTag
|
||||
webRouter.post '/tag/:tag_id/rename', AuthenticationController.requireLogin(), RateLimiterMiddlewear.rateLimit({
|
||||
webRouter.post '/tag/:tag_id/rename', AuthenticationController.requireLogin(), RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "rename-tag"
|
||||
maxRequests: 30
|
||||
timeInterval: 60
|
||||
}), TagsController.renameTag
|
||||
webRouter.delete '/tag/:tag_id', AuthenticationController.requireLogin(), RateLimiterMiddlewear.rateLimit({
|
||||
webRouter.delete '/tag/:tag_id', AuthenticationController.requireLogin(), RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "delete-tag"
|
||||
maxRequests: 30
|
||||
timeInterval: 60
|
||||
}), TagsController.deleteTag
|
||||
webRouter.post '/tag/:tag_id/project/:project_id', AuthenticationController.requireLogin(), RateLimiterMiddlewear.rateLimit({
|
||||
webRouter.post '/tag/:tag_id/project/:project_id', AuthenticationController.requireLogin(), RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "add-project-to-tag"
|
||||
maxRequests: 30
|
||||
timeInterval: 60
|
||||
}), TagsController.addProjectToTag
|
||||
webRouter.delete '/tag/:tag_id/project/:project_id', AuthenticationController.requireLogin(), RateLimiterMiddlewear.rateLimit({
|
||||
webRouter.delete '/tag/:tag_id/project/:project_id', AuthenticationController.requireLogin(), RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "remove-project-from-tag"
|
||||
maxRequests: 30
|
||||
timeInterval: 60
|
||||
|
|
@ -356,19 +356,19 @@ module.exports = class Router
|
|||
webRouter.post "/spelling/check", AuthenticationController.requireLogin(), SpellingController.proxyRequestToSpellingApi
|
||||
webRouter.post "/spelling/learn", AuthenticationController.requireLogin(), SpellingController.proxyRequestToSpellingApi
|
||||
|
||||
webRouter.get "/project/:project_id/messages", AuthorizationMiddlewear.ensureUserCanReadProject, ChatController.getMessages
|
||||
webRouter.post "/project/:project_id/messages", AuthorizationMiddlewear.ensureUserCanReadProject, RateLimiterMiddlewear.rateLimit({
|
||||
webRouter.get "/project/:project_id/messages", AuthorizationMiddleware.ensureUserCanReadProject, ChatController.getMessages
|
||||
webRouter.post "/project/:project_id/messages", AuthorizationMiddleware.ensureUserCanReadProject, RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "send-chat-message"
|
||||
maxRequests: 100
|
||||
timeInterval: 60
|
||||
}), ChatController.sendMessage
|
||||
|
||||
webRouter.post "/project/:Project_id/references/index", AuthorizationMiddlewear.ensureUserCanReadProject, RateLimiterMiddlewear.rateLimit({
|
||||
webRouter.post "/project/:Project_id/references/index", AuthorizationMiddleware.ensureUserCanReadProject, RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "index-project-references"
|
||||
maxRequests: 30
|
||||
timeInterval: 60
|
||||
}), ReferencesController.index
|
||||
webRouter.post "/project/:Project_id/references/indexAll", AuthorizationMiddlewear.ensureUserCanReadProject, RateLimiterMiddlewear.rateLimit({
|
||||
webRouter.post "/project/:Project_id/references/indexAll", AuthorizationMiddleware.ensureUserCanReadProject, RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "index-all-project-references"
|
||||
maxRequests: 30
|
||||
timeInterval: 60
|
||||
|
|
@ -381,7 +381,7 @@ module.exports = class Router
|
|||
webRouter.get "/confirm-password", AuthenticationController.requireLogin(), SudoModeController.sudoModePrompt
|
||||
webRouter.post "/confirm-password",
|
||||
AuthenticationController.requireLogin(),
