mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-30 09:35:24 -05:00
Merge pull request #541 from sharelatex/bg-add-public-api-router
add public api router
This commit is contained in:
Brian Gough
GitHub
commit
6c1efec564
4 changed files with 49 additions and 45 deletions
|
|
@ -66,7 +66,7 @@ logger.log "Finished generating file fingerprints"
|
||||||
cdnAvailable = Settings.cdn?.web?.host?
|
cdnAvailable = Settings.cdn?.web?.host?
|
||||||
darkCdnAvailable = Settings.cdn?.web?.darkHost?
|
darkCdnAvailable = Settings.cdn?.web?.darkHost?
|
||||||
|
|
||||||
module.exports = (app, webRouter, apiRouter)->
|
module.exports = (app, webRouter, privateApiRouter, publicApiRouter)->
|
||||||
webRouter.use (req, res, next)->
|
webRouter.use (req, res, next)->
|
||||||
res.locals.session = req.session
|
res.locals.session = req.session
|
||||||
next()
|
next()
|
||||||
|
|
@ -82,7 +82,8 @@ module.exports = (app, webRouter, apiRouter)->
|
||||||
)
|
)
|
||||||
next()
|
next()
|
||||||
webRouter.use addSetContentDisposition
|
webRouter.use addSetContentDisposition
|
||||||
apiRouter.use addSetContentDisposition
|
privateApiRouter.use addSetContentDisposition
|
||||||
|
publicApiRouter.use addSetContentDisposition
|
||||||
|
|
||||||
webRouter.use (req, res, next)->
|
webRouter.use (req, res, next)->
|
||||||
req.externalAuthenticationSystemUsed = res.locals.externalAuthenticationSystemUsed = ->
|
req.externalAuthenticationSystemUsed = res.locals.externalAuthenticationSystemUsed = ->
|
||||||
|
|
|
||||||
|
|
@ -15,14 +15,14 @@ module.exports = Modules =
|
||||||
@modules.push loadedModule
|
@modules.push loadedModule
|
||||||
Modules.attachHooks()
|
Modules.attachHooks()
|
||||||
|
|
||||||
applyRouter: (webRouter, apiRouter) ->
|
applyRouter: (webRouter, privateApiRouter, publicApiRouter) ->
|
||||||
for module in @modules
|
for module in @modules
|
||||||
module.router?.apply?(webRouter, apiRouter)
|
module.router?.apply?(webRouter, privateApiRouter, publicApiRouter)
|
||||||
|
|
||||||
applyNonCsrfRouter: (webRouter, apiRouter) ->
|
applyNonCsrfRouter: (webRouter, privateApiRouter, publicApiRouter) ->
|
||||||
for module in @modules
|
for module in @modules
|
||||||
module.nonCsrfRouter?.apply(webRouter, apiRouter)
|
module.nonCsrfRouter?.apply(webRouter, privateApiRouter, publicApiRouter)
|
||||||
module.router?.applyNonCsrfRouter?(webRouter, apiRouter)
|
module.router?.applyNonCsrfRouter?(webRouter, privateApiRouter, publicApiRouter)
|
||||||
|
|
||||||
viewIncludes: {}
|
viewIncludes: {}
|
||||||
loadViewIncludes: (app) ->
|
loadViewIncludes: (app) ->
|
||||||
|
|
|
||||||
|
|
@ -52,7 +52,8 @@ else
|
||||||
app = express()
|
app = express()
|
||||||
|
|
||||||
webRouter = express.Router()
|
webRouter = express.Router()
|
||||||
apiRouter = express.Router()
|
privateApiRouter = express.Router()
|
||||||
|
publicApiRouter = express.Router()
|
||||||
|
|
||||||
if Settings.behindProxy
|
if Settings.behindProxy
|
||||||
app.enable('trust proxy')
|
app.enable('trust proxy')
|
||||||
|
|
@ -108,7 +109,7 @@ Modules.hooks.fire 'passportSetup', passport, (err) ->
|
||||||
if err?
