summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/config/default.js11
-rw-r--r--lib/config/environment.js4
-rw-r--r--lib/config/index.js28
-rw-r--r--lib/models/revision.js3
-rw-r--r--lib/response.js18
-rw-r--r--lib/web/auth/index.js1
-rw-r--r--lib/web/auth/openid/index.js61
-rw-r--r--lib/web/imageRouter/filesystem.js3
-rw-r--r--lib/web/statusRouter.js2
9 files changed, 96 insertions, 35 deletions
diff --git a/lib/config/default.js b/lib/config/default.js
index c34279bd..c3ada982 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -38,15 +38,10 @@ module.exports = {
sslCAPath: '',
dhParamPath: '',
// other path
+ viewPath: './public/views',
tmpPath: './tmp',
defaultNotePath: './public/default.md',
docsPath: './public/docs',
- indexPath: './public/views/index.ejs',
- codimdPath: './public/views/codimd.ejs',
- errorPath: './public/views/error.ejs',
- prettyPath: './public/views/pretty.ejs',
- slidePath: './public/views/slide.ejs',
- constantsPath: './public/js/lib/common/constant.ejs',
uploadsPath: './public/uploads',
// session
sessionName: 'connect.sid',
@@ -83,6 +78,7 @@ module.exports = {
},
// authentication
oauth2: {
+ providerName: undefined,
authorizationURL: undefined,
tokenURL: undefined,
clientID: undefined,
@@ -150,5 +146,6 @@ module.exports = {
email: true,
allowEmailRegister: true,
allowGravatar: true,
- allowPDFExport: true
+ allowPDFExport: true,
+ openID: true
}
diff --git a/lib/config/environment.js b/lib/config/environment.js
index 6c4ce92f..6737637c 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -75,6 +75,7 @@ module.exports = {
clientSecret: process.env.CMD_MATTERMOST_CLIENTSECRET
},
oauth2: {
+ providerName: process.env.CMD_OAUTH2_PROVIDERNAME,
baseURL: process.env.CMD_OAUTH2_BASEURL,
userProfileURL: process.env.CMD_OAUTH2_USER_PROFILE_URL,
userProfileUsernameAttr: process.env.CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR,
@@ -123,5 +124,6 @@ module.exports = {
email: toBooleanConfig(process.env.CMD_EMAIL),
allowEmailRegister: toBooleanConfig(process.env.CMD_ALLOW_EMAIL_REGISTER),
allowGravatar: toBooleanConfig(process.env.CMD_ALLOW_GRAVATAR),
- allowPDFExport: toBooleanConfig(process.env.CMD_ALLOW_PDF_EXPORT)
+ allowPDFExport: toBooleanConfig(process.env.CMD_ALLOW_PDF_EXPORT),
+ openID: toBooleanConfig(process.env.CMD_OPENID)
}
diff --git a/lib/config/index.js b/lib/config/index.js
index 26f0ae96..f8b68e30 100644
--- a/lib/config/index.js
+++ b/lib/config/index.js
@@ -9,7 +9,7 @@ const deepFreeze = require('deep-freeze')
const {Environment, Permission} = require('./enum')
const logger = require('../logger')
-const appRootPath = path.join(__dirname, '../../')
+const appRootPath = path.resolve(__dirname, '../../')
const env = process.env.NODE_ENV || Environment.development
const debugConfig = {
debug: (env === Environment.development)
@@ -23,7 +23,8 @@ const packageConfig = {
minimumCompatibleVersion: '0.5.0'
}
-const configFilePath = path.join(appRootPath, 'config.json')
+const configFilePath = path.resolve(appRootPath, process.env.CMD_CONFIG_FILE ||
+'config.json')
const fileConfig = fs.existsSync(configFilePath) ? require(configFilePath)[env] : undefined
let config = require('./default')
@@ -95,6 +96,7 @@ config.isGoogleEnable = config.google.clientID && config.google.clientSecret
config.isDropboxEnable = config.dropbox.clientID && config.dropbox.clientSecret
config.isTwitterEnable = config.twitter.consumerKey && config.twitter.consumerSecret
config.isEmailEnable = config.email
+config.isOpenIDEnable = config.openID
config.isGitHubEnable = config.github.clientID && config.github.clientSecret
config.isGitLabEnable = config.gitlab.clientID && config.gitlab.clientSecret
config.isMattermostEnable = config.mattermost.clientID && config.mattermost.clientSecret
@@ -173,20 +175,14 @@ config.sslCAPath.forEach(function (capath, i, array) {
array[i] = path.resolve(appRootPath, capath)
})
-config.sslCertPath = path.join(appRootPath, config.sslCertPath)