|
||||
RateLimiterMiddlewear.rateLimit({
|
||||
RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "confirm-password"
|
||||
maxRequests: 10
|
||||
timeInterval: 60
|
||||
|
|
@ -403,7 +403,7 @@ module.exports = class Router
|
|||
),
|
||||
AuthenticationController.httpAuth,
|
||||
CompileController.getFileFromClsiWithoutUser
|
||||
publicApiRouter.post '/api/institutions/confirm_university_domain', RateLimiterMiddlewear.rateLimit({
|
||||
publicApiRouter.post '/api/institutions/confirm_university_domain', RateLimiterMiddleware.rateLimit({
|
||||
endpointName: 'confirm-university-domain',
|
||||
maxRequests: 1,
|
||||
timeInterval: 60
|
||||
|
|
@ -417,17 +417,17 @@ module.exports = class Router
|
|||
res.redirect('/register')
|
||||
|
||||
#Admin Stuff
|
||||
webRouter.get '/admin', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.index
|
||||
webRouter.get '/admin/user', AuthorizationMiddlewear.ensureUserIsSiteAdmin, (req, res)-> res.redirect("/admin/register") #this gets removed by admin-panel addon
|
||||
webRouter.get '/admin/register', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.registerNewUser
|
||||
webRouter.post '/admin/register', AuthorizationMiddlewear.ensureUserIsSiteAdmin, UserController.register
|
||||
webRouter.post '/admin/closeEditor', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.closeEditor
|
||||
webRouter.post '/admin/dissconectAllUsers', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.dissconectAllUsers
|
||||
webRouter.post '/admin/syncUserToSubscription', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.syncUserToSubscription
|
||||
webRouter.post '/admin/flushProjectToTpds', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.flushProjectToTpds
|
||||
webRouter.post '/admin/pollDropboxForUser', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.pollDropboxForUser
|
||||
webRouter.post '/admin/messages', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.createMessage
|
||||
webRouter.post '/admin/messages/clear', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.clearMessages
|
||||
webRouter.get '/admin', AuthorizationMiddleware.ensureUserIsSiteAdmin, AdminController.index
|
||||
webRouter.get '/admin/user', AuthorizationMiddleware.ensureUserIsSiteAdmin, (req, res)-> res.redirect("/admin/register") #this gets removed by admin-panel addon
|
||||
webRouter.get '/admin/register', AuthorizationMiddleware.ensureUserIsSiteAdmin, AdminController.registerNewUser
|
||||
webRouter.post '/admin/register', AuthorizationMiddleware.ensureUserIsSiteAdmin, UserController.register
|
||||
webRouter.post '/admin/closeEditor', AuthorizationMiddleware.ensureUserIsSiteAdmin, AdminController.closeEditor
|
||||
webRouter.post '/admin/dissconectAllUsers', AuthorizationMiddleware.ensureUserIsSiteAdmin, AdminController.dissconectAllUsers
|
||||
webRouter.post '/admin/syncUserToSubscription', AuthorizationMiddleware.ensureUserIsSiteAdmin, AdminController.syncUserToSubscription
|
||||
webRouter.post '/admin/flushProjectToTpds', AuthorizationMiddleware.ensureUserIsSiteAdmin, AdminController.flushProjectToTpds
|
||||
webRouter.post '/admin/pollDropboxForUser', AuthorizationMiddleware.ensureUserIsSiteAdmin, AdminController.pollDropboxForUser
|
||||
webRouter.post '/admin/messages', AuthorizationMiddleware.ensureUserIsSiteAdmin, AdminController.createMessage
|
||||
webRouter.post '/admin/messages/clear', AuthorizationMiddleware.ensureUserIsSiteAdmin, AdminController.clearMessages
|
||||
|
||||
