rpdata
/
frontend
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
The frontend/UI server, written in JS using the MarkoJS library
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
151 Commits
4 Branches
35 Tags
7.4 MiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
frontend/middleware/locals.js

73 lines
1.8 KiB
Raw Permalink Normal View History

data, logs, logs-content, story, story-content: Added permission check in UI to hide disallowed actions.
6 years ago
Initial Commit
6 years ago
story: Added view of own unlisted stories.
6 years ago
Initial Commit
6 years ago
story-content: Added remove story modal, added annotations
6 years ago
Initial Commit
6 years ago
story: Added view of own unlisted stories.
6 years ago
data, logs, logs-content, story, story-content: Added permission check in UI to hide disallowed actions.
6 years ago
story-content: Added remove story modal, added annotations
6 years ago
story-content: Added edit story modal, added toggle component.
6 years ago
story-content: Added remove story modal, added annotations
6 years ago
Initial Commit
6 years ago
Fixed locals middleware doing an auth check for assets, scripts and other static content.
5 years ago
Initial Commit
6 years ago
data, logs, logs-content, story, story-content: Added permission check in UI to hide disallowed actions.
6 years ago
Initial Commit
6 years ago
  1. const config = require("../config")
  3. module.exports = (req, res, next) => {
  4. if (res.marko) {
  5. res.markoAsync = async(template, input) => {
  6. const locals = Object.assign({}, (res.locals || {}), input)
  8. try {
  9. for (const key in locals) {
  10. const value = locals[key]
  11. if (value instanceof Promise) {
  12. locals[key] = await value
  13. }
  14. }
  16. if (locals.user.permissions != null) {
  17. locals.user.permissions = await locals.user.permissions
  18. }
  19. } catch(err) {
  20. if (JSON.stringify(err) === "{}") {
  21. return next(err)
  22. }
  24. return res.status(404).json(err)
  25. }
  27. return res.marko(template, locals)
  28. }
  29. }
  31. if (["/static/", "/hax/", "/assets/"].find(p => req.path.startsWith(p)) == null) {
  32. if (req.user) {
  33. res.locals.user = {
  34. loggedIn: true,
  35. name: req.user._json.name,
  36. permissions: getPermissions(req.user._json.name),
  37. }
  38. } else {
  39. res.locals.user = {
  40. loggedIn: false,
  41. }
  42. }
  43. }
  45. next()
  46. }
  48. function getPermissions(user) {
  49. return fetch(config.graphqlEndpoint, {
  50. method: "POST",
  51. headers: {
  52. "Content-Type": "application/json",
  53. "Authorization": `Bearer ${generateToken(user, ["member"])}`,
  54. },
  55. body: '{"query":"query { token { user { permissions } } }", "variables": {}}',
  56. credentials: "include",
  57. }).then(res => {
  58. return res.json()
  59. }).then(json => {
  60. return json.data.token.user.permissions
  61. }).catch(err => {
  62. console.error(err)
  63. return []
  64. })
  65. }
  67. const jwt = require("jsonwebtoken")
  68. /**
  69. * @param {string} user
  70. * @param {string[]} permissions
  71. */
  72. function generateToken(user, permissions) {
  73. return jwt.sign({user, permissions, exp: Math.floor((Date.now() / 1000) + 1200)}, config.backend.secret, {header: {kid: config.backend.kid}})
  74. }