|
if err?
|
||||||
logger.err {err}, "error setting up passport in modules"
|
logger.err {err}, "error setting up passport in modules"
|
||||||
|
|
||||||
Modules.applyNonCsrfRouter(webRouter, apiRouter)
|
Modules.applyNonCsrfRouter(webRouter, privateApiRouter, publicApiRouter)
|
||||||
|
|
||||||
webRouter.use csrfProtection
|
webRouter.use csrfProtection
|
||||||
webRouter.use translations.expressMiddlewear
|
webRouter.use translations.expressMiddlewear
|
||||||
|
|
@ -122,7 +123,7 @@ webRouter.use (req, res, next) ->
|
||||||
next()
|
next()
|
||||||
|
|
||||||
webRouter.use ReferalConnect.use
|
webRouter.use ReferalConnect.use
|
||||||
expressLocals(app, webRouter, apiRouter)
|
expressLocals(app, webRouter, privateApiRouter, publicApiRouter)
|
||||||
|
|
||||||
if app.get('env') == 'production'
|
if app.get('env') == 'production'
|
||||||
logger.info "Production Enviroment"
|
logger.info "Production Enviroment"
|
||||||
|
|
@ -143,7 +144,7 @@ webRouter.use (req, res, next) ->
|
||||||
res.render("general/closed", {title:"maintenance"})
|
res.render("general/closed", {title:"maintenance"})
|
||||||
|
|
||||||
profiler = require "v8-profiler"
|
profiler = require "v8-profiler"
|
||||||
apiRouter.get "/profile", (req, res) ->
|
privateApiRouter.get "/profile", (req, res) ->
|
||||||
time = parseInt(req.query.time || "1000")
|
time = parseInt(req.query.time || "1000")
|
||||||
profiler.startProfiling("test")
|
profiler.startProfiling("test")
|
||||||
setTimeout () ->
|
setTimeout () ->
|
||||||
|
|
@ -165,16 +166,18 @@ notDefined = (x) -> !x?
|
||||||
enableApiRouter = Settings.web?.enableApiRouter
|
enableApiRouter = Settings.web?.enableApiRouter
|
||||||
if enableApiRouter or notDefined(enableApiRouter)
|
if enableApiRouter or notDefined(enableApiRouter)
|
||||||
logger.info("providing api router");
|
logger.info("providing api router");
|
||||||
app.use(apiRouter)
|
app.use(privateApiRouter)
|
||||||
app.use(ErrorController.handleApiError)
|
app.use(ErrorController.handleApiError)
|
||||||
|
|
||||||
enableWebRouter = Settings.web?.enableWebRouter
|
enableWebRouter = Settings.web?.enableWebRouter
|
||||||
if enableWebRouter or notDefined(enableWebRouter)
|
if enableWebRouter or notDefined(enableWebRouter)
|
||||||
logger.info("providing web router");
|
logger.info("providing web router");
|
||||||
|
app.use(publicApiRouter) # public API goes with web router for public access
|
||||||
|
app.use(ErrorController.handleApiError)
|
||||||
app.use(webRouter)
|
app.use(webRouter)
|
||||||
app.use(ErrorController.handleError)
|
app.use(ErrorController.handleError)
|
||||||
|
|
||||||
router = new Router(webRouter, apiRouter)
|
router = new Router(webRouter, privateApiRouter, publicApiRouter)
|
||||||
|
|
||||||
module.exports =
|
module.exports =
|
||||||
app: app
|
app: app
|
||||||
|
|
|
||||||
|
|
@ -49,7 +49,7 @@ logger = require("logger-sharelatex")
|
||||||
_ = require("underscore")
|
_ = require("underscore")
|
||||||
|
|
||||||
module.exports = class Router
|
module.exports = class Router
|
||||||
constructor: (webRouter, apiRouter)->
|
constructor: (webRouter, privateApiRouter, publicApiRouter)->
|
||||||
if !Settings.allowPublicAccess
|
if !Settings.allowPublicAccess
|
||||||
webRouter.all '*', AuthenticationController.requireGlobalLogin
|
