Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-12-21 16:00:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

closes #2304

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2018-01-31 15:20:17 -05:00
parent b2cb3def98
commit ac1f7eefe5
23 changed files with 106 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
install/package.json
View File

@@ -95,6 +95,7 @@
"socket.io-redis": "5.2.0", "socket.io-redis": "5.2.0",
"socketio-wildcard": "2.0.0", "socketio-wildcard": "2.0.0",
"spdx-license-list": "^3.0.1", "spdx-license-list": "^3.0.1",
"spider-detector": "1.0.18",
"toobusy-js": "^0.5.1", "toobusy-js": "^0.5.1",
"uglify-js": "^3.3.4", "uglify-js": "^3.3.4",
"validator": "9.2.0", "validator": "9.2.0",

2
src/controllers/accounts/chats.js
View File

@@ -97,7 +97,7 @@ chatsController.get = function (req, res, callback) {
chatsController.redirectToChat = function (req, res, next) { chatsController.redirectToChat = function (req, res, next) {
var roomid = parseInt(req.params.roomid, 10); var roomid = parseInt(req.params.roomid, 10);
if (!req.uid) { if (!req.loggedIn) {
return next(); return next();
} }
async.waterfall([ async.waterfall([

2
src/controllers/admin/categories.js
View File

@@ -13,7 +13,7 @@ categoriesController.get = function (req, res, callback) {
async.waterfall([ async.waterfall([
function (next) { function (next) {
async.parallel({ async.parallel({
category: async.apply(categories.getCategories, [req.params.category_id], req.user.uid), category: async.apply(categories.getCategories, [req.params.category_id], req.uid),
allCategories: async.apply(categories.buildForSelect, req.uid, 'read'), allCategories: async.apply(categories.buildForSelect, req.uid, 'read'),
}, next); }, next);
}, },

2
src/controllers/admin/uploads.js
View File

@@ -253,7 +253,7 @@ function uploadImage(filename, folder, uploadedFile, req, res, next) {
async.waterfall([ async.waterfall([
function (next) { function (next) {
if (plugins.hasListeners('filter:uploadImage')) { if (plugins.hasListeners('filter:uploadImage')) {
plugins.fireHook('filter:uploadImage', { image: uploadedFile, uid: req.user.uid }, next); plugins.fireHook('filter:uploadImage', { image: uploadedFile, uid: req.uid }, next);
} else { } else {
file.saveFileToLocal(filename, folder, uploadedFile.path, next); file.saveFileToLocal(filename, folder, uploadedFile.path, next);
} }

2
src/controllers/admin/users.js
View File

@@ -191,7 +191,7 @@ usersController.getCSV = function (req, res, next) {
} }
events.log({ events.log({
type: 'getUsersCSV', type: 'getUsersCSV',
uid: req.user.uid, uid: req.uid,
ip: req.ip, ip: req.ip,
}); });
async.waterfall([ async.waterfall([

2
src/controllers/api.js
View File

@@ -78,7 +78,7 @@ apiController.loadConfig = function (req, callback) {
async.waterfall([ async.waterfall([
function (next) { function (next) {
if (!req.uid) { if (!req.loggedIn) {
return next(null, config); return next(null, config);
} }
user.getSettings(req.uid, next); user.getSettings(req.uid, next);

2
src/controllers/authentication.js
View File

@@ -417,7 +417,7 @@ authenticationController.localLogin = function (req, username, password, next) {
}; };
authenticationController.logout = function (req, res, next) { authenticationController.logout = function (req, res, next) {
if (!req.uid || !req.sessionID) { if (!req.loggedIn || !req.sessionID) {
return res.status(200).send('not-logged-in'); return res.status(200).send('not-logged-in');
} }

