mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-30 23:05:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge branch 'frontend-next' into t216-refactor-common

Browse source
This commit is contained in:
Yukai Huang 2017-01-15 11:33:22 +08:00
commit c0e8306961
18 changed files with 306 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

59
lib/auth.js
View file

@ -7,6 +7,7 @@ var GithubStrategy = require('passport-github').Strategy;
var GitlabStrategy = require('passport-gitlab2').Strategy;
var DropboxStrategy = require('passport-dropbox-oauth2').Strategy;
var GoogleStrategy = require('passport-google-oauth20').Strategy;
var LdapStrategy = require('passport-ldapauth');
var LocalStrategy = require('passport-local').Strategy;
var validator = require('validator');
@ -110,6 +111,62 @@ if (config.google) {
callbackURL: config.serverurl + '/auth/google/callback'
}, callback));
}
// ldap
if (config.ldap) {
passport.use(new LdapStrategy({
server: {
url: config.ldap.url || null,
bindDn: config.ldap.bindDn || null,
bindCredentials: config.ldap.bindCredentials || null,
searchBase: config.ldap.searchBase || null,
searchFilter: config.ldap.searchFilter || null,
searchAttributes: config.ldap.searchAttributes || null,
tlsOptions: config.ldap.tlsOptions || null
},
},
function(user, done) {
var profile = {
id: 'LDAP-' + user.uidNumber,
username: user.uid,
displayName: user.displayName,
emails: user.mail ? [user.mail] : [],
avatarUrl: null,
profileUrl: null,
provider: 'ldap',
}
var stringifiedProfile = JSON.stringify(profile);
models.User.findOrCreate({
where: {
profileid: profile.id.toString()
},
defaults: {
profile: stringifiedProfile,
}
}).spread(function (user, created) {
if (user) {
var needSave = false;
if (user.profile != stringifiedProfile) {
user.profile = stringifiedProfile;
needSave = true;
}
if (needSave) {
user.save().then(function () {
if (config.debug)
logger.info('user login: ' + user.id);
return done(null, user);
});
} else {
if (config.debug)
logger.info('user login: ' + user.id);
return done(null, user);
}
}
}).catch(function (err) {
logger.error('ldap auth failed: ' + err);
return done(err, null);
});
}));
}
// email
if (config.email) {
passport.use(new LocalStrategy({
@ -130,4 +187,4 @@ if (config.email) {
return done(err);
});
}));
}
}

38
lib/config.js
View file

@ -95,8 +95,44 @@ var google = (process.env.HMD_GOOGLE_CLIENTID && process.env.HMD_GOOGLE_CLIENTSE
clientID: process.env.HMD_GOOGLE_CLIENTID,
clientSecret: process.env.HMD_GOOGLE_CLIENTSECRET
} : (config.google && config.google.clientID && config.google.clientSecret) || false;
var ldap = config.ldap || (
process.env.HMD_LDAP_URL ||
process.env.HMD_LDAP_BINDDN ||
process.env.HMD_LDAP_BINDCREDENTIALS ||
process.env.HMD_LDAP_TOKENSECRET ||
process.env.HMD_LDAP_SEARCHBASE ||
process.env.HMD_LDAP_SEARCHFILTER ||
process.env.HMD_LDAP_SEARCHATTRIBUTES ||
process.env.HMD_LDAP_PROVIDERNAME
) || false;
if (ldap == true)
ldap = {};
if (process.env.HMD_LDAP_URL)
ldap.url = process.env.HMD_LDAP_URL;
if (process.env.HMD_LDAP_BINDDN)
ldap.bindDn = process.env.HMD_LDAP_BINDDN;
if (process.env.HMD_LDAP_BINDCREDENTIALS)
ldap.bindCredentials = process.env.HMD_LDAP_BINDCREDENTIALS;
if (process.env.HMD_LDAP_TOKENSECRET)
ldap.tokenSecret = process.env.HMD_LDAP_TOKENSECRET;
if (process.env.HMD_LDAP_SEARCHBASE)
ldap.searchBase = process.env.HMD_LDAP_SEARCHBASE;
if (process.env.HMD_LDAP_SEARCHFILTER)
ldap.searchFilter = process.env.HMD_LDAP_SEARCHFILTER;
if (process.env.HMD_LDAP_SEARCHATTRIBUTES)
ldap.searchAttributes = process.env.HMD_LDAP_SEARCHATTRIBUTES;
if (process.env.HMD_LDAP_TLS_CA) {
var ca = {
ca: process.env.HMD_LDAP_TLS_CA
}
ldap.tlsOptions = ldap.tlsOptions ? Object.assign(ldap.tlsOptions, ca) : ca
}
if (process.env.HMD_LDAP_PROVIDERNAME) {
ldap.providerName = process.env.HMD_LDAP_PROVIDERNAME;
}
var imgur = process.env.HMD_IMGUR_CLIENTID || config.imgur || false;
var email = process.env.HMD_EMAIL ? (process.env.HMD_EMAIL === 'true') : !!config.email;
var allowemailregister = process.env.HMD_ALLOW_EMAIL_REGISTER ? (process.env.HMD_ALLOW_EMAIL_REGISTER === 'true') : ((typeof config.allowemailregister === 'boolean') ? config.allowemailregister : true);
function getserverurl() {
var url = '';
@ -156,8 +192,10 @@ module.exports = {
gitlab: gitlab,
dropbox: dropbox,
google: google,
ldap: ldap,
imgur: imgur,
email: email,
allowemailregister: allowemailregister,
imageUploadType: imageUploadType,
s3: s3,
s3bucket: s3bucket