webRouter.all '*', AuthenticationController.requireGlobalLogin
|
||||||
|
|
||||||
|
|
@ -67,17 +67,17 @@ module.exports = class Router
|
||||||
AuthenticationController.addEndpointToLoginWhitelist '/register'
|
AuthenticationController.addEndpointToLoginWhitelist '/register'
|
||||||
|
|
||||||
|
|
||||||
EditorRouter.apply(webRouter, apiRouter)
|
EditorRouter.apply(webRouter, privateApiRouter)
|
||||||
CollaboratorsRouter.apply(webRouter, apiRouter)
|
CollaboratorsRouter.apply(webRouter, privateApiRouter)
|
||||||
SubscriptionRouter.apply(webRouter, apiRouter)
|
SubscriptionRouter.apply(webRouter, privateApiRouter)
|
||||||
UploadsRouter.apply(webRouter, apiRouter)
|
UploadsRouter.apply(webRouter, privateApiRouter)
|
||||||
PasswordResetRouter.apply(webRouter, apiRouter)
|
PasswordResetRouter.apply(webRouter, privateApiRouter)
|
||||||
StaticPagesRouter.apply(webRouter, apiRouter)
|
StaticPagesRouter.apply(webRouter, privateApiRouter)
|
||||||
RealTimeProxyRouter.apply(webRouter, apiRouter)
|
RealTimeProxyRouter.apply(webRouter, privateApiRouter)
|
||||||
ContactRouter.apply(webRouter, apiRouter)
|
ContactRouter.apply(webRouter, privateApiRouter)
|
||||||
AnalyticsRouter.apply(webRouter, apiRouter)
|
AnalyticsRouter.apply(webRouter, privateApiRouter)
|
||||||
|
|
||||||
Modules.applyRouter(webRouter, apiRouter)
|
Modules.applyRouter(webRouter, privateApiRouter, publicApiRouter)
|
||||||
|
|
||||||
|
|
||||||
if Settings.enableSubscriptions
|
if Settings.enableSubscriptions
|
||||||
|
|
@ -106,7 +106,7 @@ module.exports = class Router
|
||||||
webRouter.post '/user/delete', AuthenticationController.requireLogin(), UserController.tryDeleteUser
|
webRouter.post '/user/delete', AuthenticationController.requireLogin(), UserController.tryDeleteUser
|
||||||
|
|
||||||
webRouter.get '/user/personal_info', AuthenticationController.requireLogin(), UserInfoController.getLoggedInUsersPersonalInfo
|
webRouter.get '/user/personal_info', AuthenticationController.requireLogin(), UserInfoController.getLoggedInUsersPersonalInfo
|
||||||
apiRouter.get '/user/:user_id/personal_info', AuthenticationController.httpAuth, UserInfoController.getPersonalInfo
|
privateApiRouter.get '/user/:user_id/personal_info', AuthenticationController.httpAuth, UserInfoController.getPersonalInfo
|
||||||
|
|
||||||
webRouter.get '/project', AuthenticationController.requireLogin(), ProjectController.projectListPage
|
webRouter.get '/project', AuthenticationController.requireLogin(), ProjectController.projectListPage
|
||||||
webRouter.post '/project/new', AuthenticationController.requireLogin(), ProjectController.newProject
|
webRouter.post '/project/new', AuthenticationController.requireLogin(), ProjectController.newProject
|
||||||
|
|
@ -211,15 +211,15 @@ module.exports = class Router
|
||||||
|
|
||||||
|
|
||||||
# Deprecated in favour of /internal/project/:project_id but still used by versioning
|
# Deprecated in favour of /internal/project/:project_id but still used by versioning
|
||||||
apiRouter.get '/project/:project_id/details', AuthenticationController.httpAuth, ProjectApiController.getProjectDetails
|
privateApiRouter.get '/project/:project_id/details', AuthenticationController.httpAuth, ProjectApiController.getProjectDetails
|
||||||
|
|
||||||
# New 'stable' /internal API end points
|