privateApiRouter.post '/disconnectAllUsers', AdminController.dissconectAllUsers
|
||||
|
||||
|
|
@ -451,7 +451,7 @@ module.exports = class Router
|
|||
publicApiRouter.get '/health_check/mongo', HealthCheckController.checkMongo
|
||||
privateApiRouter.get '/health_check/mongo', HealthCheckController.checkMongo
|
||||
|
||||
webRouter.get "/status/compiler/:Project_id", AuthorizationMiddlewear.ensureUserCanReadProject, (req, res) ->
|
||||
webRouter.get "/status/compiler/:Project_id", AuthorizationMiddleware.ensureUserCanReadProject, (req, res) ->
|
||||
project_id = req.params.Project_id
|
||||
sendRes = _.once (statusCode, message)->
|
||||
res.status statusCode
|
||||
|
|
@ -495,7 +495,7 @@ module.exports = class Router
|
|||
|
||||
|
||||
webRouter.get '/read/:read_only_token([a-z]+)',
|
||||
RateLimiterMiddlewear.rateLimit({
|
||||
RateLimiterMiddleware.rateLimit({
|
||||
endpointName: 'read-only-token',
|
||||
maxRequests: 15,
|
||||
timeInterval: 60
|
||||
|
|
@ -503,7 +503,7 @@ module.exports = class Router
|
|||
TokenAccessController.readOnlyToken
|
||||
|
||||
webRouter.get '/:read_and_write_token([0-9]+[a-z]+)',
|
||||
RateLimiterMiddlewear.rateLimit({
|
||||
RateLimiterMiddleware.rateLimit({
|
||||
endpointName: 'read-and-write-token',
|
||||
maxRequests: 15,
|
||||
timeInterval: 60
|
||||
|
|
|
|||
|
|
@ -2,11 +2,11 @@ sinon = require('sinon')
|
|||
chai = require('chai')
|
||||
should = chai.should()
|
||||
expect = chai.expect
|
||||
modulePath = "../../../../app/js/Features/Authorization/AuthorizationMiddlewear.js"
|
||||
modulePath = "../../../../app/js/Features/Authorization/AuthorizationMiddleware.js"
|
||||
SandboxedModule = require('sandboxed-module')
|
||||
Errors = require "../../../../app/js/Features/Errors/Errors.js"
|
||||
|
||||
describe "AuthorizationMiddlewear", ->
|
||||
describe "AuthorizationMiddleware", ->
|
||||
beforeEach ->
|
||||
@user_id = "user-id-123"
|
||||
@project_id = "project-id-123"
|
||||
|
|
@ -14,7 +14,7 @@ describe "AuthorizationMiddlewear", ->
|
|||
@AuthenticationController =
|
||||
getLoggedInUserId: sinon.stub().returns(@user_id)
|
||||
isUserLoggedIn: sinon.stub().returns(true)
|
||||
@AuthorizationMiddlewear = SandboxedModule.require modulePath, requires:
|
||||
@AuthorizationMiddleware = SandboxedModule.require modulePath, requires:
|
||||
"./AuthorizationManager": @AuthorizationManager = {}
|
||||
"logger-sharelatex": {log: () ->}
|
||||
"mongojs": ObjectId: @ObjectId = {}
|
||||
|
|
@ -34,7 +34,7 @@ describe "AuthorizationMiddlewear", ->
|
|||
|
||||
it "should get the user from session", (done) ->
|
||||
@AuthenticationController.getLoggedInUserId = sinon.stub().returns("1234")
|
||||
@AuthorizationMiddlewear._getUserId @req, (err, user_id) =>
|
||||
@AuthorizationMiddleware._getUserId @req, (err, user_id) =>
|
||||
expect(err).to.not.exist
|
||||
expect(user_id).to.equal "1234"
|
||||
done()
|
||||
|
|
@ -42,7 +42,7 @@ describe "AuthorizationMiddlewear", ->
|
|||
it "should get oauth_user from request", (done) ->
|
||||
@AuthenticationController.getLoggedInUserId = sinon.stub().returns(null)
|
||||
@req.oauth_user = {_id: "5678"}
|
||||
@AuthorizationMiddlewear._getUserId @req, (err, user_id) =>
|
||||
@AuthorizationMiddleware._getUserId @req, (err, user_id) =>
|
||||
expect(err).to.not.exist
|
||||
expect(user_id).to.equal "5678"
|
||||
done()
|
||||
|
|
@ -50,7 +50,7 @@ describe "AuthorizationMiddlewear", ->
|
|||
it "should fall back to null", (done) ->
|
||||
@AuthenticationController.getLoggedInUserId = sinon.stub().returns(null)
|
||||
