Merge pull request #541 from sharelatex/bg-add-public-api-router

add public api router
This commit is contained in:
Brian Gough 2017-07-05 15:07:31 +01:00 committed by GitHub
commit 6c1efec564
4 changed files with 49 additions and 45 deletions

View file

@ -66,7 +66,7 @@ logger.log "Finished generating file fingerprints"
cdnAvailable = Settings.cdn?.web?.host? cdnAvailable = Settings.cdn?.web?.host?
darkCdnAvailable = Settings.cdn?.web?.darkHost? darkCdnAvailable = Settings.cdn?.web?.darkHost?
module.exports = (app, webRouter, apiRouter)-> module.exports = (app, webRouter, privateApiRouter, publicApiRouter)->
webRouter.use (req, res, next)-> webRouter.use (req, res, next)->
res.locals.session = req.session res.locals.session = req.session
next() next()
@ -82,7 +82,8 @@ module.exports = (app, webRouter, apiRouter)->
) )
next() next()
webRouter.use addSetContentDisposition webRouter.use addSetContentDisposition
apiRouter.use addSetContentDisposition privateApiRouter.use addSetContentDisposition
publicApiRouter.use addSetContentDisposition
webRouter.use (req, res, next)-> webRouter.use (req, res, next)->
req.externalAuthenticationSystemUsed = res.locals.externalAuthenticationSystemUsed = -> req.externalAuthenticationSystemUsed = res.locals.externalAuthenticationSystemUsed = ->

View file

@ -15,14 +15,14 @@ module.exports = Modules =
@modules.push loadedModule @modules.push loadedModule
Modules.attachHooks() Modules.attachHooks()
applyRouter: (webRouter, apiRouter) -> applyRouter: (webRouter, privateApiRouter, publicApiRouter) ->
for module in @modules for module in @modules
module.router?.apply?(webRouter, apiRouter) module.router?.apply?(webRouter, privateApiRouter, publicApiRouter)
applyNonCsrfRouter: (webRouter, apiRouter) -> applyNonCsrfRouter: (webRouter, privateApiRouter, publicApiRouter) ->
for module in @modules for module in @modules
module.nonCsrfRouter?.apply(webRouter, apiRouter) module.nonCsrfRouter?.apply(webRouter, privateApiRouter, publicApiRouter)
module.router?.applyNonCsrfRouter?(webRouter, apiRouter) module.router?.applyNonCsrfRouter?(webRouter, privateApiRouter, publicApiRouter)
viewIncludes: {} viewIncludes: {}
loadViewIncludes: (app) -> loadViewIncludes: (app) ->

View file

@ -52,7 +52,8 @@ else
app = express() app = express()
webRouter = express.Router() webRouter = express.Router()
apiRouter = express.Router() privateApiRouter = express.Router()
publicApiRouter = express.Router()
if Settings.behindProxy if Settings.behindProxy
app.enable('trust proxy') app.enable('trust proxy')
@ -108,7 +109,7 @@ Modules.hooks.fire 'passportSetup', passport, (err) ->
if err? if err?
logger.err {err}, "error setting up passport in modules" logger.err {err}, "error setting up passport in modules"
Modules.applyNonCsrfRouter(webRouter, apiRouter) Modules.applyNonCsrfRouter(webRouter, privateApiRouter, publicApiRouter)
webRouter.use csrfProtection webRouter.use csrfProtection
webRouter.use translations.expressMiddlewear webRouter.use translations.expressMiddlewear
@ -122,7 +123,7 @@ webRouter.use (req, res, next) ->
next() next()
webRouter.use ReferalConnect.use webRouter.use ReferalConnect.use
expressLocals(app, webRouter, apiRouter) expressLocals(app, webRouter, privateApiRouter, publicApiRouter)
if app.get('env') == 'production' if app.get('env') == 'production'
logger.info "Production Enviroment" logger.info "Production Enviroment"
@ -143,7 +144,7 @@ webRouter.use (req, res, next) ->
res.render("general/closed", {title:"maintenance"}) res.render("general/closed", {title:"maintenance"})
profiler = require "v8-profiler" profiler = require "v8-profiler"
apiRouter.get "/profile", (req, res) -> privateApiRouter.get "/profile", (req, res) ->
time = parseInt(req.query.time || "1000") time = parseInt(req.query.time || "1000")
profiler.startProfiling("test") profiler.startProfiling("test")
setTimeout () -> setTimeout () ->
@ -165,16 +166,18 @@ notDefined = (x) -> !x?
enableApiRouter = Settings.web?.enableApiRouter enableApiRouter = Settings.web?.enableApiRouter
if enableApiRouter or notDefined(enableApiRouter) if enableApiRouter or notDefined(enableApiRouter)
logger.info("providing api router"); logger.info("providing api router");
app.use(apiRouter) app.use(privateApiRouter)
app.use(ErrorController.handleApiError) app.use(ErrorController.handleApiError)
enableWebRouter = Settings.web?.enableWebRouter enableWebRouter = Settings.web?.enableWebRouter
if enableWebRouter or notDefined(enableWebRouter) if enableWebRouter or notDefined(enableWebRouter)
logger.info("providing web router"); logger.info("providing web router");
app.use(publicApiRouter) # public API goes with web router for public access
app.use(ErrorController.handleApiError)
app.use(webRouter) app.use(webRouter)
app.use(ErrorController.handleError) app.use(ErrorController.handleError)
router = new Router(webRouter, apiRouter) router = new Router(webRouter, privateApiRouter, publicApiRouter)
module.exports = module.exports =
app: app app: app