# New 'stable' /internal API end points
|
||||||
apiRouter.get '/internal/project/:project_id', AuthenticationController.httpAuth, ProjectApiController.getProjectDetails
|
privateApiRouter.get '/internal/project/:project_id', AuthenticationController.httpAuth, ProjectApiController.getProjectDetails
|
||||||
apiRouter.get '/internal/project/:Project_id/zip', AuthenticationController.httpAuth, ProjectDownloadsController.downloadProject
|
privateApiRouter.get '/internal/project/:Project_id/zip', AuthenticationController.httpAuth, ProjectDownloadsController.downloadProject
|
||||||
apiRouter.get '/internal/project/:project_id/compile/pdf', AuthenticationController.httpAuth, CompileController.compileAndDownloadPdf
|
privateApiRouter.get '/internal/project/:project_id/compile/pdf', AuthenticationController.httpAuth, CompileController.compileAndDownloadPdf
|
||||||
|
|
||||||
apiRouter.post '/internal/deactivateOldProjects', AuthenticationController.httpAuth, InactiveProjectController.deactivateOldProjects
|
privateApiRouter.post '/internal/deactivateOldProjects', AuthenticationController.httpAuth, InactiveProjectController.deactivateOldProjects
|
||||||
apiRouter.post '/internal/project/:project_id/deactivate', AuthenticationController.httpAuth, InactiveProjectController.deactivateProject
|
privateApiRouter.post '/internal/project/:project_id/deactivate', AuthenticationController.httpAuth, InactiveProjectController.deactivateProject
|
||||||
|
|
||||||
webRouter.get /^\/internal\/project\/([^\/]*)\/output\/(.*)$/,
|
webRouter.get /^\/internal\/project\/([^\/]*)\/output\/(.*)$/,
|
||||||
((req, res, next) ->
|
((req, res, next) ->
|
||||||
|
|
@ -230,14 +230,14 @@ module.exports = class Router
|
||||||
next()
|
next()
|
||||||
), AuthenticationController.httpAuth, CompileController.getFileFromClsi
|
), AuthenticationController.httpAuth, CompileController.getFileFromClsi
|
||||||
|
|
||||||
apiRouter.get '/project/:Project_id/doc/:doc_id', AuthenticationController.httpAuth, DocumentController.getDocument
|
privateApiRouter.get '/project/:Project_id/doc/:doc_id', AuthenticationController.httpAuth, DocumentController.getDocument
|
||||||
apiRouter.post '/project/:Project_id/doc/:doc_id', AuthenticationController.httpAuth, DocumentController.setDocument
|
privateApiRouter.post '/project/:Project_id/doc/:doc_id', AuthenticationController.httpAuth, DocumentController.setDocument
|
||||||
|
|
||||||
apiRouter.post '/user/:user_id/update/*', AuthenticationController.httpAuth, TpdsController.mergeUpdate
|
privateApiRouter.post '/user/:user_id/update/*', AuthenticationController.httpAuth, TpdsController.mergeUpdate
|
||||||
apiRouter.delete '/user/:user_id/update/*', AuthenticationController.httpAuth, TpdsController.deleteUpdate
|
privateApiRouter.delete '/user/:user_id/update/*', AuthenticationController.httpAuth, TpdsController.deleteUpdate
|
||||||
|
|
||||||
apiRouter.post '/project/:project_id/contents/*', AuthenticationController.httpAuth, TpdsController.updateProjectContents
|
privateApiRouter.post '/project/:project_id/contents/*', AuthenticationController.httpAuth, TpdsController.updateProjectContents
|
||||||
apiRouter.delete '/project/:project_id/contents/*', AuthenticationController.httpAuth, TpdsController.deleteProjectContents
|