8
src/controllers/helpers.js
View File

@@ -24,7 +24,7 @@ helpers.noScriptErrors = function (req, res, error, httpStatus) {
middleware.buildHeader(req, res, function () { middleware.buildHeader(req, res, function () {
res.status(httpStatus).render(httpStatusString, { res.status(httpStatus).render(httpStatusString, {
path: req.path, path: req.path,
loggedIn: true, loggedIn: req.loggedIn,
error: error, error: error,
returnLink: true, returnLink: true,
title: '[[global:' + httpStatusString + '.title]]', title: '[[global:' + httpStatusString + '.title]]',
@@ -67,11 +67,11 @@ helpers.notAllowed = function (req, res, error) {
if (err) { if (err) {
return winston.error(err); return winston.error(err);
} }
if (req.uid) { if (req.loggedIn) {
if (res.locals.isAPI) { if (res.locals.isAPI) {
res.status(403).json({ res.status(403).json({
path: req.path.replace(/^\/api/, ''), path: req.path.replace(/^\/api/, ''),
loggedIn: !!req.uid, loggedIn: req.loggedIn,
error: error, error: error,
title: '[[global:403.title]]', title: '[[global:403.title]]',
}); });
@@ -79,7 +79,7 @@ helpers.notAllowed = function (req, res, error) {
middleware.buildHeader(req, res, function () { middleware.buildHeader(req, res, function () {
res.status(403).render('403', { res.status(403).render('403', {
path: req.path, path: req.path,
loggedIn: !!req.uid, loggedIn: req.loggedIn,
error: error, error: error,
title: '[[global:403.title]]', title: '[[global:403.title]]',
}); });

2
src/controllers/index.js
View File

@@ -113,7 +113,7 @@ Controllers.login = function (req, res, next) {
} }
return res.redirect(nconf.get('relative_path') + data.authentication[0].url); return res.redirect(nconf.get('relative_path') + data.authentication[0].url);
} }
if (req.uid) { if (req.loggedIn) {
user.getUserFields(req.uid, ['username', 'email'], function (err, user) { user.getUserFields(req.uid, ['username', 'email'], function (err, user) {
if (err) { if (err) {
return next(err); return next(err);

4
src/controllers/popular.js
View File

@@ -37,7 +37,7 @@ popularController.get = function (req, res, next) {
alltime: '[[global:header.popular]]', alltime: '[[global:header.popular]]',
}; };
if (!req.uid) { if (!req.loggedIn) {
if (anonCache[term] && (Date.now() - lastUpdateTime) < 60 * 60 * 1000) { if (anonCache[term] && (Date.now() - lastUpdateTime) < 60 * 60 * 1000) {
return res.render('popular', anonCache[term]); return res.render('popular', anonCache[term]);
} }
@@ -73,7 +73,7 @@ popularController.get = function (req, res, next) {
data.breadcrumbs = helpers.buildBreadcrumbs(breadcrumbs); data.breadcrumbs = helpers.buildBreadcrumbs(breadcrumbs);
} }
if (!req.uid) { if (!req.loggedIn) {
anonCache[term] = data; anonCache[term] = data;
lastUpdateTime = Date.now(); lastUpdateTime = Date.now();
} }

2
src/controllers/recent.js
View File

@@ -58,7 +58,7 @@ recentController.get = function (req, res, next) {
data.set = 'topics:recent'; data.set = 'topics:recent';
data['feeds:disableRSS'] = parseInt(meta.config['feeds:disableRSS'], 10) === 1; data['feeds:disableRSS'] = parseInt(meta.config['feeds:disableRSS'], 10) === 1;
data.rssFeedUrl = nconf.get('relative_path') + '/recent.rss'; data.rssFeedUrl = nconf.get('relative_path') + '/recent.rss';
if (req.uid) { if (req.loggedIn) {
data.rssFeedUrl += '?uid=' + req.uid + '&token=' + rssToken; data.rssFeedUrl += '?uid=' + req.uid + '&token=' + rssToken;
} }
data.title = meta.config.homePageTitle || '[[pages:home]]'; data.title = meta.config.homePageTitle || '[[pages:home]]';

7
src/controllers/search.js
View File

@@ -11,15 +11,14 @@ var categories = require('../categories');
var pagination = require('../pagination'); var pagination = require('../pagination');
var helpers = require('./helpers'); var helpers = require('./helpers');
var searchController = module.exports;
var searchController = {};
searchController.search = function (req, res, next) { searchController.search = function (req, res, next) {
if (!plugins.hasListeners('filter:search.query')) { if (!plugins.hasListeners('filter:search.query')) {
return next(); return next();
} }
if (!req.user && parseInt(meta.config.allowGuestSearching, 10) !== 1) { if (!req.loggedIn && parseInt(meta.config.allowGuestSearching, 10) !== 1) {
return helpers.notAllowed(req, res); return helpers.notAllowed(req, res);
} }
@@ -78,5 +77,3 @@ searchController.search = function (req, res, next) {
res.render('search', searchData); res.render('search', searchData);
}); });
}; };
module.exports = searchController;

