mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-07 20:31:06 -05:00
v1 of express4 conversion
This commit is contained in:
Henry Oswald
parent
a4f99c4224
commit
665bdcf538
6 changed files with 81 additions and 49 deletions
|
|
@ -7,6 +7,8 @@ logger = require("logger-sharelatex")
|
|||
querystring = require('querystring')
|
||||
Url = require("url")
|
||||
Settings = require "settings-sharelatex"
|
||||
basicAuth = require('basic-auth-connect')
|
||||
|
||||
|
||||
module.exports = AuthenticationController =
|
||||
login: (req, res, next = (error) ->) ->
|
||||
|
|
@ -101,7 +103,7 @@ module.exports = AuthenticationController =
|
|||
logger.log url:req.url, "user trying to access endpoint not in global whitelist"
|
||||
return res.redirect "/login"
|
||||
|
||||
httpAuth: require('express').basicAuth (user, pass)->
|
||||
httpAuth: basicAuth (user, pass)->
|
||||
isValid = Settings.httpAuthUsers[user] == pass
|
||||
if !isValid
|
||||
logger.err user:user, pass:pass, "invalid login details"
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ module.exports =
|
|||
app.get '/subscription/group', AuthenticationController.requireLogin(), SubscriptionGroupController.renderSubscriptionGroupAdminPage
|
||||
app.post '/subscription/group/user', AuthenticationController.requireLogin(), SubscriptionGroupController.addUserToGroup
|
||||
app.get '/subscription/group/export', AuthenticationController.requireLogin(), SubscriptionGroupController.exportGroupCsv
|
||||
app.del '/subscription/group/user/:user_id', AuthenticationController.requireLogin(), SubscriptionGroupController.removeUserFromGroup
|
||||
app.delete '/subscription/group/user/:user_id', AuthenticationController.requireLogin(), SubscriptionGroupController.removeUserFromGroup
|
||||
|
||||
app.get '/user/subscription/:subscription_id/group/invited', AuthenticationController.requireLogin(), SubscriptionGroupController.renderGroupInvitePage
|
||||
app.post '/user/subscription/:subscription_id/group/begin-join', AuthenticationController.requireLogin(), SubscriptionGroupController.beginJoinGroup
|
||||
|
|
|
|||
|
|
@ -95,7 +95,7 @@ module.exports = (app)->
|
|||
next()
|
||||
|
||||
app.use (req, res, next) ->
|
||||
res.locals.csrfToken = req.session._csrf
|
||||
res.locals.csrfToken = req.csrfToken()
|
||||
next()
|
||||
|
||||
app.use (req, res, next) ->
|
||||
|
|
|
|||
|
|
@ -7,14 +7,22 @@ crawlerLogger = require('./CrawlerLogger')
|
|||
expressLocals = require('./ExpressLocals')
|
||||
Router = require('../router')
|
||||
metrics.inc("startup")
|
||||
|
||||
redis = require("redis-sharelatex")
|
||||
rclient = redis.createClient(Settings.redis.web)
|
||||
|
||||
RedisStore = require('connect-redis')(express)
|
||||
session = require("express-session")
|
||||
RedisStore = require('connect-redis')(session)
|
||||
bodyParser = require('body-parser')
|
||||
multer = require('multer')
|
||||
methodOverride = require('method-override')
|
||||
csrf = require('csurf')
|
||||
csrfProtection = csrf()
|
||||
cookieParser = require('cookie-parser')
|
||||
|
||||
sessionStore = new RedisStore(client:rclient)
|
||||
|
||||
cookieParser = express.cookieParser(Settings.security.sessionSecret)
|
||||
Mongoose = require("./Mongoose")
|
||||
|
||||
oneDayInMilliseconds = 86400000
|
||||
ReferalConnect = require('../Features/Referal/ReferalConnect')
|
||||
RedirectManager = require("./RedirectManager")
|
||||
|
|
@ -36,49 +44,52 @@ else
|
|||
|
||||
app = express()
|
||||
|
||||
csrf = express.csrf()
|
||||
ignoreCsrfRoutes = []
|
||||
app.ignoreCsrf = (method, route) ->
|
||||
ignoreCsrfRoutes.push new express.Route(method, route)
|
||||
|
||||
|
||||
app.configure () ->
|
||||
if Settings.behindProxy
|
||||
app.enable('trust proxy')
|
||||
app.use express.static(__dirname + '/../../../public', {maxAge: staticCacheAge })