View file

@ -49,7 +49,7 @@ logger = require("logger-sharelatex")
_ = require("underscore") _ = require("underscore")
module.exports = class Router module.exports = class Router
constructor: (webRouter, apiRouter)-> constructor: (webRouter, privateApiRouter, publicApiRouter)->
if !Settings.allowPublicAccess if !Settings.allowPublicAccess
webRouter.all '*', AuthenticationController.requireGlobalLogin webRouter.all '*', AuthenticationController.requireGlobalLogin
@ -67,17 +67,17 @@ module.exports = class Router
AuthenticationController.addEndpointToLoginWhitelist '/register' AuthenticationController.addEndpointToLoginWhitelist '/register'
EditorRouter.apply(webRouter, apiRouter) EditorRouter.apply(webRouter, privateApiRouter)
CollaboratorsRouter.apply(webRouter, apiRouter) CollaboratorsRouter.apply(webRouter, privateApiRouter)
SubscriptionRouter.apply(webRouter, apiRouter) SubscriptionRouter.apply(webRouter, privateApiRouter)
UploadsRouter.apply(webRouter, apiRouter) UploadsRouter.apply(webRouter, privateApiRouter)
PasswordResetRouter.apply(webRouter, apiRouter) PasswordResetRouter.apply(webRouter, privateApiRouter)
StaticPagesRouter.apply(webRouter, apiRouter) StaticPagesRouter.apply(webRouter, privateApiRouter)
RealTimeProxyRouter.apply(webRouter, apiRouter) RealTimeProxyRouter.apply(webRouter, privateApiRouter)
ContactRouter.apply(webRouter, apiRouter) ContactRouter.apply(webRouter, privateApiRouter)
AnalyticsRouter.apply(webRouter, apiRouter) AnalyticsRouter.apply(webRouter, privateApiRouter)
Modules.applyRouter(webRouter, apiRouter) Modules.applyRouter(webRouter, privateApiRouter, publicApiRouter)
if Settings.enableSubscriptions if Settings.enableSubscriptions
@ -106,7 +106,7 @@ module.exports = class Router
webRouter.post '/user/delete', AuthenticationController.requireLogin(), UserController.tryDeleteUser webRouter.post '/user/delete', AuthenticationController.requireLogin(), UserController.tryDeleteUser
webRouter.get '/user/personal_info', AuthenticationController.requireLogin(), UserInfoController.getLoggedInUsersPersonalInfo webRouter.get '/user/personal_info', AuthenticationController.requireLogin(), UserInfoController.getLoggedInUsersPersonalInfo
apiRouter.get '/user/:user_id/personal_info', AuthenticationController.httpAuth, UserInfoController.getPersonalInfo privateApiRouter.get '/user/:user_id/personal_info', AuthenticationController.httpAuth, UserInfoController.getPersonalInfo
webRouter.get '/project', AuthenticationController.requireLogin(), ProjectController.projectListPage webRouter.get '/project', AuthenticationController.requireLogin(), ProjectController.projectListPage
webRouter.post '/project/new', AuthenticationController.requireLogin(), ProjectController.newProject webRouter.post '/project/new', AuthenticationController.requireLogin(), ProjectController.newProject
@ -211,15 +211,15 @@ module.exports = class Router
# Deprecated in favour of /internal/project/:project_id but still used by versioning # Deprecated in favour of /internal/project/:project_id but still used by versioning
apiRouter.get '/project/:project_id/details', AuthenticationController.httpAuth, ProjectApiController.getProjectDetails privateApiRouter.get '/project/:project_id/details', AuthenticationController.httpAuth, ProjectApiController.getProjectDetails
# New 'stable' /internal API end points # New 'stable' /internal API end points
apiRouter.get '/internal/project/:project_id', AuthenticationController.httpAuth, ProjectApiController.getProjectDetails privateApiRouter.get '/internal/project/:project_id', AuthenticationController.httpAuth, ProjectApiController.getProjectDetails
apiRouter.get '/internal/project/:Project_id/zip', AuthenticationController.httpAuth, ProjectDownloadsController.downloadProject privateApiRouter.get '/internal/project/:Project_id/zip', AuthenticationController.httpAuth, ProjectDownloadsController.downloadProject
apiRouter.get '/internal/project/:project_id/compile/pdf', AuthenticationController.httpAuth, CompileController.compileAndDownloadPdf privateApiRouter.get '/internal/project/:project_id/compile/pdf', AuthenticationController.httpAuth, CompileController.compileAndDownloadPdf
apiRouter.post '/internal/deactivateOldProjects', AuthenticationController.httpAuth, InactiveProjectController.deactivateOldProjects privateApiRouter.post '/internal/deactivateOldProjects', AuthenticationController.httpAuth, InactiveProjectController.deactivateOldProjects
apiRouter.post '/internal/project/:project_id/deactivate', AuthenticationController.httpAuth, InactiveProjectController.deactivateProject privateApiRouter.post '/internal/project/:project_id/deactivate', AuthenticationController.httpAuth, InactiveProjectController.deactivateProject