privateApiRouter.delete '/project/:project_id/contents/*', AuthenticationController.httpAuth, TpdsController.deleteProjectContents
|
||||||
|
|
||||||
webRouter.post "/spelling/check", AuthenticationController.requireLogin(), SpellingController.proxyRequestToSpellingApi
|
webRouter.post "/spelling/check", AuthenticationController.requireLogin(), SpellingController.proxyRequestToSpellingApi
|
||||||
webRouter.post "/spelling/learn", AuthenticationController.requireLogin(), SpellingController.proxyRequestToSpellingApi
|
webRouter.post "/spelling/learn", AuthenticationController.requireLogin(), SpellingController.proxyRequestToSpellingApi
|
||||||
|
|
@ -268,22 +268,22 @@ module.exports = class Router
|
||||||
webRouter.post '/admin/messages', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.createMessage
|
webRouter.post '/admin/messages', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.createMessage
|
||||||
webRouter.post '/admin/messages/clear', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.clearMessages
|
webRouter.post '/admin/messages/clear', AuthorizationMiddlewear.ensureUserIsSiteAdmin, AdminController.clearMessages
|
||||||
|
|
||||||
apiRouter.get '/perfTest', (req,res)->
|
privateApiRouter.get '/perfTest', (req,res)->
|
||||||
res.send("hello")
|
res.send("hello")
|
||||||
|
|
||||||
webRouter.get '/status', (req,res)->
|
publicApiRouter.get '/status', (req,res)->
|
||||||
res.send("web sharelatex is alive (web)")
|
res.send("web sharelatex is alive (web)")
|
||||||
apiRouter.get '/status', (req,res)->
|
privateApiRouter.get '/status', (req,res)->
|
||||||
res.send("web sharelatex is alive (api)")
|
res.send("web sharelatex is alive (api)")
|
||||||
|
|
||||||
webRouter.get '/dev/csrf', (req, res) ->
|
webRouter.get '/dev/csrf', (req, res) ->
|
||||||
res.send res.locals.csrfToken
|
res.send res.locals.csrfToken
|
||||||
|
|
||||||
webRouter.get '/health_check', HealthCheckController.check
|
publicApiRouter.get '/health_check', HealthCheckController.check
|
||||||
apiRouter.get '/health_check', HealthCheckController.check
|
privateApiRouter.get '/health_check', HealthCheckController.check
|
||||||
|
|
||||||
webRouter.get '/health_check/redis', HealthCheckController.checkRedis
|
publicApiRouter.get '/health_check/redis', HealthCheckController.checkRedis
|
||||||
apiRouter.get '/health_check/redis', HealthCheckController.checkRedis
|
privateApiRouter.get '/health_check/redis', HealthCheckController.checkRedis
|
||||||
|
|
||||||
webRouter.get "/status/compiler/:Project_id", AuthorizationMiddlewear.ensureUserCanReadProject, (req, res) ->
|
webRouter.get "/status/compiler/:Project_id", AuthorizationMiddlewear.ensureUserCanReadProject, (req, res) ->
|
||||||
project_id = req.params.Project_id
|
project_id = req.params.Project_id
|
||||||
|
|
@ -321,7 +321,7 @@ module.exports = class Router
|
||||||
require("./models/Project").Project.findOne {}, () ->
|
require("./models/Project").Project.findOne {}, () ->
|
||||||
throw new Error("Test error")
|
throw new Error("Test error")
|
||||||
|
|
||||||
apiRouter.get '/opps-small', (req, res, next)->
|
privateApiRouter.get '/opps-small', (req, res, next)->
|
||||||
logger.err "test error occured"
|
logger.err "test error occured"
|
||||||
res.send()
|
res.send()
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue