Pass anonymous-read token along as header to web-api

This commit is contained in:
Shane Kilkelly 2017-09-26 14:21:41 +01:00
parent db824d9730
commit d4c735c3ea
5 changed files with 17 additions and 7 deletions

View file

@ -67,6 +67,9 @@ module.exports = Router =
user = {_id: "anonymous-user"}
client.on "joinProject", (data = {}, callback) ->
anonToken = session?.anonReadOnlyTokenAccess?[data.project_id]
if anonToken
user.anonToken = anonToken
WebsocketController.joinProject client, user, data.project_id, (err, args...) ->
if err?
Router._handleError callback, err, client, "joinProject", {project_id: data.project_id, user_id: user?.id}

View file

@ -3,9 +3,13 @@ settings = require "settings-sharelatex"
logger = require "logger-sharelatex"
module.exports = WebApiManager =
joinProject: (project_id, user_id, callback = (error, project, privilegeLevel) ->) ->
joinProject: (project_id, user, callback = (error, project, privilegeLevel) ->) ->
user_id = user._id
logger.log {project_id, user_id}, "sending join project request to web"
url = "#{settings.apis.web.url}/project/#{project_id}/join"
headers = {}
if user.anonToken?
headers['x-sl-anon-token'] = user.anonToken
request.post {
url: url
qs: {user_id}
@ -15,6 +19,7 @@ module.exports = WebApiManager =
sendImmediately: true
json: true
jar: false
headers: headers
}, (error, response, data) ->
return callback(error) if error?
if 200 <= response.statusCode < 300

View file

@ -17,7 +17,7 @@ module.exports = WebsocketController =
user_id = user?._id
logger.log {user_id, project_id, client_id: client.id}, "user joining project"
metrics.inc "editor.join-project"
WebApiManager.joinProject project_id, user_id, (error, project, privilegeLevel) ->
WebApiManager.joinProject project_id, user, (error, project, privilegeLevel) ->
return callback(error) if error?
if !privilegeLevel or privilegeLevel == ""

View file

@ -8,6 +8,7 @@ describe 'WebApiManager', ->
beforeEach ->
@project_id = "project-id-123"
@user_id = "user-id-123"
@user = {_id: @user_id}
@callback = sinon.stub()
@WebApiManager = SandboxedModule.require modulePath, requires:
"request": @request = {}
@ -27,7 +28,7 @@ describe 'WebApiManager', ->
privilegeLevel: "owner"
}
@request.post = sinon.stub().callsArgWith(1, null, {statusCode: 200}, @response)
@WebApiManager.joinProject @project_id, @user_id, @callback
@WebApiManager.joinProject @project_id, @user, @callback
it "should send a request to web to join the project", ->
@request.post
@ -41,6 +42,7 @@ describe 'WebApiManager', ->
sendImmediately: true
json: true
jar: false
headers: {}
})
.should.equal true

View file

@ -58,7 +58,7 @@ describe 'WebsocketController', ->
it "should load the project from web", ->
@WebApiManager.joinProject
.calledWith(@project_id, @user._id)
.calledWith(@project_id, @user)
.should.equal true
it "should join the project room", ->