-config.sslKeyPath = path.join(appRootPath, config.sslKeyPath)
-config.dhParamPath = path.join(appRootPath, config.dhParamPath)
-
-config.tmpPath = path.join(appRootPath, config.tmpPath)
-config.defaultNotePath = path.join(appRootPath, config.defaultNotePath)
-config.docsPath = path.join(appRootPath, config.docsPath)
-config.indexPath = path.join(appRootPath, config.indexPath)
-config.codimdPath = path.join(appRootPath, config.codimdPath)
-config.errorPath = path.join(appRootPath, config.errorPath)
-config.prettyPath = path.join(appRootPath, config.prettyPath)
-config.slidePath = path.join(appRootPath, config.slidePath)
-config.constantsPath = path.join(appRootPath, config.constantsPath)
-config.uploadsPath = path.join(appRootPath, config.uploadsPath)
+config.sslCertPath = path.resolve(appRootPath, config.sslCertPath)
+config.sslKeyPath = path.resolve(appRootPath, config.sslKeyPath)
+config.dhParamPath = path.resolve(appRootPath, config.dhParamPath)
+config.viewPath = path.resolve(appRootPath, config.viewPath)
+config.tmpPath = path.resolve(appRootPath, config.tmpPath)
+config.defaultNotePath = path.resolve(appRootPath, config.defaultNotePath)
+config.docsPath = path.resolve(appRootPath, config.docsPath)
+config.uploadsPath = path.resolve(appRootPath, config.uploadsPath)
// make config readonly
config = deepFreeze(config)
diff --git a/lib/models/revision.js b/lib/models/revision.js
index 8bc95cb1..4ee080da 100644
--- a/lib/models/revision.js
+++ b/lib/models/revision.js
@@ -5,6 +5,7 @@ var async = require('async')
var moment = require('moment')
var childProcess = require('child_process')
var shortId = require('shortid')
+var path = require('path')
// core
var config = require('../config')
@@ -14,7 +15,7 @@ var dmpWorker = createDmpWorker()
var dmpCallbackCache = {}
function createDmpWorker () {
- var worker = childProcess.fork('./lib/workers/dmpWorker.js', {
+ var worker = childProcess.fork(path.resolve(__dirname, '../workers/dmpWorker.js'), {
stdio: 'ignore'
})
if (config.debug) logger.info('dmp worker process started')
diff --git a/lib/response.js b/lib/response.js
index 4df036b7..4f572e47 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -54,7 +54,7 @@ var response = {
}
function responseError (res, code, detail, msg) {
- res.status(code).render(config.errorPath, {
+ res.status(code).render('error.ejs', {
url: config.serverURL,
title: code + ' ' + detail + ' ' + msg,
code: code,
@@ -88,6 +88,7 @@ function showIndex (req, res, next) {
email: config.isEmailEnable,
allowEmailRegister: config.allowEmailRegister,
allowPDFExport: config.allowPDFExport,
+ openID: config.isOpenIDEnable,
signin: authStatus,
infoMessage: req.flash('info'),
errorMessage: req.flash('error'),
@@ -104,11 +105,11 @@ function showIndex (req, res, next) {
}).then(function (user) {
if (user) {
data.deleteToken = user.deleteToken
- res.render(config.indexPath, data)
+ res.render('index.ejs', data)
}
})
} else {
- res.render(config.indexPath, data)
+ res.render('index.ejs', data)
}
}
@@ -122,7 +123,7 @@ function responseCodiMD (res, note) {
'Cache-Control': 'private', // only cache by client
'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
})
- res.render(config.codimdPath, {
+ res.render('codimd.ejs', {
url: config.serverURL,
title: title,
useCDN: config.useCDN,
@@ -142,7 +143,8 @@ function responseCodiMD (res, note) {
oauth2: config.isOAuth2Enable,
email: config.isEmailEnable,
allowEmailRegister: config.allowEmailRegister,
- allowPDFExport: config.allowPDFExport
+ allowPDFExport: config.allowPDFExport,
+ openID: config.isOpenIDEnable
})
}
@@ -283,7 +285,7 @@ function renderPublish (data, res) {
res.set({
'Cache-Control': 'private' // only cache by client
})
- res.render(config.prettyPath, data)
+ res.render('pretty.ejs', data)
}
function actionPublish (req, res, note) {
@@ -589,7 +591,7 @@ function gitlabActionProjects (req, res, note) {
ret.accesstoken = user.accessToken
ret.profileid = user.profileid
request(
- config.gitlab.baseURL + '/api/' + config.gitlab.version + '/projects?access_token=' + user.accessToken,