25
lib/letter-avatars.js Normal file
View file

@ -0,0 +1,25 @@
"use strict";
// external modules
var randomcolor = require('randomcolor');
// core
module.exports = function(name) {
var color = randomcolor({
seed: name,
luminosity: 'dark'
});
var letter = name.substring(0, 1).toUpperCase();
var svg = '<?xml version="1.0" encoding="UTF-8" standalone="no"?>';
svg += '<svg xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://www.w3.org/2000/svg" height="96" width="96" version="1.1" viewBox="0 0 96 96">';
svg += '<g>';
svg += '<rect width="96" height="96" fill="' + color + '" />';
svg += '<text font-size="64px" font-family="sans-serif" text-anchor="middle" fill="#ffffff">';
svg += '<tspan x="48" y="72" stroke-width=".26458px" fill="#ffffff">' + letter + '</tspan>';
svg += '</text>';
svg += '</g>';
svg += '</svg>';
return 'data:image/svg+xml;base64,' + new Buffer(svg).toString('base64');
};

6
lib/models/note.js
View file

@ -23,7 +23,7 @@ var logger = require("../logger.js");
var ot = require("../ot/index.js");
// permission types
var permissionTypes = ["freely", "editable", "locked", "private"];
var permissionTypes = ["freely", "editable", "limited", "locked", "protected", "private"];
module.exports = function (sequelize, DataTypes) {
var Note = sequelize.define("Note", {
@ -333,7 +333,7 @@ module.exports = function (sequelize, DataTypes) {
if (meta.slideOptions && (typeof meta.slideOptions == "object"))
_meta.slideOptions = meta.slideOptions;
}
return _meta;
return _meta;
},
updateAuthorshipByOperation: function (operation, userId, authorships) {
var index = 0;
@ -532,4 +532,4 @@ module.exports = function (sequelize, DataTypes) {
});
return Note;
};
};

11
lib/models/user.js
View file

@ -7,6 +7,7 @@ var scrypt = require('scrypt');
// core
var logger = require("../logger.js");
var letterAvatars = require('../letter-avatars.js');
module.exports = function (sequelize, DataTypes) {
var User = sequelize.define("User", {
@ -105,6 +106,16 @@ module.exports = function (sequelize, DataTypes) {
case "google":
photo = profile.photos[0].value.replace(/(\?sz=)\d*$/i, '$196');
break;
case "ldap":
//no image api provided,
//use gravatar if email exists,
//otherwise generate a letter avatar
if (profile.emails[0]) {
photo = 'https://www.gravatar.com/avatar/' + md5(profile.emails[0]) + '?s=96';
} else {
photo = letterAvatars(profile.username);
}
break;
}
return photo;
},