@req.oauth_user = undefined
|
||||
@AuthorizationMiddlewear._getUserId @req, (err, user_id) =>
|
||||
@AuthorizationMiddleware._getUserId @req, (err, user_id) =>
|
||||
expect(err).to.not.exist
|
||||
expect(user_id).to.equal null
|
||||
done()
|
||||
|
|
@ -61,21 +61,21 @@ describe "AuthorizationMiddlewear", ->
|
|||
"ensureUserCanWriteProjectContent": "canUserWriteProjectContent"
|
||||
"ensureUserCanAdminProject": "canUserAdminProject"
|
||||
}
|
||||
for middlewearMethod, managerMethod of METHODS_TO_TEST
|
||||
do (middlewearMethod, managerMethod) ->
|
||||
describe middlewearMethod, ->
|
||||
for middlewareMethod, managerMethod of METHODS_TO_TEST
|
||||
do (middlewareMethod, managerMethod) ->
|
||||
describe middlewareMethod, ->
|
||||
beforeEach ->
|
||||
@req.params =
|
||||
project_id: @project_id
|
||||
@AuthorizationManager[managerMethod] = sinon.stub()
|
||||
@AuthorizationMiddlewear.redirectToRestricted = sinon.stub()
|
||||
@AuthorizationMiddleware.redirectToRestricted = sinon.stub()
|
||||
|
||||
describe "with missing project_id", ->
|
||||
beforeEach ->
|
||||
@req.params = {}
|
||||
|
||||
it "should return an error to next", ->
|
||||
@AuthorizationMiddlewear[middlewearMethod] @req, @res, @next
|
||||
@AuthorizationMiddleware[middlewareMethod] @req, @res, @next
|
||||
@next.calledWith(new Error()).should.equal true
|
||||
|
||||
describe "with logged in user", ->
|
||||
|
|
@ -89,7 +89,7 @@ describe "AuthorizationMiddlewear", ->
|
|||
.yields(null, true)
|
||||
|
||||
it "should return next", ->
|
||||
@AuthorizationMiddlewear[middlewearMethod] @req, @res, @next
|
||||
@AuthorizationMiddleware[middlewareMethod] @req, @res, @next
|
||||
@next.called.should.equal true
|
||||
|
||||
describe "when user doesn't have permission", ->
|
||||
|
|
@ -99,9 +99,9 @@ describe "AuthorizationMiddlewear", ->
|
|||
.yields(null, false)
|
||||
|
||||
it "should redirect to redirectToRestricted", ->
|
||||
@AuthorizationMiddlewear[middlewearMethod] @req, @res, @next
|
||||
@AuthorizationMiddleware[middlewareMethod] @req, @res, @next
|
||||
@next.called.should.equal false
|
||||
@AuthorizationMiddlewear.redirectToRestricted
|
||||
@AuthorizationMiddleware.redirectToRestricted
|
||||
.calledWith(@req, @res, @next)
|
||||
.should.equal true
|
||||
|
||||
|
|
@ -114,7 +114,7 @@ describe "AuthorizationMiddlewear", ->
|
|||
.yields(null, true)
|
||||
|
||||
it "should return next", ->
|
||||
@AuthorizationMiddlewear[middlewearMethod] @req, @res, @next
|
||||
@AuthorizationMiddleware[middlewareMethod] @req, @res, @next
|
||||
@next.called.should.equal true
|
||||
|
||||
describe "when user doesn't have permission", ->
|
||||
|
|
@ -125,9 +125,9 @@ describe "AuthorizationMiddlewear", ->
|
|||
.yields(null, false)
|
||||
|
||||
it "should redirect to redirectToRestricted", ->
|
||||
@AuthorizationMiddlewear[middlewearMethod] @req, @res, @next
|
||||
@AuthorizationMiddleware[middlewareMethod] @req, @res, @next
|
||||
@next.called.should.equal false
|
||||
@AuthorizationMiddlewear.redirectToRestricted
|
||||
@AuthorizationMiddleware.redirectToRestricted
|
||||
.calledWith(@req, @res, @next)
|
||||
.should.equal true
|
||||
|
||||
|
|
@ -138,14 +138,14 @@ describe "AuthorizationMiddlewear", ->
|
|||
@ObjectId.isValid = sinon.stub().returns false
|
||||
|
||||
it "should return a not found error", (done) ->
|
||||
@AuthorizationMiddlewear[middlewearMethod] @req, @res, (error) ->
|
||||
@AuthorizationMiddleware[middlewareMethod] @req, @res, (error) ->
|
||||
error.should.be.instanceof Errors.NotFoundError
|
||||
done()
|
||||
|
||||
describe "ensureUserIsSiteAdmin", ->
|
||||
beforeEach ->
|
||||
@AuthorizationManager.isUserSiteAdmin = sinon.stub()
|
||||
@AuthorizationMiddlewear.redirectToRestricted = sinon.stub()
|
||||
@AuthorizationMiddleware.redirectToRestricted = sinon.stub()
|
||||
|
||||
describe "with logged in user", ->
|
||||
beforeEach ->
|
||||
|
|
@ -158,7 +158,7 @@ describe "AuthorizationMiddlewear", ->
|
|||
.yields(null, true)
|
||||
|
||||
it "should return next", ->
|
||||
@AuthorizationMiddlewear.ensureUserIsSiteAdmin @req, @res, @next
|
||||
@AuthorizationMiddleware.ensureUserIsSiteAdmin @req, @res, @next
|
||||
@next.called.should.equal true
|
||||
|
||||
describe "when user doesn't have permission", ->
|
||||
|
|
@ -168,9 +168,9 @@ describe "AuthorizationMiddlewear", ->
|
|||
.yields(null, false)
|
||||
|
||||
it "should redirect to redirectToRestricted", ->
|
||||
@AuthorizationMiddlewear.ensureUserIsSiteAdmin @req, @res, @next
|
||||
@AuthorizationMiddleware.ensureUserIsSiteAdmin @req, @res, @next
|
||||
@next.called.should.equal false
|
||||
@AuthorizationMiddlewear.redirectToRestricted
|
||||
@AuthorizationMiddleware.redirectToRestricted
|
||||
.calledWith(@req, @res, @next)
|
||||
.should.equal true
|
||||
|
||||
|
|
@ -183,7 +183,7 @@ describe "AuthorizationMiddlewear", ->
|
|||
.yields(null, true)
|
||||
|
||||
it "should return next", ->
|
||||
@AuthorizationMiddlewear.ensureUserIsSiteAdmin @req, @res, @next
|
||||
@AuthorizationMiddleware.ensureUserIsSiteAdmin @req, @res, @next
|
||||
@next.called.should.equal true
|
||||
|
||||
describe "when user doesn't have permission", ->
|
||||
|
|
@ -194,16 +194,16 @@ describe "AuthorizationMiddlewear", ->
|
|||
.yields(null, false)
|
||||
|
||||
it "should redirect to redirectToRestricted", ->
|
||||
@AuthorizationMiddlewear.ensureUserIsSiteAdmin @req, @res, @next
|
||||
@AuthorizationMiddleware.ensureUserIsSiteAdmin @req, @res, @next
|
||||
@next.called.should.equal false
|
||||
@AuthorizationMiddlewear.redirectToRestricted
|
||||
@AuthorizationMiddleware.redirectToRestricted
|
||||
.calledWith(@req, @res, @next)
|
||||
.should.equal true
|
||||
|
||||
describe "ensureUserCanReadMultipleProjects", ->
|
||||
beforeEach ->
|
||||
@AuthorizationManager.canUserReadProject = sinon.stub()
|
||||
@AuthorizationMiddlewear.redirectToRestricted = sinon.stub()
|
||||
@AuthorizationMiddleware.redirectToRestricted = sinon.stub()
|
||||
@req.query =
|
||||
project_ids: "project1,project2"
|
||||
|
||||
|
|
@ -221,7 +221,7 @@ describe "AuthorizationMiddlewear", ->
|
|||
.yields(null, true)
|
||||
|
||||
it "should return next", ->
|
||||
@AuthorizationMiddlewear.ensureUserCanReadMultipleProjects @req, @res, @next
|
||||
@AuthorizationMiddleware.ensureUserCanReadMultipleProjects @req, @res, @next
|
||||
@next.called.should.equal true
|
||||
|
||||
describe "when user doesn't have permission to access one of the projects", ->
|
||||
|
|
@ -234,9 +234,9 @@ describe "AuthorizationMiddlewear", ->
|
|||
.yields(null, false)
|
||||
|
||||
it "should redirect to redirectToRestricted", ->
|
||||
@AuthorizationMiddlewear.ensureUserCanReadMultipleProjects @req, @res, @next
|
||||
@AuthorizationMiddleware.ensureUserCanReadMultipleProjects @req, @res, @next
|
||||
@next.called.should.equal false
|
||||
@AuthorizationMiddlewear.redirectToRestricted
|
||||
@AuthorizationMiddleware.redirectToRestricted
|
||||
.calledWith(@req, @res, @next)
|
||||
.should.equal true
|
||||
|
||||
|
|
@ -253,7 +253,7 @@ describe "AuthorizationMiddlewear", ->