2
src/controllers/top.js
View File

@@ -58,7 +58,7 @@ topController.get = function (req, res, next) {
data.set = 'topics:votes'; data.set = 'topics:votes';
data['feeds:disableRSS'] = parseInt(meta.config['feeds:disableRSS'], 10) === 1; data['feeds:disableRSS'] = parseInt(meta.config['feeds:disableRSS'], 10) === 1;
data.rssFeedUrl = nconf.get('relative_path') + '/top.rss'; data.rssFeedUrl = nconf.get('relative_path') + '/top.rss';
if (req.uid) { if (req.loggedIn) {
data.rssFeedUrl += '?uid=' + req.uid + '&token=' + rssToken; data.rssFeedUrl += '?uid=' + req.uid + '&token=' + rssToken;
} }
data.title = meta.config.homePageTitle || '[[pages:home]]'; data.title = meta.config.homePageTitle || '[[pages:home]]';

4
src/controllers/topics.js
View File

@@ -146,7 +146,7 @@ topicsController.get = function (req, res, callback) {
topicData.postDeleteDuration = parseInt(meta.config.postDeleteDuration, 10) || 0; topicData.postDeleteDuration = parseInt(meta.config.postDeleteDuration, 10) || 0;
topicData.scrollToMyPost = settings.scrollToMyPost; topicData.scrollToMyPost = settings.scrollToMyPost;
topicData.rssFeedUrl = nconf.get('relative_path') + '/topic/' + topicData.tid + '.rss'; topicData.rssFeedUrl = nconf.get('relative_path') + '/topic/' + topicData.tid + '.rss';
if (req.uid) { if (req.loggedIn) {
topicData.rssFeedUrl += '?uid=' + req.uid + '&token=' + rssToken; topicData.rssFeedUrl += '?uid=' + req.uid + '&token=' + rssToken;
} }
@@ -165,7 +165,7 @@ topicsController.get = function (req, res, callback) {
req.session.tids_viewed[tid] = Date.now(); req.session.tids_viewed[tid] = Date.now();
} }
if (req.uid) { if (req.loggedIn) {
topics.markAsRead([tid], req.uid, function (err, markedRead) { topics.markAsRead([tid], req.uid, function (err, markedRead) {
if (err) { if (err) {
return callback(err); return callback(err);

2
src/controllers/user.js
View File

@@ -9,7 +9,7 @@ var accountHelpers = require('./accounts/helpers');
var userController = module.exports; var userController = module.exports;
userController.getCurrentUser = function (req, res, next) { userController.getCurrentUser = function (req, res, next) {
if (!req.uid) { if (!req.loggedIn) {
return res.status(401).json('not-authorized'); return res.status(401).json('not-authorized');
} }
async.waterfall([ async.waterfall([

2
src/groups.js
View File

@@ -22,7 +22,7 @@ require('./groups/posts')(Groups);
require('./groups/user')(Groups); require('./groups/user')(Groups);
Groups.ephemeralGroups = ['guests']; Groups.ephemeralGroups = ['guests', 'spiders'];
Groups.getEphemeralGroup = function (groupName) { Groups.getEphemeralGroup = function (groupName) {
return { return {

2
src/middleware/header.js
View File

@@ -93,7 +93,7 @@ module.exports = function (middleware) {
reputation: 0, reputation: 0,
'email:confirmed': 0, 'email:confirmed': 0,
}; };
if (req.uid) { if (req.loggedIn) {
user.getUserFields(req.uid, Object.keys(userData), next); user.getUserFields(req.uid, Object.keys(userData), next);
} else { } else {
next(null, userData); next(null, userData);

12
src/middleware/index.js
View File

@@ -59,12 +59,12 @@ middleware.pageView = function (req, res, next) {
plugins.fireHook('action:middleware.pageView', { req: req }); plugins.fireHook('action:middleware.pageView', { req: req });
if (req.user) { if (req.loggedIn) {
user.updateLastOnlineTime(req.user.uid); user.updateLastOnlineTime(req.uid);
if (req.path.startsWith('/api/users') || req.path.startsWith('/users')) { if (req.path.startsWith('/api/users') || req.path.startsWith('/users')) {
user.updateOnlineUsers(req.user.uid, next); user.updateOnlineUsers(req.uid, next);
} else { } else {
user.updateOnlineUsers(req.user.uid); user.updateOnlineUsers(req.uid);
next(); next();
} }
} else { } else {
@@ -112,7 +112,7 @@ middleware.routeTouchIcon = function (req, res) {
}; };
middleware.privateTagListing = function (req, res, next) { middleware.privateTagListing = function (req, res, next) {
if (!req.user && parseInt(meta.config.privateTagListing, 10) === 1) { if (!req.loggedIn && parseInt(meta.config.privateTagListing, 10) === 1) {
controllers.helpers.notAllowed(req, res); controllers.helpers.notAllowed(req, res);
} else { } else {
next(); next();
@@ -143,7 +143,7 @@ function expose(exposedField, method, field, req, res, next) {
} }
middleware.privateUploads = function (req, res, next) { middleware.privateUploads = function (req, res, next) {
if (req.user || parseInt(meta.config.privateUploads, 10) !== 1) { if (req.loggedIn || parseInt(meta.config.privateUploads, 10) !== 1) {
return next(); return next();
} }
if (req.path.startsWith(nconf.get('relative_path') + '/assets/uploads/files')) { if (req.path.startsWith(nconf.get('relative_path') + '/assets/uploads/files')) {

8
src/middleware/user.js
View File

@@ -14,7 +14,7 @@ var controllers = {
module.exports = function (middleware) { module.exports = function (middleware) {
middleware.authenticate = function (req, res, next) { middleware.authenticate = function (req, res, next) {
if (req.uid) { if (req.loggedIn) {
return next(); return next();
} }
@@ -44,7 +44,7 @@ module.exports = function (middleware) {
*/ */
async.waterfall([ async.waterfall([
function (next) { function (next) {
if (!req.uid) { if (!req.loggedIn) {
return setImmediate(next, null, false); return setImmediate(next, null, false);
} }
@@ -64,7 +64,7 @@ module.exports = function (middleware) {
} }
middleware.checkGlobalPrivacySettings = function (req, res, next) { middleware.checkGlobalPrivacySettings = function (req, res, next) {
if (!req.uid && !!parseInt(meta.config.privateUserInfo, 10)) { if (!req.loggedIn && !!parseInt(meta.config.privateUserInfo, 10)) {
return middleware.authenticate(req, res, next); return middleware.authenticate(req, res, next);
} }
@@ -202,7 +202,7 @@ module.exports = function (middleware) {
}; };
middleware.requireUser = function (req, res, next) { middleware.requireUser = function (req, res, next) {
if (req.uid) { if (req.loggedIn) {
return next(); return next();
} }

