multi user auth

This commit is contained in:
Jan Prochazka
2022-03-21 20:21:07 +01:00
parent 487d4afd70
commit a1b7ad18af
8 changed files with 116 additions and 55 deletions

View File

@@ -3,7 +3,7 @@ const os = require('os');
const path = require('path');
const axios = require('axios');
const { datadir } = require('../utility/directories');
const hasPermission = require('../utility/hasPermission');
const { hasPermission, getLogins } = require('../utility/hasPermission');
const socket = require('../utility/socket');
const _ = require('lodash');
const AsyncLock = require('async-lock');
@@ -26,8 +26,10 @@ module.exports = {
// },
get_meta: true,
async get() {
const permissions = process.env.PERMISSIONS ? process.env.PERMISSIONS.split(',') : null;
async get(_params, req) {
const logins = getLogins();
const login = logins ? logins.find(x => x.login == (req.auth && req.auth.user)) : null;
const permissions = login ? login.permissions : null;
return {
runAsPortal: !!connections.portalConnections,
@@ -67,8 +69,8 @@ module.exports = {
},
updateSettings_meta: true,
async updateSettings(values) {
if (!hasPermission(`settings/change`)) return false;
async updateSettings(values, req) {
if (!hasPermission(`settings/change`, req)) return false;
const res = await lock.acquire('update', async () => {
const currentValue = await this.getSettings();

View File

@@ -3,7 +3,7 @@ const fs = require('fs-extra');
const path = require('path');
const { filesdir, archivedir, resolveArchiveFolder, uploadsdir, appdir } = require('../utility/directories');
const getChartExport = require('../utility/getChartExport');
const hasPermission = require('../utility/hasPermission');
const { hasPermission } = require('../utility/hasPermission');
const socket = require('../utility/socket');
const scheduler = require('./scheduler');
const getDiagramExport = require('../utility/getDiagramExport');
@@ -23,8 +23,8 @@ function deserialize(format, text) {
module.exports = {
list_meta: true,
async list({ folder }) {
if (!hasPermission(`files/${folder}/read`)) return [];
async list({ folder }, req) {
if (!hasPermission(`files/${folder}/read`, req)) return [];
const dir = path.join(filesdir(), folder);
if (!(await fs.exists(dir))) return [];
const files = (await fs.readdir(dir)).map(file => ({ folder, file }));
@@ -32,11 +32,11 @@ module.exports = {
},
listAll_meta: true,
async listAll() {
async listAll(_params, req) {
const folders = await fs.readdir(filesdir());
const res = [];
for (const folder of folders) {
if (!hasPermission(`files/${folder}/read`)) continue;
if (!hasPermission(`files/${folder}/read`, req)) continue;
const dir = path.join(filesdir(), folder);
const files = (await fs.readdir(dir)).map(file => ({ folder, file }));
res.push(...files);
@@ -45,8 +45,8 @@ module.exports = {
},
delete_meta: true,
async delete({ folder, file }) {
if (!hasPermission(`files/${folder}/write`)) return false;
async delete({ folder, file }, req) {
if (!hasPermission(`files/${folder}/write`, req)) return false;
await fs.unlink(path.join(filesdir(), folder, file));
socket.emitChanged(`files-changed-${folder}`);
socket.emitChanged(`all-files-changed`);
@@ -54,8 +54,8 @@ module.exports = {
},
rename_meta: true,
async rename({ folder, file, newFile }) {
if (!hasPermission(`files/${folder}/write`)) return false;
async rename({ folder, file, newFile }, req) {
if (!hasPermission(`files/${folder}/write`, req)) return false;
await fs.rename(path.join(filesdir(), folder, file), path.join(filesdir(), folder, newFile));
socket.emitChanged(`files-changed-${folder}`);
socket.emitChanged(`all-files-changed`);
@@ -63,8 +63,8 @@ module.exports = {
},
copy_meta: true,
async copy({ folder, file, newFile }) {
if (!hasPermission(`files/${folder}/write`)) return false;
async copy({ folder, file, newFile }, req) {
if (!hasPermission(`files/${folder}/write`, req)) return false;
await fs.copyFile(path.join(filesdir(), folder, file), path.join(filesdir(), folder, newFile));
socket.emitChanged(`files-changed-${folder}`);
socket.emitChanged(`all-files-changed`);
@@ -72,7 +72,7 @@ module.exports = {
},
load_meta: true,
async load({ folder, file, format }) {
async load({ folder, file, format }, req) {
if (folder.startsWith('archive:')) {
const text = await fs.readFile(path.join(resolveArchiveFolder(folder.substring('archive:'.length)), file), {
encoding: 'utf-8',
@@ -84,22 +84,22 @@ module.exports = {
});
return deserialize(format, text);
} else {
if (!hasPermission(`files/${folder}/read`)) return null;
if (!hasPermission(`files/${folder}/read`, req)) return null;
const text = await fs.readFile(path.join(filesdir(), folder, file), { encoding: 'utf-8' });
return deserialize(format, text);
}
},
save_meta: true,
async save({ folder, file, data, format }) {
async save({ folder, file, data, format }, req) {
if (folder.startsWith('archive:')) {
if (!hasPermission(`archive/write`)) return false;
if (!hasPermission(`archive/write`, req)) return false;
const dir = resolveArchiveFolder(folder.substring('archive:'.length));
await fs.writeFile(path.join(dir, file), serialize(format, data));
socket.emitChanged(`archive-files-changed-${folder.substring('archive:'.length)}`);
return true;
} else if (folder.startsWith('app:')) {
if (!hasPermission(`apps/write`)) return false;
if (!hasPermission(`apps/write`, req)) return false;
const app = folder.substring('app:'.length);
await fs.writeFile(path.join(appdir(), app, file), serialize(format, data));
socket.emitChanged(`app-files-changed-${app}`);
@@ -107,7 +107,7 @@ module.exports = {
apps.emitChangedDbApp(folder);
return true;
} else {
if (!hasPermission(`files/${folder}/write`)) return false;
if (!hasPermission(`files/${folder}/write`, req)) return false;
const dir = path.join(filesdir(), folder);
if (!(await fs.exists(dir))) {
await fs.mkdir(dir);
@@ -128,8 +128,8 @@ module.exports = {
},
favorites_meta: true,
async favorites() {
if (!hasPermission(`files/favorites/read`)) return [];
async favorites(_params, req) {
if (!hasPermission(`files/favorites/read`, req)) return [];
const dir = path.join(filesdir(), 'favorites');
if (!(await fs.exists(dir))) return [];
const files = await fs.readdir(dir);

