From c5f9f896b237f34cf9fc802348d9f92c0ca9ae46 Mon Sep 17 00:00:00 2001 From: Baris Soner Usakli Date: Thu, 28 Nov 2013 22:29:32 -0500 Subject: [PATCH] make all admin routes only accesible to admins --- src/routes/admin.js | 24 ++++++++++++++++-------- src/routes/debug.js | 16 ++++++++++++++++ src/webserver.js | 16 ---------------- 3 files changed, 32 insertions(+), 24 deletions(-) diff --git a/src/routes/admin.js b/src/routes/admin.js index e3d4a23db1..d9e991131d 100644 --- a/src/routes/admin.js +++ b/src/routes/admin.js @@ -14,8 +14,11 @@ var user = require('./../user.js'), (function (Admin) { Admin.isAdmin = function (req, res, next) { user.isAdministrator((req.user && req.user.uid) ? req.user.uid : 0, function (err, isAdmin) { - if (!isAdmin) res.redirect('/403'); - else next(); + if (!isAdmin) { + res.redirect('/403'); + } else { + next(); + } }); } @@ -43,6 +46,9 @@ var user = require('./../user.js'), Admin.createRoutes = function (app) { + app.all('/api/admin/*', Admin.isAdmin); + app.all('/admin/*', Admin.isAdmin); + (function () { var routes = [ 'categories/active', 'categories/disabled', 'users', 'topics', 'settings', 'themes', @@ -53,7 +59,7 @@ var user = require('./../user.js'), for (var i = 0, ii = routes.length; i < ii; i++) { (function (route) { - app.get('/admin/' + route, Admin.isAdmin, function (req, res) { + app.get('/admin/' + route, function (req, res) { Admin.buildHeader(req, res, function(err, header) { res.send(header + app.create_route('admin/' + route) + templates['admin/footer']); }); @@ -65,7 +71,7 @@ var user = require('./../user.js'), for (var i = 0, ii = unit_tests.length; i < ii; i++) { (function (route) { - app.get('/admin/testing/' + route, Admin.isAdmin, function (req, res) { + app.get('/admin/testing/' + route, function (req, res) { Admin.buildHeader(req, res, function(err, header) { res.send(header + app.create_route('admin/testing/' + route) + templates['admin/footer']); }); @@ -76,19 +82,19 @@ var user = require('./../user.js'), }()); app.namespace('/admin', function () { - app.get('/', Admin.isAdmin, function (req, res) { + app.get('/', function (req, res) { Admin.buildHeader(req, res, function(err, header) { res.send(header + app.create_route('admin/index') + templates['admin/footer']); }); }); - app.get('/index', Admin.isAdmin, function (req, res) { + app.get('/index', function (req, res) { Admin.buildHeader(req, res, function(err, header) { res.send(header + app.create_route('admin/index') + templates['admin/footer']); }); }); - app.post('/uploadlogo', Admin.isAdmin, function(req, res) { + app.post('/uploadlogo', function(req, res) { if (!req.user) return res.redirect('/403'); @@ -163,7 +169,9 @@ var user = require('./../user.js'), }); }); + app.namespace('/api/admin', function () { + app.get('/index', function (req, res) { res.json({ version: pkg.version, @@ -282,7 +290,7 @@ var user = require('./../user.js'), }); }); - // app.get('/export', Admin.isAdmin, function (req, res) { + // app.get('/export', function (req, res) { // Meta.db.getFile(function (err, dbFile) { // if (!err) { // res.download(dbFile, 'redis.rdb', function (err) { diff --git a/src/routes/debug.js b/src/routes/debug.js index 1cd17ee9d9..d089a48b2c 100644 --- a/src/routes/debug.js +++ b/src/routes/debug.js @@ -62,6 +62,22 @@ var DebugRoute = function(app) { res.send('pruned'); }); }); + + app.get('/reindex', function (req, res) { + topics.reIndexAll(function (err) { + if (err) { + return res.json(err); + } + + user.reIndexAll(function (err) { + if (err) { + return res.json(err); + } else { + res.send('Topics and users reindexed'); + } + }); + }); + }); }); }; diff --git a/src/webserver.js b/src/webserver.js index d9f9bbf94f..778829e4e6 100644 --- a/src/webserver.js +++ b/src/webserver.js @@ -735,22 +735,6 @@ var path = require('path'), }); }); - app.get('/reindex', function (req, res) { - topics.reIndexAll(function (err) { - if (err) { - return res.json(err); - } - - user.reIndexAll(function (err) { - if (err) { - return res.json(err); - } else { - res.send('Topics and users reindexed'); - } - }); - }); - }); - // Other routes require('./routes/plugins')(app);