webRouter.get /^\/internal\/project\/([^\/]*)\/output\/(.*)$/, webRouter.get /^\/internal\/project\/([^\/]*)\/output\/(.*)$/,
((req, res, next) -> ((req, res, next) ->
@ -230,14 +230,14 @@ module.exports = class Router
next() next()
), AuthenticationController.httpAuth, CompileController.getFileFromClsi ), AuthenticationController.httpAuth, CompileController.getFileFromClsi
apiRouter.get '/project/:Project_id/doc/:doc_id', AuthenticationController.httpAuth, DocumentController.getDocument privateApiRouter.get '/project/:Project_id/doc/:doc_id', AuthenticationController.httpAuth, DocumentController.getDocument
apiRouter.post '/project/:Project_id/doc/:doc_id', AuthenticationController.httpAuth, DocumentController.setDocument privateApiRouter.post '/project/:Project_id/doc/:doc_id', AuthenticationController.httpAuth, DocumentController.setDocument
apiRouter.post '/user/:user_id/update/*', AuthenticationController.httpAuth, TpdsController.mergeUpdate privateApiRouter.post '/user/:user_id/update/*', AuthenticationController.httpAuth, TpdsController.mergeUpdate
apiRouter.delete '/user/:user_id/update/*', AuthenticationController.httpAuth, TpdsController.deleteUpdate privateApiRouter.delete '/user/:user_id/update/*', AuthenticationController.httpAuth, TpdsController.deleteUpdate
apiRouter.post '/project/:project_id/contents/*', AuthenticationController.httpAuth, TpdsController.updateProjectContents privateApiRouter.post '/project/:project_id/contents/*', AuthenticationController.httpAuth, TpdsController.updateProjectContents
apiRouter.delete '/project/:project_id/contents/*', AuthenticationController.httpAuth, TpdsController.deleteProjectContents privateApiRouter.delete '/project/:project_id/contents/*', AuthenticationController.httpAuth, TpdsController.deleteProjectContents
webRouter.post "/spelling/check", AuthenticationController.requireLogin(), SpellingController.proxyRequestToSpellingApi webRouter.post "/spelling/check", AuthenticationController.requireLogin(), SpellingController.proxyRequestToSpellingApi
webRouter.post "/spelling/learn", AuthenticationController.requireLogin(), SpellingController.proxyRequestToSpellingApi webRouter.post "/spelling/learn", AuthenticationController.requireLogin(), SpellingController.proxyRequestToSpellingApi
@ -268,22 +268,22 @@ module.exports = class Router
webRouter.post '/admin/messages', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.createMessage webRouter.post '/admin/messages', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.createMessage
webRouter.post '/admin/messages/clear', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.clearMessages webRouter.post '/admin/messages/clear', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.clearMessages
apiRouter.get '/perfTest', (req,res)-> privateApiRouter.get '/perfTest', (req,res)->
res.send("hello") res.send("hello")
webRouter.get '/status', (req,res)-> publicApiRouter.get '/status', (req,res)->
res.send("web sharelatex is alive (web)") res.send("web sharelatex is alive (web)")
apiRouter.get '/status', (req,res)-> privateApiRouter.get '/status', (req,res)->
res.send("web sharelatex is alive (api)") res.send("web sharelatex is alive (api)")
webRouter.get '/dev/csrf', (req, res) -> webRouter.get '/dev/csrf', (req, res) ->
res.send res.locals.csrfToken res.send res.locals.csrfToken
webRouter.get '/health_check', HealthCheckController.check publicApiRouter.get '/health_check', HealthCheckController.check
apiRouter.get '/health_check', HealthCheckController.check privateApiRouter.get '/health_check', HealthCheckController.check
webRouter.get '/health_check/redis', HealthCheckController.checkRedis publicApiRouter.get '/health_check/redis', HealthCheckController.checkRedis
apiRouter.get '/health_check/redis', HealthCheckController.checkRedis privateApiRouter.get '/health_check/redis', HealthCheckController.checkRedis
webRouter.get "/status/compiler/:Project_id", AuthorizationMiddlewear.ensureUserCanReadProject, (req, res) -> webRouter.get "/status/compiler/:Project_id", AuthorizationMiddlewear.ensureUserCanReadProject, (req, res) ->
project_id = req.params.Project_id project_id = req.params.Project_id
@ -321,7 +321,7 @@ module.exports = class Router
require("./models/Project").Project.findOne {}, () -> require("./models/Project").Project.findOne {}, () ->
throw new Error("Test error") throw new Error("Test error")
apiRouter.get '/opps-small', (req, res, next)-> privateApiRouter.get '/opps-small', (req, res, next)->
logger.err "test error occured" logger.err "test error occured"
res.send() res.send()