View File

@@ -7,7 +7,7 @@ const socket = require('../utility/socket');
const compareVersions = require('compare-versions');
const requirePlugin = require('../shell/requirePlugin');
const downloadPackage = require('../utility/downloadPackage');
const hasPermission = require('../utility/hasPermission');
const { hasPermission } = require('../utility/hasPermission');
const _ = require('lodash');
const packagedPluginsContent = require('../packagedPluginsContent');
@@ -115,8 +115,8 @@ module.exports = {
// },
install_meta: true,
async install({ packageName }) {
if (!hasPermission(`plugins/install`)) return;
async install({ packageName }, req) {
if (!hasPermission(`plugins/install`, req)) return;
const dir = path.join(pluginsdir(), packageName);
// @ts-ignore
if (!(await fs.exists(dir))) {
@@ -128,8 +128,8 @@ module.exports = {
},
uninstall_meta: true,
async uninstall({ packageName }) {
if (!hasPermission(`plugins/install`)) return;
async uninstall({ packageName }, req) {
if (!hasPermission(`plugins/install`, req)) return;
const dir = path.join(pluginsdir(), packageName);
await fs.rmdir(dir, { recursive: true });
socket.emitChanged(`installed-plugins-changed`);
@@ -138,8 +138,8 @@ module.exports = {
},
upgrade_meta: true,
async upgrade({ packageName }) {
if (!hasPermission(`plugins/install`)) return;
async upgrade({ packageName }, req) {
if (!hasPermission(`plugins/install`, req)) return;
const dir = path.join(pluginsdir(), packageName);
// @ts-ignore
if (await fs.exists(dir)) {

View File

@@ -3,7 +3,7 @@ const fs = require('fs-extra');
const path = require('path');
const cron = require('node-cron');
const runners = require('./runners');
const hasPermission = require('../utility/hasPermission');
const { hasPermission } = require('../utility/hasPermission');
const scheduleRegex = /\s*\/\/\s*@schedule\s+([^\n]+)\n/;
@@ -26,8 +26,8 @@ module.exports = {
this.tasks.push(task);
},
async reload() {
if (!hasPermission('files/shell/read')) return;
async reload(_params, req) {
if (!hasPermission('files/shell/read', req)) return;
const shellDir = path.join(filesdir(), 'shell');
await this.unload();
if (!(await fs.exists(shellDir))) return;