diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/auth.js | 59 | ||||
-rw-r--r-- | lib/config.js | 38 | ||||
-rw-r--r-- | lib/letter-avatars.js | 25 | ||||
-rw-r--r-- | lib/models/note.js | 6 | ||||
-rw-r--r-- | lib/models/user.js | 11 | ||||
-rw-r--r-- | lib/realtime.js | 54 | ||||
-rwxr-xr-x | lib/response.js | 12 |
7 files changed, 176 insertions, 29 deletions
diff --git a/lib/auth.js b/lib/auth.js index f167cede..4b14e42c 100644 --- a/lib/auth.js +++ b/lib/auth.js @@ -7,6 +7,7 @@ var GithubStrategy = require('passport-github').Strategy; var GitlabStrategy = require('passport-gitlab2').Strategy; var DropboxStrategy = require('passport-dropbox-oauth2').Strategy; var GoogleStrategy = require('passport-google-oauth20').Strategy; +var LdapStrategy = require('passport-ldapauth'); var LocalStrategy = require('passport-local').Strategy; var validator = require('validator'); @@ -110,6 +111,62 @@ if (config.google) { callbackURL: config.serverurl + '/auth/google/callback' }, callback)); } +// ldap +if (config.ldap) { + passport.use(new LdapStrategy({ + server: { + url: config.ldap.url || null, + bindDn: config.ldap.bindDn || null, + bindCredentials: config.ldap.bindCredentials || null, + searchBase: config.ldap.searchBase || null, + searchFilter: config.ldap.searchFilter || null, + searchAttributes: config.ldap.searchAttributes || null, + tlsOptions: config.ldap.tlsOptions || null + }, + }, + function(user, done) { + var profile = { + id: 'LDAP-' + user.uidNumber, + username: user.uid, + displayName: user.displayName, + emails: user.mail ? [user.mail] : [], + avatarUrl: null, + profileUrl: null, + provider: 'ldap', + } + var stringifiedProfile = JSON.stringify(profile); + models.User.findOrCreate({ + where: { + profileid: profile.id.toString() + }, + defaults: { + profile: stringifiedProfile, + } + }).spread(function (user, created) { + if (user) { + var needSave = false; + if (user.profile != stringifiedProfile) { + user.profile = stringifiedProfile; + needSave = true; + } + if (needSave) { + user.save().then(function () { + if (config.debug) + logger.info('user login: ' + user.id); + return done(null, user); + }); + } else { + if (config.debug) + logger.info('user login: ' + user.id); + return done(null, user); + } + } + }).catch(function (err) { + logger.error('ldap auth failed: ' + err); + return done(err, null); + }); + })); +} // email if (config.email) { passport.use(new LocalStrategy({ @@ -130,4 +187,4 @@ if (config.email) { return done(err); }); })); -}
\ No newline at end of file +} diff --git a/lib/config.js b/lib/config.js index c0a7fffe..84f6b3d7 100644 --- a/lib/config.js +++ b/lib/config.js @@ -95,8 +95,44 @@ var google = (process.env.HMD_GOOGLE_CLIENTID && process.env.HMD_GOOGLE_CLIENTSE clientID: process.env.HMD_GOOGLE_CLIENTID, clientSecret: process.env.HMD_GOOGLE_CLIENTSECRET } : (config.google && config.google.clientID && config.google.clientSecret) || false; +var ldap = config.ldap || ( + process.env.HMD_LDAP_URL || + process.env.HMD_LDAP_BINDDN || + process.env.HMD_LDAP_BINDCREDENTIALS || + process.env.HMD_LDAP_TOKENSECRET || + process.env.HMD_LDAP_SEARCHBASE || + process.env.HMD_LDAP_SEARCHFILTER || + process.env.HMD_LDAP_SEARCHATTRIBUTES || + process.env.HMD_LDAP_PROVIDERNAME +) || false; +if (ldap == true) + ldap = {}; +if (process.env.HMD_LDAP_URL) + ldap.url = process.env.HMD_LDAP_URL; +if (process.env.HMD_LDAP_BINDDN) + ldap.bindDn = process.env.HMD_LDAP_BINDDN; +if (process.env.HMD_LDAP_BINDCREDENTIALS) + ldap.bindCredentials = process.env.HMD_LDAP_BINDCREDENTIALS; +if (process.env.HMD_LDAP_TOKENSECRET) + ldap.tokenSecret = process.env.HMD_LDAP_TOKENSECRET; +if (process.env.HMD_LDAP_SEARCHBASE) + ldap.searchBase = process.env.HMD_LDAP_SEARCHBASE; +if (process.env.HMD_LDAP_SEARCHFILTER) + ldap.searchFilter = process.env.HMD_LDAP_SEARCHFILTER; +if (process.env.HMD_LDAP_SEARCHATTRIBUTES) + ldap.searchAttributes = process.env.HMD_LDAP_SEARCHATTRIBUTES; +if (process.env.HMD_LDAP_TLS_CA) { + var ca = { + ca: process.env.HMD_LDAP_TLS_CA + } + ldap.tlsOptions = ldap.tlsOptions ? Object.assign(ldap.tlsOptions, ca) : ca +} +if (process.env.HMD_LDAP_PROVIDERNAME) { + ldap.providerName = process.env.HMD_LDAP_PROVIDERNAME; +} var imgur = process.env.HMD_IMGUR_CLIENTID || config.imgur || false; var email = process.env.HMD_EMAIL ? (process.env.HMD_EMAIL === 'true') : !!config.email; +var allowemailregister = process.env.HMD_ALLOW_EMAIL_REGISTER ? (process.env.HMD_ALLOW_EMAIL_REGISTER === 'true') : ((typeof config.allowemailregister === 'boolean') ? config.allowemailregister : true); function getserverurl() { var url = ''; @@ -156,8 +192,10 @@ module.exports = { gitlab: gitlab, dropbox: dropbox, google: google, + ldap: ldap, imgur: imgur, email: email, + allowemailregister: allowemailregister, imageUploadType: imageUploadType, s3: s3, s3bucket: s3bucket diff --git a/lib/letter-avatars.js b/lib/letter-avatars.js new file mode 100644 index 00000000..3afa03fe --- /dev/null +++ b/lib/letter-avatars.js @@ -0,0 +1,25 @@ +"use strict"; + +// external modules +var randomcolor = require('randomcolor'); + +// core +module.exports = function(name) { + var color = randomcolor({ + seed: name, + luminosity: 'dark' + }); + var letter = name.substring(0, 1).toUpperCase(); + + var svg = '<?xml version="1.0" encoding="UTF-8" standalone="no"?>'; + svg += '<svg xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://www.w3.org/2000/svg" height="96" width="96" version="1.1" viewBox="0 0 96 96">'; + svg += '<g>'; + svg += '<rect width="96" height="96" fill="' + color + '" />'; + svg += '<text font-size="64px" font-family="sans-serif" text-anchor="middle" fill="#ffffff">'; + svg += '<tspan x="48" y="72" stroke-width=".26458px" fill="#ffffff">' + letter + '</tspan>'; + svg += '</text>'; + svg += '</g>'; + svg += '</svg>'; + + return 'data:image/svg+xml;base64,' + new Buffer(svg).toString('base64'); +}; diff --git a/lib/models/note.js b/lib/models/note.js index 132f8b1e..86112973 100644 --- a/lib/models/note.js +++ b/lib/models/note.js @@ -23,7 +23,7 @@ var logger = require("../logger.js"); var ot = require("../ot/index.js"); // permission types -var permissionTypes = ["freely", "editable", "locked", "private"]; +var permissionTypes = ["freely", "editable", "limited", "locked", "protected", "private"]; module.exports = function (sequelize, DataTypes) { var Note = sequelize.define("Note", { @@ -333,7 +333,7 @@ module.exports = function (sequelize, DataTypes) { if (meta.slideOptions && (typeof meta.slideOptions == "object")) _meta.slideOptions = meta.slideOptions; } - return _meta; + return _meta; }, updateAuthorshipByOperation: function (operation, userId, authorships) { var index = 0; @@ -532,4 +532,4 @@ module.exports = function (sequelize, DataTypes) { }); return Note; -};
\ No newline at end of file +}; diff --git a/lib/models/user.js b/lib/models/user.js index aaf344de..7d27242c 100644 --- a/lib/models/user.js +++ b/lib/models/user.js @@ -7,6 +7,7 @@ var scrypt = require('scrypt'); // core var logger = require("../logger.js"); +var letterAvatars = require('../letter-avatars.js'); module.exports = function (sequelize, DataTypes) { var User = sequelize.define("User", { @@ -105,6 +106,16 @@ module.exports = function (sequelize, DataTypes) { case "google": photo = profile.photos[0].value.replace(/(\?sz=)\d*$/i, '$196'); break; + case "ldap": + //no image api provided, + //use gravatar if email exists, + //otherwise generate a letter avatar + if (profile.emails[0]) { + photo = 'https://www.gravatar.com/avatar/' + md5(profile.emails[0]) + '?s=96'; + } else { + photo = letterAvatars(profile.username); + } + break; } return photo; }, diff --git a/lib/realtime.js b/lib/realtime.js index a662deeb..0f2a6680 100644 --- a/lib/realtime.js +++ b/lib/realtime.js @@ -251,13 +251,13 @@ function getStatus(callback) { return logger.error('count user failed: ' + err); }); }).catch(function (err) { - return logger.error('count note failed: ' + err); + return logger.error('count note failed: ' + err); }); } function isReady() { - return realtime.io - && Object.keys(notes).length == 0 && Object.keys(users).length == 0 + return realtime.io + && Object.keys(notes).length == 0 && Object.keys(users).length == 0 && connectionSocketQueue.length == 0 && !isConnectionBusy && disconnectSocketQueue.length == 0 && !isDisconnectBusy; } @@ -374,7 +374,7 @@ function finishConnection(socket, note, user) { return interruptConnection(socket, note, user); } //check view permission - if (note.permission == 'private') { + if (note.permission == 'limited' || note.permission == 'protected' || note.permission == 'private') { if (socket.request.user && socket.request.user.logged_in && socket.request.user.id == note.owner) { //na } else { @@ -420,7 +420,7 @@ function finishConnection(socket, note, user) { function startConnection(socket) { if (isConnectionBusy) return; isConnectionBusy = true; - + var noteId = socket.noteId; if (!noteId) { return failConnection(404, 'note id not found', socket); @@ -521,7 +521,7 @@ function disconnect(socket) { logger.info("SERVER disconnected a client"); logger.info(JSON.stringify(users[socket.id])); } - + if (users[socket.id]) { delete users[socket.id]; } @@ -618,12 +618,12 @@ function ifMayEdit(socket, callback) { case "freely": //not blocking anyone break; - case "editable": + case "editable": case "limited": //only login user can change if (!socket.request.user || !socket.request.user.logged_in) mayEdit = false; break; - case "locked": case "private": + case "locked": case "private": case "protected": //only owner can change if (!note.owner || note.owner != socket.request.user.id) mayEdit = false; @@ -652,17 +652,25 @@ function operationCallback(socket, operation) { if (!user) return; userId = socket.request.user.id; if (!note.authors[userId]) { - models.Author.create({ - noteId: noteId, - userId: userId, - color: user.color - }).then(function (author) { - note.authors[author.userId] = { - userid: author.userId, - color: author.color, - photo: user.photo, - name: user.name - }; + models.Author.findOrCreate({ + where: { + noteId: noteId, + userId: userId + }, + defaults: { + noteId: noteId, + userId: userId, + color: user.color + } + }).spread(function (author, created) { + if (author) { + note.authors[author.userId] = { + userid: author.userId, + color: author.color, + photo: user.photo, + name: user.name + }; + } }).catch(function (err) { return logger.error('operation callback failed: ' + err); }); @@ -672,7 +680,7 @@ function operationCallback(socket, operation) { var noteId = note.alias ? note.alias : LZString.compressToBase64(note.id); if (note.server) history.updateHistory(userId, noteId, note.server.document); }, 0); - + } // save authorship note.authorship = models.Note.updateAuthorshipByOperation(operation, userId, note.authorship); @@ -689,10 +697,10 @@ function connection(socket) { } if (isDuplicatedInSocketQueue(socket, connectionSocketQueue)) return; - + // store noteId in this socket session socket.noteId = noteId; - + //initialize user data //random color var color = randomcolor(); @@ -782,7 +790,7 @@ function connection(socket) { var sock = note.socks[i]; if (typeof sock !== 'undefined' && sock) { //check view permission - if (permission == 'private') { + if (permission == 'limited' || permission == 'protected' || permission == 'private') { if (sock.request.user && sock.request.user.logged_in && sock.request.user.id == note.owner) { //na } else { diff --git a/lib/response.js b/lib/response.js index a0dc8b1f..9014a0a0 100755 --- a/lib/response.js +++ b/lib/response.js @@ -66,7 +66,9 @@ function showIndex(req, res, next) { gitlab: config.gitlab, dropbox: config.dropbox, google: config.google, + ldap: config.ldap, email: config.email, + allowemailregister: config.allowemailregister, signin: req.isAuthenticated(), infoMessage: req.flash('info'), errorMessage: req.flash('error') @@ -94,6 +96,7 @@ function responseHackMD(res, note) { gitlab: config.gitlab, dropbox: config.dropbox, google: config.google, + ldap: config.ldap, email: config.email }); } @@ -122,6 +125,11 @@ function checkViewPermission(req, note) { return false; else return true; + } else if (note.permission == 'limited' || note.permission == 'protected') { + if( !req.isAuthenticated() ) { + return false; + } + return true; } else { return true; } @@ -161,7 +169,7 @@ function showNote(req, res, next) { findNote(req, res, function (note) { // force to use note id var noteId = req.params.noteId; - var id = LZString.compressToBase64(note.id); + var id = LZString.compressToBase64(note.id); if ((note.alias && noteId != note.alias) || (!note.alias && noteId != id)) return res.redirect(config.serverurl + "/" + (note.alias || id)); return responseHackMD(res, note); @@ -413,7 +421,7 @@ function publishSlideActions(req, res, next) { res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id))); break; default: - res.redirect(config.serverurl + '/p/' + note.shortid); + res.redirect(config.serverurl + '/p/' + note.shortid); break; } }); |