+ config.gitlab.baseURL + '/api/' + config.gitlab.version + '/projects?membership=yes&per_page=100&access_token=' + user.accessToken,
function (error, httpResponse, body) {
if (!error && httpResponse.statusCode === 200) {
ret.projects = JSON.parse(body)
@@ -665,7 +667,7 @@ function renderPublishSlide (data, res) {
res.set({
'Cache-Control': 'private' // only cache by client
})
- res.render(config.slidePath, data)
+ res.render('slide.ejs', data)
}
module.exports = response
diff --git a/lib/web/auth/index.js b/lib/web/auth/index.js
index 61e7c3f9..86ab4b28 100644
--- a/lib/web/auth/index.js
+++ b/lib/web/auth/index.js
@@ -45,6 +45,7 @@ if (config.isLDAPEnable) authRouter.use(require('./ldap'))
if (config.isSAMLEnable) authRouter.use(require('./saml'))
if (config.isOAuth2Enable) authRouter.use(require('./oauth2'))
if (config.isEmailEnable) authRouter.use(require('./email'))
+if (config.isOpenIDEnable) authRouter.use(require('./openid'))
// logout
authRouter.get('/logout', function (req, res) {
diff --git a/lib/web/auth/openid/index.js b/lib/web/auth/openid/index.js
new file mode 100644
index 00000000..96f61807
--- /dev/null
+++ b/lib/web/auth/openid/index.js
@@ -0,0 +1,61 @@
+'use strict'
+
+const Router = require('express').Router
+const passport = require('passport')
+const OpenIDStrategy = require('@passport-next/passport-openid').Strategy
+const config = require('../../../config')
+const models = require('../../../models')
+const logger = require('../../../logger')
+const {urlencodedParser} = require('../../utils')
+const {setReturnToFromReferer} = require('../utils')
+
+let openIDAuth = module.exports = Router()
+
+passport.use(new OpenIDStrategy({
+ returnURL: config.serverURL + '/auth/openid/callback',
+ realm: config.serverURL,
+ profile: true
+}, function (openid, profile, done) {
+ var stringifiedProfile = JSON.stringify(profile)
+ models.User.findOrCreate({
+ where: {
+ profileid: openid
+ },
+ defaults: {
+ profile: stringifiedProfile
+ }
+ }).spread(function (user, created) {
+ if (user) {
+ var needSave = false
+ if (user.profile !== stringifiedProfile) {
+ user.profile = stringifiedProfile
+ needSave = true
+ }
+ if (needSave) {
+ user.save().then(function () {
+ if (config.debug) { logger.info('user login: ' + user.id) }
+ return done(null, user)
+ })
+ } else {
+ if (config.debug) { logger.info('user login: ' + user.id) }
+ return done(null, user)
+ }
+ }
+ }).catch(function (err) {
+ logger.error('auth callback failed: ' + err)
+ return done(err, null)
+ })
+}))
+
+openIDAuth.post('/auth/openid', urlencodedParser, function (req, res, next) {
+ setReturnToFromReferer(req)
+ passport.authenticate('openid')(req, res, next)
+})
+
+// openID auth callback
+openIDAuth.get('/auth/openid/callback',
+ passport.authenticate('openid', {
+ successReturnToOrRedirect: config.serverurl + '/',
+ failureRedirect: config.serverurl + '/'
+ })
+)
diff --git a/lib/web/imageRouter/filesystem.js b/lib/web/imageRouter/filesystem.js
index 4bf82b31..8c432b0c 100644
--- a/lib/web/imageRouter/filesystem.js
+++ b/lib/web/imageRouter/filesystem.js
@@ -1,5 +1,6 @@
'use strict'
const url = require('url')
+const path = require('path')
const config = require('../../config')
const logger = require('../../logger')
@@ -15,5 +16,5 @@ exports.uploadImage = function (imagePath, callback) {
return
}
- callback(null, url.resolve(config.serverURL + '/', imagePath.match(/public\/(.+)$/)[1]))
+ callback(null, url.resolve(config.serverURL + '/uploads/', path.basename(imagePath)))
}
diff --git a/lib/web/statusRouter.js b/lib/web/statusRouter.js
index 7ecf3839..fb2609ea 100644
--- a/lib/web/statusRouter.js
+++ b/lib/web/statusRouter.js
@@ -105,5 +105,5 @@ statusRouter.get('/config', function (req, res) {
'X-Robots-Tag': 'noindex, nofollow', // prevent crawling
'Content-Type': 'application/javascript'
})
- res.render(config.constantsPath, data)
+ res.render('../js/lib/common/constant.ejs', data)
})