|
|||
.yields(null, true)
|
||||
|
||||
it "should return next", ->
|
||||
@AuthorizationMiddlewear.ensureUserCanReadMultipleProjects @req, @res, @next
|
||||
@AuthorizationMiddleware.ensureUserCanReadMultipleProjects @req, @res, @next
|
||||
@next.called.should.equal true
|
||||
|
||||
describe "when user doesn't have permission to access one of the projects", ->
|
||||
|
|
@ -267,8 +267,8 @@ describe "AuthorizationMiddlewear", ->
|
|||
.yields(null, false)
|
||||
|
||||
it "should redirect to redirectToRestricted", ->
|
||||
@AuthorizationMiddlewear.ensureUserCanReadMultipleProjects @req, @res, @next
|
||||
@AuthorizationMiddleware.ensureUserCanReadMultipleProjects @req, @res, @next
|
||||
@next.called.should.equal false
|
||||
@AuthorizationMiddlewear.redirectToRestricted
|
||||
@AuthorizationMiddleware.redirectToRestricted
|
||||
.calledWith(@req, @res, @next)
|
||||
.should.equal true
|
||||
|
|
@ -2,15 +2,15 @@ SandboxedModule = require('sandboxed-module')
|
|||
sinon = require('sinon')
|
||||
require('chai').should()
|
||||
expect = require('chai').expect
|
||||
modulePath = require('path').join __dirname, '../../../../app/js/Features/Cooldown/CooldownMiddlewear'
|
||||
modulePath = require('path').join __dirname, '../../../../app/js/Features/Cooldown/CooldownMiddleware'
|
||||
|
||||
|
||||
describe "CooldownMiddlewear", ->
|
||||
describe "CooldownMiddleware", ->
|
||||
|
||||
beforeEach ->
|
||||
@CooldownManager =
|
||||
isProjectOnCooldown: sinon.stub()
|
||||
@CooldownMiddlewear = SandboxedModule.require modulePath, requires:
|
||||
@CooldownMiddleware = SandboxedModule.require modulePath, requires:
|
||||
'./CooldownManager': @CooldownManager
|
||||
'logger-sharelatex': {log: sinon.stub()}
|
||||
|
||||
|
|
@ -24,16 +24,16 @@ describe "CooldownMiddlewear", ->
|
|||
@next = sinon.stub()
|
||||
|
||||
it 'should call CooldownManager.isProjectOnCooldown', ->
|
||||
@CooldownMiddlewear.freezeProject @req, @res, @next
|
||||
@CooldownMiddleware.freezeProject @req, @res, @next
|
||||
@CooldownManager.isProjectOnCooldown.callCount.should.equal 1
|
||||
@CooldownManager.isProjectOnCooldown.calledWith('abc').should.equal true
|
||||
|
||||
it 'should not produce an error', ->
|
||||
@CooldownMiddlewear.freezeProject @req, @res, @next
|
||||
@CooldownMiddleware.freezeProject @req, @res, @next
|
||||
@next.callCount.should.equal 0
|
||||
|
||||
it 'should send a 429 status', ->
|
||||
@CooldownMiddlewear.freezeProject @req, @res, @next
|
||||
@CooldownMiddleware.freezeProject @req, @res, @next
|
||||
@res.sendStatus.callCount.should.equal 1
|
||||
@res.sendStatus.calledWith(429).should.equal true
|
||||
|
||||
|
|
@ -45,12 +45,12 @@ describe "CooldownMiddlewear", ->
|
|||
@next = sinon.stub()
|
||||
|
||||
it 'should call CooldownManager.isProjectOnCooldown', ->
|
||||
@CooldownMiddlewear.freezeProject @req, @res, @next
|
||||
@CooldownMiddleware.freezeProject @req, @res, @next
|
||||
@CooldownManager.isProjectOnCooldown.callCount.should.equal 1
|
||||
@CooldownManager.isProjectOnCooldown.calledWith('abc').should.equal true
|
||||
|
||||
it 'call next with no arguments', ->
|
||||
@CooldownMiddlewear.freezeProject @req, @res, @next
|
||||
@CooldownMiddleware.freezeProject @req, @res, @next
|
||||
@next.callCount.should.equal 1
|
||||
expect(@next.lastCall.args.length).to.equal 0
|
||||
|
||||
|
|
@ -62,12 +62,12 @@ describe "CooldownMiddlewear", ->
|
|||
@next = sinon.stub()
|
||||
|
||||
it 'should call CooldownManager.isProjectOnCooldown', ->
|