21
src/privileges/helpers.js
View File

@@ -10,6 +10,11 @@ var plugins = require('../plugins');
var helpers = module.exports; var helpers = module.exports;
var uidToSystemGroup = {
0: 'guests',
'-1': 'spiders',
};
helpers.some = function (tasks, callback) { helpers.some = function (tasks, callback) {
async.some(tasks, function (task, next) { async.some(tasks, function (task, next) {
task(next); task(next);
@@ -27,8 +32,8 @@ helpers.isUserAllowedTo = function (privilege, uid, cid, callback) {
}; };
function isUserAllowedToCids(privilege, uid, cids, callback) { function isUserAllowedToCids(privilege, uid, cids, callback) {
if (parseInt(uid, 10) === 0) { if (parseInt(uid, 10) <= 0) {
return isGuestAllowedToCids(privilege, cids, callback); return isSystemGroupAllowedToCids(privilege, uid, cids, callback);
} }
var userKeys = []; var userKeys = [];
@@ -42,8 +47,8 @@ function isUserAllowedToCids(privilege, uid, cids, callback) {
} }
function isUserAllowedToPrivileges(privileges, uid, cid, callback) { function isUserAllowedToPrivileges(privileges, uid, cid, callback) {
if (parseInt(uid, 10) === 0) { if (parseInt(uid, 10) <= 0) {
return isGuestAllowedToPrivileges(privileges, cid, callback); return isSystemGroupAllowedToPrivileges(privileges, uid, cid, callback);
} }
var userKeys = []; var userKeys = [];
@@ -100,20 +105,20 @@ helpers.isUsersAllowedTo = function (privilege, uids, cid, callback) {
], callback); ], callback);
}; };
function isGuestAllowedToCids(privilege, cids, callback) { function isSystemGroupAllowedToCids(privilege, uid, cids, callback) {
var groupKeys = cids.map(function (cid) { var groupKeys = cids.map(function (cid) {
return 'cid:' + cid + ':privileges:groups:' + privilege; return 'cid:' + cid + ':privileges:groups:' + privilege;
}); });
groups.isMemberOfGroups('guests', groupKeys, callback); groups.isMemberOfGroups(uidToSystemGroup[uid], groupKeys, callback);
} }
function isGuestAllowedToPrivileges(privileges, cid, callback) { function isSystemGroupAllowedToPrivileges(privileges, uid, cid, callback) {
var groupKeys = privileges.map(function (privilege) { var groupKeys = privileges.map(function (privilege) {
return 'cid:' + cid + ':privileges:groups:' + privilege; return 'cid:' + cid + ':privileges:groups:' + privilege;
}); });
groups.isMemberOfGroups('guests', groupKeys, callback); groups.isMemberOfGroups(uidToSystemGroup[uid], groupKeys, callback);
} }
helpers.getUserPrivileges = function (cid, hookName, userPrivilegeList, callback) { helpers.getUserPrivileges = function (cid, hookName, userPrivilegeList, callback) {

10
src/routes/authentication.js
View File

@@ -20,7 +20,15 @@ Auth.initialize = function (app, middleware) {
app.use(passport.session()); app.use(passport.session());
app.use(function (req, res, next) { app.use(function (req, res, next) {
req.uid = req.user ? parseInt(req.user.uid, 10) : 0; var isSpider = req.isSpider();
req.loggedIn = !isSpider && !!req.user;
if (isSpider) {
req.uid = -1;
} else if (req.user) {
req.uid = parseInt(req.user.uid, 10);
} else {
req.uid = 0;
}
next(); next();
}); });

49
src/upgrades/1.8.0/give_spiders_privileges.js Normal file
View File

@@ -0,0 +1,49 @@
'use strict';
var async = require('async');
var groups = require('../../groups');
var privileges = require('../../privileges');
var db = require('../../database');
module.exports = {
name: 'Give category access privileges to spiders system group',
timestamp: Date.UTC(2018, 0, 31),
method: function (callback) {
db.getSortedSetRange('categories:cid', 0, -1, function (err, cids) {
if (err) {
return callback(err);
}
async.eachSeries(cids, function (cid, next) {
getGroupPrivileges(cid, function (err, groupPrivileges) {
if (err) {
return next(err);
}
var privs = [];
if (groupPrivileges['groups:find']) {
privs.push('find');
}
if (groupPrivileges['groups:read']) {
privs.push('read');
}
if (groupPrivileges['groups:topics:read']) {
privs.push('topics:read');
}
privileges.categories.give(privs, cid, 'spiders', next);
});
}, callback);
});
},
};
function getGroupPrivileges(cid, callback) {
var tasks = {};
['groups:find', 'groups:read', 'groups:topics:read'].forEach(function (privilege) {
tasks[privilege] = async.apply(groups.isMember, 'guests', 'cid:' + cid + ':privileges:' + privilege);
});
async.parallel(tasks, callback);
}

2
src/webserver.js
View File

@@ -16,6 +16,7 @@ var cookieParser = require('cookie-parser');
var session = require('express-session'); var session = require('express-session');
var useragent = require('express-useragent'); var useragent = require('express-useragent');
var favicon = require('serve-favicon'); var favicon = require('serve-favicon');
var detector = require('spider-detector');
var db = require('./database'); var db = require('./database');
var file = require('./file'); var file = require('./file');
@@ -159,6 +160,7 @@ function setupExpressApp(app, callback) {
app.use(bodyParser.json()); app.use(bodyParser.json());
app.use(cookieParser()); app.use(cookieParser());
app.use(useragent.express()); app.use(useragent.express());
app.use(detector.middleware());
app.use(session({ app.use(session({
store: db.sessionStore, store: db.sessionStore,