diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/config/default.js | 11 | ||||
-rw-r--r-- | lib/config/environment.js | 4 | ||||
-rw-r--r-- | lib/config/index.js | 28 | ||||
-rw-r--r-- | lib/models/revision.js | 3 | ||||
-rw-r--r-- | lib/response.js | 18 | ||||
-rw-r--r-- | lib/web/auth/index.js | 1 | ||||
-rw-r--r-- | lib/web/auth/openid/index.js | 61 | ||||
-rw-r--r-- | lib/web/imageRouter/filesystem.js | 3 | ||||
-rw-r--r-- | lib/web/statusRouter.js | 2 |
9 files changed, 96 insertions, 35 deletions
diff --git a/lib/config/default.js b/lib/config/default.js index c34279bd..c3ada982 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -38,15 +38,10 @@ module.exports = { sslCAPath: '', dhParamPath: '', // other path + viewPath: './public/views', tmpPath: './tmp', defaultNotePath: './public/default.md', docsPath: './public/docs', - indexPath: './public/views/index.ejs', - codimdPath: './public/views/codimd.ejs', - errorPath: './public/views/error.ejs', - prettyPath: './public/views/pretty.ejs', - slidePath: './public/views/slide.ejs', - constantsPath: './public/js/lib/common/constant.ejs', uploadsPath: './public/uploads', // session sessionName: 'connect.sid', @@ -83,6 +78,7 @@ module.exports = { }, // authentication oauth2: { + providerName: undefined, authorizationURL: undefined, tokenURL: undefined, clientID: undefined, @@ -150,5 +146,6 @@ module.exports = { email: true, allowEmailRegister: true, allowGravatar: true, - allowPDFExport: true + allowPDFExport: true, + openID: true } diff --git a/lib/config/environment.js b/lib/config/environment.js index 6c4ce92f..6737637c 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -75,6 +75,7 @@ module.exports = { clientSecret: process.env.CMD_MATTERMOST_CLIENTSECRET }, oauth2: { + providerName: process.env.CMD_OAUTH2_PROVIDERNAME, baseURL: process.env.CMD_OAUTH2_BASEURL, userProfileURL: process.env.CMD_OAUTH2_USER_PROFILE_URL, userProfileUsernameAttr: process.env.CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR, @@ -123,5 +124,6 @@ module.exports = { email: toBooleanConfig(process.env.CMD_EMAIL), allowEmailRegister: toBooleanConfig(process.env.CMD_ALLOW_EMAIL_REGISTER), allowGravatar: toBooleanConfig(process.env.CMD_ALLOW_GRAVATAR), - allowPDFExport: toBooleanConfig(process.env.CMD_ALLOW_PDF_EXPORT) + allowPDFExport: toBooleanConfig(process.env.CMD_ALLOW_PDF_EXPORT), + openID: toBooleanConfig(process.env.CMD_OPENID) } diff --git a/lib/config/index.js b/lib/config/index.js index 26f0ae96..f8b68e30 100644 --- a/lib/config/index.js +++ b/lib/config/index.js @@ -9,7 +9,7 @@ const deepFreeze = require('deep-freeze') const {Environment, Permission} = require('./enum') const logger = require('../logger') -const appRootPath = path.join(__dirname, '../../') +const appRootPath = path.resolve(__dirname, '../../') const env = process.env.NODE_ENV || Environment.development const debugConfig = { debug: (env === Environment.development) @@ -23,7 +23,8 @@ const packageConfig = { minimumCompatibleVersion: '0.5.0' } -const configFilePath = path.join(appRootPath, 'config.json') +const configFilePath = path.resolve(appRootPath, process.env.CMD_CONFIG_FILE || +'config.json') const fileConfig = fs.existsSync(configFilePath) ? require(configFilePath)[env] : undefined let config = require('./default') @@ -95,6 +96,7 @@ config.isGoogleEnable = config.google.clientID && config.google.clientSecret config.isDropboxEnable = config.dropbox.clientID && config.dropbox.clientSecret config.isTwitterEnable = config.twitter.consumerKey && config.twitter.consumerSecret config.isEmailEnable = config.email +config.isOpenIDEnable = config.openID config.isGitHubEnable = config.github.clientID && config.github.clientSecret config.isGitLabEnable = config.gitlab.clientID && config.gitlab.clientSecret config.isMattermostEnable = config.mattermost.clientID && config.mattermost.clientSecret @@ -173,20 +175,14 @@ config.sslCAPath.forEach(function (capath, i, array) { array[i] = path.resolve(appRootPath, capath) }) -config.sslCertPath = path.join(appRootPath, config.sslCertPath) -config.sslKeyPath = path.join(appRootPath, config.sslKeyPath) -config.dhParamPath = path.join(appRootPath, config.dhParamPath) - -config.tmpPath = path.join(appRootPath, config.tmpPath) -config.defaultNotePath = path.join(appRootPath, config.defaultNotePath) -config.docsPath = path.join(appRootPath, config.docsPath) -config.indexPath = path.join(appRootPath, config.indexPath) -config.codimdPath = path.join(appRootPath, config.codimdPath) -config.errorPath = path.join(appRootPath, config.errorPath) -config.prettyPath = path.join(appRootPath, config.prettyPath) -config.slidePath = path.join(appRootPath, config.slidePath) -config.constantsPath = path.join(appRootPath, config.constantsPath) -config.uploadsPath = path.join(appRootPath, config.uploadsPath) +config.sslCertPath = path.resolve(appRootPath, config.sslCertPath) +config.sslKeyPath = path.resolve(appRootPath, config.sslKeyPath) +config.dhParamPath = path.resolve(appRootPath, config.dhParamPath) +config.viewPath = path.resolve(appRootPath, config.viewPath) +config.tmpPath = path.resolve(appRootPath, config.tmpPath) +config.defaultNotePath = path.resolve(appRootPath, config.defaultNotePath) +config.docsPath = path.resolve(appRootPath, config.docsPath) +config.uploadsPath = path.resolve(appRootPath, config.uploadsPath) // make config readonly config = deepFreeze(config) diff --git a/lib/models/revision.js b/lib/models/revision.js index 8bc95cb1..4ee080da 100644 --- a/lib/models/revision.js +++ b/lib/models/revision.js @@ -5,6 +5,7 @@ var async = require('async') var moment = require('moment') var childProcess = require('child_process') var shortId = require('shortid') +var path = require('path') // core var config = require('../config') @@ -14,7 +15,7 @@ var dmpWorker = createDmpWorker() var dmpCallbackCache = {} function createDmpWorker () { - var worker = childProcess.fork('./lib/workers/dmpWorker.js', { + var worker = childProcess.fork(path.resolve(__dirname, '../workers/dmpWorker.js'), { stdio: 'ignore' }) if (config.debug) logger.info('dmp worker process started') diff --git a/lib/response.js b/lib/response.js index 4df036b7..4f572e47 100644 --- a/lib/response.js +++ b/lib/response.js @@ -54,7 +54,7 @@ var response = { } function responseError (res, code, detail, msg) { - res.status(code).render(config.errorPath, { + res.status(code).render('error.ejs', { url: config.serverURL, title: code + ' ' + detail + ' ' + msg, code: code, @@ -88,6 +88,7 @@ function showIndex (req, res, next) { email: config.isEmailEnable, allowEmailRegister: config.allowEmailRegister, allowPDFExport: config.allowPDFExport, + openID: config.isOpenIDEnable, signin: authStatus, infoMessage: req.flash('info'), errorMessage: req.flash('error'), @@ -104,11 +105,11 @@ function showIndex (req, res, next) { }).then(function (user) { if (user) { data.deleteToken = user.deleteToken - res.render(config.indexPath, data) + res.render('index.ejs', data) } }) } else { - res.render(config.indexPath, data) + res.render('index.ejs', data) } } @@ -122,7 +123,7 @@ function responseCodiMD (res, note) { 'Cache-Control': 'private', // only cache by client 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling }) - res.render(config.codimdPath, { + res.render('codimd.ejs', { url: config.serverURL, title: title, useCDN: config.useCDN, @@ -142,7 +143,8 @@ function responseCodiMD (res, note) { oauth2: config.isOAuth2Enable, email: config.isEmailEnable, allowEmailRegister: config.allowEmailRegister, - allowPDFExport: config.allowPDFExport + allowPDFExport: config.allowPDFExport, + openID: config.isOpenIDEnable }) } @@ -283,7 +285,7 @@ function renderPublish (data, res) { res.set({ 'Cache-Control': 'private' // only cache by client }) - res.render(config.prettyPath, data) + res.render('pretty.ejs', data) } function actionPublish (req, res, note) { @@ -589,7 +591,7 @@ function gitlabActionProjects (req, res, note) { ret.accesstoken = user.accessToken ret.profileid = user.profileid request( - config.gitlab.baseURL + '/api/' + config.gitlab.version + '/projects?access_token=' + user.accessToken, + config.gitlab.baseURL + '/api/' + config.gitlab.version + '/projects?membership=yes&per_page=100&access_token=' + user.accessToken, function (error, httpResponse, body) { if (!error && httpResponse.statusCode === 200) { ret.projects = JSON.parse(body) @@ -665,7 +667,7 @@ function renderPublishSlide (data, res) { res.set({ 'Cache-Control': 'private' // only cache by client }) - res.render(config.slidePath, data) + res.render('slide.ejs', data) } module.exports = response diff --git a/lib/web/auth/index.js b/lib/web/auth/index.js index 61e7c3f9..86ab4b28 100644 --- a/lib/web/auth/index.js +++ b/lib/web/auth/index.js @@ -45,6 +45,7 @@ if (config.isLDAPEnable) authRouter.use(require('./ldap')) if (config.isSAMLEnable) authRouter.use(require('./saml')) if (config.isOAuth2Enable) authRouter.use(require('./oauth2')) if (config.isEmailEnable) authRouter.use(require('./email')) +if (config.isOpenIDEnable) authRouter.use(require('./openid')) // logout authRouter.get('/logout', function (req, res) { diff --git a/lib/web/auth/openid/index.js b/lib/web/auth/openid/index.js new file mode 100644 index 00000000..96f61807 --- /dev/null +++ b/lib/web/auth/openid/index.js @@ -0,0 +1,61 @@ +'use strict' + +const Router = require('express').Router +const passport = require('passport') +const OpenIDStrategy = require('@passport-next/passport-openid').Strategy +const config = require('../../../config') +const models = require('../../../models') +const logger = require('../../../logger') +const {urlencodedParser} = require('../../utils') +const {setReturnToFromReferer} = require('../utils') + +let openIDAuth = module.exports = Router() + +passport.use(new OpenIDStrategy({ + returnURL: config.serverURL + '/auth/openid/callback', + realm: config.serverURL, + profile: true +}, function (openid, profile, done) { + var stringifiedProfile = JSON.stringify(profile) + models.User.findOrCreate({ + where: { + profileid: openid + }, + defaults: { + profile: stringifiedProfile + } + }).spread(function (user, created) { + if (user) { + var needSave = false + if (user.profile !== stringifiedProfile) { + user.profile = stringifiedProfile + needSave = true + } + if (needSave) { + user.save().then(function () { + if (config.debug) { logger.info('user login: ' + user.id) } + return done(null, user) + }) + } else { + if (config.debug) { logger.info('user login: ' + user.id) } + return done(null, user) + } + } + }).catch(function (err) { + logger.error('auth callback failed: ' + err) + return done(err, null) + }) +})) + +openIDAuth.post('/auth/openid', urlencodedParser, function (req, res, next) { + setReturnToFromReferer(req) + passport.authenticate('openid')(req, res, next) +}) + +// openID auth callback +openIDAuth.get('/auth/openid/callback', + passport.authenticate('openid', { + successReturnToOrRedirect: config.serverurl + '/', + failureRedirect: config.serverurl + '/' + }) +) diff --git a/lib/web/imageRouter/filesystem.js b/lib/web/imageRouter/filesystem.js index 4bf82b31..8c432b0c 100644 --- a/lib/web/imageRouter/filesystem.js +++ b/lib/web/imageRouter/filesystem.js @@ -1,5 +1,6 @@ 'use strict' const url = require('url') +const path = require('path') const config = require('../../config') const logger = require('../../logger') @@ -15,5 +16,5 @@ exports.uploadImage = function (imagePath, callback) { return } - callback(null, url.resolve(config.serverURL + '/', imagePath.match(/public\/(.+)$/)[1])) + callback(null, url.resolve(config.serverURL + '/uploads/', path.basename(imagePath))) } diff --git a/lib/web/statusRouter.js b/lib/web/statusRouter.js index 7ecf3839..fb2609ea 100644 --- a/lib/web/statusRouter.js +++ b/lib/web/statusRouter.js @@ -105,5 +105,5 @@ statusRouter.get('/config', function (req, res) { 'X-Robots-Tag': 'noindex, nofollow', // prevent crawling 'Content-Type': 'application/javascript' }) - res.render(config.constantsPath, data) + res.render('../js/lib/common/constant.ejs', data) }) |