||||
@CooldownMiddlewear.freezeProject @req, @res, @next
|
||||
@CooldownMiddleware.freezeProject @req, @res, @next
|
||||
@CooldownManager.isProjectOnCooldown.callCount.should.equal 1
|
||||
@CooldownManager.isProjectOnCooldown.calledWith('abc').should.equal true
|
||||
|
||||
it 'call next with an error', ->
|
||||
@CooldownMiddlewear.freezeProject @req, @res, @next
|
||||
@CooldownMiddleware.freezeProject @req, @res, @next
|
||||
@next.callCount.should.equal 1
|
||||
expect(@next.lastCall.args[0]).to.be.instanceof Error
|
||||
|
||||
|
|
@ -79,10 +79,10 @@ describe "CooldownMiddlewear", ->
|
|||
@next = sinon.stub()
|
||||
|
||||
it 'call next with an error', ->
|
||||
@CooldownMiddlewear.freezeProject @req, @res, @next
|
||||
@CooldownMiddleware.freezeProject @req, @res, @next
|
||||
@next.callCount.should.equal 1
|
||||
expect(@next.lastCall.args[0]).to.be.instanceof Error
|
||||
|
||||
it 'should not call CooldownManager.isProjectOnCooldown', ->
|
||||
@CooldownMiddlewear.freezeProject @req, @res, @next
|
||||
@CooldownMiddleware.freezeProject @req, @res, @next
|
||||
@CooldownManager.isProjectOnCooldown.callCount.should.equal 0
|
||||
|
|
@ -1,14 +1,14 @@
|
|||
SandboxedModule = require('sandboxed-module')
|
||||
sinon = require('sinon')
|
||||
require('chai').should()
|
||||
modulePath = require('path').join __dirname, '../../../../app/js/Features/Security/RateLimiterMiddlewear'
|
||||
modulePath = require('path').join __dirname, '../../../../app/js/Features/Security/RateLimiterMiddleware'
|
||||
|
||||
describe "RateLimiterMiddlewear", ->
|
||||
describe "RateLimiterMiddleware", ->
|
||||
beforeEach ->
|
||||
@AuthenticationController =
|
||||
getLoggedInUserId: () =>
|
||||
@req?.session?.user?._id
|
||||
@RateLimiterMiddlewear = SandboxedModule.require modulePath, requires:
|
||||
@RateLimiterMiddleware = SandboxedModule.require modulePath, requires:
|
||||
'../../infrastructure/RateLimiter' : @RateLimiter = {}
|
||||
"logger-sharelatex": @logger = {warn: sinon.stub()}
|
||||
'../Authentication/AuthenticationController': @AuthenticationController
|
||||
|
|
@ -22,7 +22,7 @@ describe "RateLimiterMiddlewear", ->
|
|||
|
||||
describe "rateLimit", ->
|
||||
beforeEach ->
|
||||
@rateLimiter = @RateLimiterMiddlewear.rateLimit({
|
||||
@rateLimiter = @RateLimiterMiddleware.rateLimit({
|
||||
endpointName: "test-endpoint"
|
||||
params: ["project_id", "doc_id"]
|
||||
timeInterval: 42
|
||||
|
|
@ -3,10 +3,10 @@ assert = require('assert')
|
|||
require('chai').should()
|
||||
expect = require('chai').expect
|
||||
sinon = require('sinon')
|
||||
modulePath = require('path').join __dirname, '../../../../app/js/Features/SudoMode/SudoModeMiddlewear'
|
||||
modulePath = require('path').join __dirname, '../../../../app/js/Features/SudoMode/SudoModeMiddleware'
|
||||
|
||||
|
||||
describe 'SudoModeMiddlewear', ->
|
||||
describe 'SudoModeMiddleware', ->
|
||||
beforeEach ->
|
||||
@userId = 'some_user_id'
|
||||
@SudoModeHandler =
|
||||
|
|
@ -14,7 +14,7 @@ describe 'SudoModeMiddlewear', ->
|
|||
@AuthenticationController =
|
||||
getLoggedInUserId: sinon.stub().returns(@userId)
|
||||
setRedirectInSession: sinon.stub()
|
||||
@SudoModeMiddlewear = SandboxedModule.require modulePath, requires:
|
||||
@SudoModeMiddleware = SandboxedModule.require modulePath, requires:
|
||||
'./SudoModeHandler': @SudoModeHandler
|
||||
'../Authentication/AuthenticationController': @AuthenticationController
|
||||
'logger-sharelatex': {log: sinon.stub(), err: sinon.stub()}
|
||||
|
|