54
lib/realtime.js
View file

@ -251,13 +251,13 @@ function getStatus(callback) {
return logger.error('count user failed: ' + err);
});
}).catch(function (err) {
return logger.error('count note failed: ' + err);
return logger.error('count note failed: ' + err);
});
}
function isReady() {
return realtime.io
&& Object.keys(notes).length == 0 && Object.keys(users).length == 0
return realtime.io
&& Object.keys(notes).length == 0 && Object.keys(users).length == 0
&& connectionSocketQueue.length == 0 && !isConnectionBusy
&& disconnectSocketQueue.length == 0 && !isDisconnectBusy;
}
@ -374,7 +374,7 @@ function finishConnection(socket, note, user) {
return interruptConnection(socket, note, user);
}
//check view permission
if (note.permission == 'private') {
if (note.permission == 'limited' || note.permission == 'protected' || note.permission == 'private') {
if (socket.request.user && socket.request.user.logged_in && socket.request.user.id == note.owner) {
//na
} else {
@ -420,7 +420,7 @@ function finishConnection(socket, note, user) {
function startConnection(socket) {
if (isConnectionBusy) return;
isConnectionBusy = true;
var noteId = socket.noteId;
if (!noteId) {
return failConnection(404, 'note id not found', socket);
@ -521,7 +521,7 @@ function disconnect(socket) {
logger.info("SERVER disconnected a client");
logger.info(JSON.stringify(users[socket.id]));
}
if (users[socket.id]) {
delete users[socket.id];
}
@ -618,12 +618,12 @@ function ifMayEdit(socket, callback) {
case "freely":
//not blocking anyone
break;
case "editable":
case "editable": case "limited":
//only login user can change
if (!socket.request.user || !socket.request.user.logged_in)
mayEdit = false;
break;
case "locked": case "private":
case "locked": case "private": case "protected":
//only owner can change
if (!note.owner || note.owner != socket.request.user.id)
mayEdit = false;
@ -652,17 +652,25 @@ function operationCallback(socket, operation) {
if (!user) return;
userId = socket.request.user.id;
if (!note.authors[userId]) {
models.Author.create({
noteId: noteId,
userId: userId,
color: user.color
}).then(function (author) {
note.authors[author.userId] = {
userid: author.userId,
color: author.color,
photo: user.photo,
name: user.name
};
models.Author.findOrCreate({
where: {
noteId: noteId,
userId: userId
},
defaults: {
noteId: noteId,
userId: userId,
color: user.color
}
}).spread(function (author, created) {
if (author) {
note.authors[author.userId] = {
userid: author.userId,
color: author.color,
photo: user.photo,
name: user.name
};
}
}).catch(function (err) {
return logger.error('operation callback failed: ' + err);
});
@ -672,7 +680,7 @@ function operationCallback(socket, operation) {
var noteId = note.alias ? note.alias : LZString.compressToBase64(note.id);
if (note.server) history.updateHistory(userId, noteId, note.server.document);
}, 0);
}
// save authorship
note.authorship = models.Note.updateAuthorshipByOperation(operation, userId, note.authorship);
@ -689,10 +697,10 @@ function connection(socket) {
}
if (isDuplicatedInSocketQueue(socket, connectionSocketQueue)) return;
// store noteId in this socket session
socket.noteId = noteId;
//initialize user data
//random color
var color = randomcolor();
@ -782,7 +790,7 @@ function connection(socket) {
var sock = note.socks[i];
if (typeof sock !== 'undefined' && sock) {
//check view permission
if (permission == 'private') {
if (permission == 'limited' || permission == 'protected' || permission == 'private') {
if (sock.request.user && sock.request.user.logged_in && sock.request.user.id == note.owner) {
//na
} else {

12
lib/response.js
View file

@ -66,7 +66,9 @@ function showIndex(req, res, next) {
gitlab: config.gitlab,
dropbox: config.dropbox,
google: config.google,
ldap: config.ldap,
email: config.email,
allowemailregister: config.allowemailregister,
signin: req.isAuthenticated(),
infoMessage: req.flash('info'),
errorMessage: req.flash('error')
@ -94,6 +96,7 @@ function responseHackMD(res, note) {
gitlab: config.gitlab,
dropbox: config.dropbox,
google: config.google,
ldap: config.ldap,
email: config.email
});
}
@ -122,6 +125,11 @@ function checkViewPermission(req, note) {
return false;
else
return true;
} else if (note.permission == 'limited' || note.permission == 'protected') {
if( !req.isAuthenticated() ) {
return false;
}
return true;
} else {
return true;
}
@ -161,7 +169,7 @@ function showNote(req, res, next) {
findNote(req, res, function (note) {
// force to use note id
var noteId = req.params.noteId;
var id = LZString.compressToBase64(note.id);
var id = LZString.compressToBase64(note.id);
if ((note.alias && noteId != note.alias) || (!note.alias && noteId != id))
return res.redirect(config.serverurl + "/" + (note.alias || id));
return responseHackMD(res, note);
@ -413,7 +421,7 @@ function publishSlideActions(req, res, next) {
res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id)));
break;
default:
res.redirect(config.serverurl + '/p/' + note.shortid);
res.redirect(config.serverurl + '/p/' + note.shortid);
break;
}
});