|
||||
app.set 'views', __dirname + '/../../views'
|
||||
app.set 'view engine', 'jade'
|
||||
Modules.loadViewIncludes app
|
||||
app.use express.bodyParser(uploadDir: Settings.path.uploadFolder)
|
||||
app.use translations.expressMiddlewear
|
||||
app.use translations.setLangBasedOnDomainMiddlewear
|
||||
app.use cookieParser
|
||||
app.use express.session
|
||||
proxy: Settings.behindProxy
|
||||
cookie:
|
||||
domain: Settings.cookieDomain
|
||||
maxAge: Settings.cookieSessionLength
|
||||
secure: Settings.secureCookie
|
||||
store: sessionStore
|
||||
key: Settings.cookieName
|
||||
|
||||
# Measure expiry from last request, not last login
|
||||
app.use (req, res, next) ->
|
||||
req.session.touch()
|
||||
next()
|
||||
|
||||
app.use (req, res, next) ->
|
||||
for route in ignoreCsrfRoutes
|
||||
if route.method == req.method?.toLowerCase() and route.match(req.path)
|
||||
return next()
|
||||
csrf(req, res, next)
|
||||
if Settings.behindProxy
|
||||
app.enable('trust proxy')
|
||||
app.use express.static(__dirname + '/../../../public', {maxAge: staticCacheAge })
|
||||
app.set 'views', __dirname + '/../../views'
|
||||
app.set 'view engine', 'jade'
|
||||
Modules.loadViewIncludes app
|
||||
app.use cookieParser(Settings.security.sessionSecret)
|
||||
app.use session
|
||||
resave: false
|
||||
secret:Settings.security.sessionSecret
|
||||
proxy: Settings.behindProxy
|
||||
cookie:
|
||||
domain: Settings.cookieDomain
|
||||
maxAge: Settings.cookieSessionLength
|
||||
secure: Settings.secureCookie
|
||||
store: sessionStore
|
||||
key: Settings.cookieName
|
||||
|
||||
app.use ReferalConnect.use
|
||||
app.use express.methodOverride()
|
||||
app.use bodyParser.urlencoded({ extended: true })
|
||||
app.use bodyParser.json()
|
||||
app.use multer(dest: Settings.path.uploadFolder)
|
||||
app.use translations.expressMiddlewear
|
||||
app.use translations.setLangBasedOnDomainMiddlewear
|
||||
|
||||
# Measure expiry from last request, not last login
|
||||
app.use (req, res, next) ->
|
||||
req.session.touch()
|
||||
next()
|
||||
|
||||
app.use (req, res, next) ->
|
||||
for route in ignoreCsrfRoutes
|
||||
if route.method == req.method?.toLowerCase() and route.match(req.path)
|
||||
return next()
|
||||
csrfProtection(req, res, next)
|
||||
|
||||
app.use ReferalConnect.use
|
||||
app.use methodOverride()
|
||||
|
||||
expressLocals(app)
|
||||
|
||||
app.configure 'production', ->
|
||||
if app.get('env') == 'production'
|
||||
logger.info "Production Enviroment"
|
||||
app.enable('view cache')
|
||||
|
||||
|
|
|
|||
|
|
@ -44,7 +44,6 @@ module.exports = class Router
|
|||
if !Settings.allowPublicAccess
|
||||
app.all '*', AuthenticationController.requireGlobalLogin
|
||||
|
||||
app.use(app.router)
|
||||
|
||||
app.get '/login', UserPagesController.loginPage
|
||||
AuthenticationController.addEndpointToLoginWhitelist '/login'
|
||||
|
|
@ -77,8 +76,8 @@ module.exports = class Router
|
|||
app.post '/user/settings', AuthenticationController.requireLogin(), UserController.updateUserSettings
|
||||
app.post '/user/password/update', AuthenticationController.requireLogin(), UserController.changePassword
|
||||
|
||||
app.del '/user/newsletter/unsubscribe', AuthenticationController.requireLogin(), UserController.unsubscribe
|
||||
app.del '/user', AuthenticationController.requireLogin(), UserController.deleteUser
|
||||
app.delete '/user/newsletter/unsubscribe', AuthenticationController.requireLogin(), UserController.unsubscribe
|
||||
app.delete '/user', AuthenticationController.requireLogin(), UserController.deleteUser
|
||||
|
||||
app.get '/user/auth_token', AuthenticationController.requireLogin(), AuthenticationController.getAuthToken
|
||||
