mirror of
https://github.com/overleaf/overleaf.git
synced 2025-01-18 10:42:15 +00:00
5df4556e9c
This ensures that when the user logs in they will be redirected back to this token, the page they wanted to access in the first place.
107 lines
4.8 KiB
CoffeeScript
107 lines
4.8 KiB
CoffeeScript
ProjectController = require "../Project/ProjectController"
|
|
AuthenticationController = require '../Authentication/AuthenticationController'
|
|
TokenAccessHandler = require './TokenAccessHandler'
|
|
Errors = require '../Errors/Errors'
|
|
logger = require 'logger-sharelatex'
|
|
|
|
module.exports = TokenAccessController =
|
|
|
|
_loadEditor: (projectId, req, res, next) ->
|
|
req.params.Project_id = projectId.toString()
|
|
return ProjectController.loadEditor(req, res, next)
|
|
|
|
_tryHigherAccess: (token, userId, req, res, next) ->
|
|
TokenAccessHandler.findProjectWithHigherAccess token, userId, (err, project) ->
|
|
if err?
|
|
logger.err {err, token, userId},
|
|
"[TokenAccess] error finding project with higher access"
|
|
return next(err)
|
|
if !project?
|
|
logger.log {token, userId},
|
|
"[TokenAccess] no project with higher access found for this user and token"
|
|
return next(new Errors.NotFoundError())
|
|
logger.log {token, userId, projectId: project._id},
|
|
"[TokenAccess] user has higher access to project, redirecting"
|
|
res.redirect(302, "/project/#{project._id}")
|
|
|
|
readAndWriteToken: (req, res, next) ->
|
|
userId = AuthenticationController.getLoggedInUserId(req)
|
|
token = req.params['read_and_write_token']
|
|
logger.log {userId, token}, "[TokenAccess] requesting read-and-write token access"
|
|
TokenAccessHandler.findProjectWithReadAndWriteToken token, (err, project) ->
|
|
if err?
|
|
logger.err {err, token, userId},
|
|
"[TokenAccess] error getting project by readAndWrite token"
|
|
return next(err)
|
|
if !project?
|
|
logger.log {token, userId},
|
|
"[TokenAccess] no token-based project found for readAndWrite token"
|
|
if !userId?
|
|
logger.log {token},
|
|
"[TokenAccess] No project found with read-write token, anonymous user, deny"
|
|
return next(new Errors.NotFoundError())
|
|
TokenAccessController._tryHigherAccess(token, userId, req, res, next)
|
|
else
|
|
if !userId?
|
|
if TokenAccessHandler.ANONYMOUS_READ_AND_WRITE_ENABLED
|
|
logger.log {token, projectId: project._id},
|
|
"[TokenAccess] allow anonymous read-and-write token access"
|
|
TokenAccessHandler.grantSessionTokenAccess(req, project._id, token)
|
|
req._anonymousAccessToken = token
|
|
return TokenAccessController._loadEditor(project._id, req, res, next)
|
|
else
|
|
logger.log {token, projectId: project._id},
|
|
"[TokenAccess] deny anonymous read-and-write token access"
|
|
AuthenticationController._setRedirectInSession(req)
|
|
return res.redirect('/restricted')
|
|
if project.owner_ref.toString() == userId
|
|
logger.log {userId, projectId: project._id},
|
|
"[TokenAccess] user is already project owner"
|
|
return TokenAccessController._loadEditor(project._id, req, res, next)
|
|
logger.log {userId, projectId: project._id},
|
|
"[TokenAccess] adding user to project with readAndWrite token"
|
|
TokenAccessHandler.addReadAndWriteUserToProject userId, project._id, (err) ->
|
|
if err?
|
|
logger.err {err, token, userId, projectId: project._id},
|
|
"[TokenAccess] error adding user to project with readAndWrite token"
|
|
return next(err)
|
|
return TokenAccessController._loadEditor(project._id, req, res, next)
|
|
|
|
readOnlyToken: (req, res, next) ->
|
|
userId = AuthenticationController.getLoggedInUserId(req)
|
|
token = req.params['read_only_token']
|
|
logger.log {userId, token}, "[TokenAccess] requesting read-only token access"
|
|
TokenAccessHandler.findProjectWithReadOnlyToken token, (err, project) ->
|
|
if err?
|
|
logger.err {err, token, userId},
|
|
"[TokenAccess] error getting project by readOnly token"
|
|
return next(err)
|
|
if !project?
|
|
logger.log {token, userId},
|
|
"[TokenAccess] no project found for readOnly token"
|
|
if !userId?
|
|
logger.log {token},
|
|
"[TokenAccess] No project found with readOnly token, anonymous user, deny"
|
|
return next(new Errors.NotFoundError())
|
|
TokenAccessController._tryHigherAccess(token, userId, req, res, next)
|
|
else
|
|
if !userId?
|
|
logger.log {userId, projectId: project._id},
|
|
"[TokenAccess] adding anonymous user to project with readOnly token"
|
|
TokenAccessHandler.grantSessionTokenAccess(req, project._id, token)
|
|
req._anonymousAccessToken = token
|
|
return TokenAccessController._loadEditor(project._id, req, res, next)
|
|
else
|
|
if project.owner_ref.toString() == userId
|
|
logger.log {userId, projectId: project._id},
|
|
"[TokenAccess] user is already project owner"
|
|
return TokenAccessController._loadEditor(project._id, req, res, next)
|
|
logger.log {userId, projectId: project._id},
|
|
"[TokenAccess] adding user to project with readOnly token"
|
|
TokenAccessHandler.addReadOnlyUserToProject userId, project._id, (err) ->
|
|
if err?
|
|
logger.err {err, token, userId, projectId: project._id},
|
|
"[TokenAccess] error adding user to project with readAndWrite token"
|
|
return next(err)
|
|
return TokenAccessController._loadEditor(project._id, req, res, next)
|
|
|