@ -27,7 +27,7 @@ describe 'SudoModeMiddlewear', ->
|
|||
@req = {externalAuthenticationSystemUsed: sinon.stub().returns(@externalAuth)}
|
||||
@res = {redirect: sinon.stub()}
|
||||
@next = sinon.stub()
|
||||
@SudoModeMiddlewear.protectPage @req, @res, @next
|
||||
@SudoModeMiddleware.protectPage @req, @res, @next
|
||||
cb()
|
||||
|
||||
describe 'when sudo mode is active', ->
|
||||
|
|
@ -110,7 +110,7 @@ describe 'SudoModeMiddlewear', ->
|
|||
@req = {externalAuthenticationSystemUsed: sinon.stub().returns(@externalAuth)}
|
||||
@res = {redirect: sinon.stub()}
|
||||
@next = sinon.stub()
|
||||
@SudoModeMiddlewear.protectPage @req, @res, @next
|
||||
@SudoModeMiddleware.protectPage @req, @res, @next
|
||||
cb()
|
||||
|
||||
it 'should immediately return next with no args', (done) ->
|
||||
|
|
@ -19,12 +19,12 @@ describe "UserMembershipAuthorization", ->
|
|||
@UserMembershipHandler =
|
||||
getEntity: sinon.stub().yields(null, @subscription)
|
||||
getEntityWithoutAuthorizationCheck: sinon.stub().yields(null, @subscription)
|
||||
@AuthorizationMiddlewear =
|
||||
@AuthorizationMiddleware =
|
||||
redirectToRestricted: sinon.stub().yields()
|
||||
ensureUserIsSiteAdmin: sinon.stub().yields()
|
||||
@UserMembershipAuthorization = SandboxedModule.require modulePath, requires:
|
||||
'../Authentication/AuthenticationController': @AuthenticationController
|
||||
'../Authorization/AuthorizationMiddlewear': @AuthorizationMiddlewear
|
||||
'../Authorization/AuthorizationMiddleware': @AuthorizationMiddleware
|
||||
'./UserMembershipHandler': @UserMembershipHandler
|
||||
'./EntityConfigs': EntityConfigs
|
||||
'../Errors/Errors': Errors
|
||||
|
|
@ -80,14 +80,14 @@ describe "UserMembershipAuthorization", ->
|
|||
it 'handle entity no access', (done) ->
|
||||
@UserMembershipHandler.getEntity.yields(null, null)
|
||||
@UserMembershipAuthorization.requireGroupMetricsAccess @req, null, (error) =>
|
||||
sinon.assert.called(@AuthorizationMiddlewear.redirectToRestricted)
|
||||
sinon.assert.called(@AuthorizationMiddleware.redirectToRestricted)
|
||||
done()
|
||||
|
||||
it 'handle anonymous user', (done) ->
|
||||
@AuthenticationController.getSessionUser.returns(null)
|
||||
@UserMembershipAuthorization.requireGroupMetricsAccess @req, null, (error) =>
|
||||
expect(error).to.extist
|
||||
sinon.assert.called(@AuthorizationMiddlewear.redirectToRestricted)
|
||||
sinon.assert.called(@AuthorizationMiddleware.redirectToRestricted)
|
||||
sinon.assert.notCalled(@UserMembershipHandler.getEntity)
|
||||
expect(@req.entity).to.not.exist
|
||||
done()
|
||||
|
|
@ -157,14 +157,14 @@ describe "UserMembershipAuthorization", ->
|
|||
@UserMembershipAuthorization.requireTemplateMetricsAccess @req, null, (error) =>
|
||||
expect(error).to.not.extist
|
||||
sinon.assert.notCalled(@UserMembershipHandler.getEntity)
|
||||
sinon.assert.calledOnce(@AuthorizationMiddlewear.ensureUserIsSiteAdmin)
|
||||
sinon.assert.calledOnce(@AuthorizationMiddleware.ensureUserIsSiteAdmin)
|
||||
done()
|
||||
|
||||
it 'handle graph access', (done) ->
|
||||
@req.query.resource_id = 'mock-resource-id'
|
||||
@req.query.resource_type = 'institution'
|
||||
middlewear = @UserMembershipAuthorization.requireGraphAccess
|
||||
middlewear @req, null, (error) =>
|
||||
middleware = @UserMembershipAuthorization.requireGraphAccess
|
||||
middleware @req, null, (error) =>
|
||||
expect(error).to.not.extist
|
||||
sinon.assert.calledWithMatch(
|
||||
@UserMembershipHandler.getEntity,
|
||||
|
|
|
|||
Loading…
Reference in a new issue