app.get '/user/personal_info', AuthenticationController.requireLogin(allow_auth_token: true), UserInfoController.getLoggedInUsersPersonalInfo
|
||||
|
|
@ -107,11 +106,11 @@ module.exports = class Router
|
|||
req.params = params
|
||||
next()
|
||||
), SecurityManager.requestCanAccessProject, CompileController.getFileFromClsi
|
||||
app.del "/project/:Project_id/output", SecurityManager.requestCanAccessProject, CompileController.deleteAuxFiles
|
||||
app.delete "/project/:Project_id/output", SecurityManager.requestCanAccessProject, CompileController.deleteAuxFiles
|
||||
app.get "/project/:Project_id/sync/code", SecurityManager.requestCanAccessProject, CompileController.proxySync
|
||||
app.get "/project/:Project_id/sync/pdf", SecurityManager.requestCanAccessProject, CompileController.proxySync
|
||||
|
||||
app.del '/Project/:Project_id', SecurityManager.requestIsOwner, ProjectController.deleteProject
|
||||
app.delete '/Project/:Project_id', SecurityManager.requestIsOwner, ProjectController.deleteProject
|
||||
app.post '/Project/:Project_id/restore', SecurityManager.requestIsOwner, ProjectController.restoreProject
|
||||
app.post '/Project/:Project_id/clone', SecurityManager.requestCanAccessProject, ProjectController.cloneProject
|
||||
|
||||
|
|
@ -138,12 +137,12 @@ module.exports = class Router
|
|||
app.ignoreCsrf('post', '/project/:Project_id/doc/:doc_id')
|
||||
|
||||
app.post '/user/:user_id/update/*', AuthenticationController.httpAuth, TpdsController.mergeUpdate
|
||||
app.del '/user/:user_id/update/*', AuthenticationController.httpAuth, TpdsController.deleteUpdate
|
||||
app.delete '/user/:user_id/update/*', AuthenticationController.httpAuth, TpdsController.deleteUpdate
|
||||
app.ignoreCsrf('post', '/user/:user_id/update/*')
|
||||
app.ignoreCsrf('delete', '/user/:user_id/update/*')
|
||||
|
||||
app.post '/project/:project_id/contents/*', AuthenticationController.httpAuth, TpdsController.updateProjectContents
|
||||
app.del '/project/:project_id/contents/*', AuthenticationController.httpAuth, TpdsController.deleteProjectContents
|
||||
app.delete '/project/:project_id/contents/*', AuthenticationController.httpAuth, TpdsController.deleteProjectContents
|
||||
app.ignoreCsrf('post', '/project/:project_id/contents/*')
|
||||
app.ignoreCsrf('delete', '/project/:project_id/contents/*')
|
||||
|
||||
|
|
|
|||
|
|
@ -12,21 +12,41 @@
|
|||
"dependencies": {
|
||||
"archiver": "0.9.0",
|
||||
"async": "0.6.2",
|
||||
<<<<<<< HEAD
|
||||
=======
|
||||
"base64-stream": "^0.1.2",
|
||||
"basic-auth-connect": "^1.0.0",
|
||||
>>>>>>> 90b15d3... v1 of express4 conversion
|
||||
"bcrypt": "0.8.3",
|
||||
"body-parser": "^1.13.1",
|
||||
"bufferedstream": "1.6.0",
|
||||
"connect-redis": "1.4.5",
|
||||
"connect-redis": "2.3.0",
|
||||
"cookie-parser": "1.3.5",
|
||||
"csurf": "^1.8.3",
|
||||
"dateformat": "1.0.4-1.2.3",
|
||||
"express": "3.3.4",
|
||||
"express": "4.13.0",
|
||||
"express-session": "1.11.3",
|
||||
"http-proxy": "^1.8.1",
|
||||
"jade": "~1.3.1",
|
||||
"ldapjs": "^0.7.1",
|
||||
"logger-sharelatex": "git+https://github.com/sharelatex/logger-sharelatex.git#v1.0.0",
|
||||
"lynx": "0.1.1",
|
||||
<<<<<<< HEAD
|
||||
=======
|
||||
"marked": "^0.3.3",
|
||||
"method-override": "^2.3.3",
|
||||
>>>>>>> 90b15d3... v1 of express4 conversion
|
||||
"metrics-sharelatex": "git+https://github.com/sharelatex/metrics-sharelatex.git#v1.1.0",
|
||||
"mimelib": "0.2.14",
|
||||
"mocha": "1.17.1",
|
||||
"mongojs": "0.18.2",
|
||||
"mongoose": "3.8.28",
|
||||
<<<<<<< HEAD
|
||||
=======
|
||||
"mongoose-auto-increment": "3.0.2",
|
||||
"multer": "^0.1.8",
|
||||
"mysql": "^2.7.0",
|
||||
>>>>>>> 90b15d3... v1 of express4 conversion
|
||||
"node-uuid": "1.4.1",
|
||||
"nodemailer": "0.6.1",
|
||||
"optimist": "0.6.1",
|
||||
|
|
|
|||
Loading…
Reference in a new issue