spacedeck-open/middlewares/space_helpers.js
2020-04-09 17:27:14 +02:00

114 lines
2.8 KiB
JavaScript

'use strict';
const db = require('../models/db');
var config = require('config');
module.exports = (req, res, next) => {
let spaceId = req.params.id;
let finalizeReq = (space, role) => {
if (role === "none") {
res.status(403).json({
"error": "access denied"
});
} else {
req['space'] = space;
req['spaceRole'] = role;
res.header("x-spacedeck-space-role", req['spaceRole']);
next();
}
};
var finalizeAnonymousLogin = function(space, spaceAuth) {
var role = "none";
if (spaceAuth && (spaceAuth === space.edit_hash)) {
role = "editor";
} else {
if (space.access_mode == "public") {
role = "viewer";
} else {
role = "none";
}
}
if (req.user) {
db.getUserRoleInSpace(space, req.user, function(newRole) {
if (newRole == "admin" && (role == "editor" || role == "viewer")) {
finalizeReq(space, newRole);
} else if (newRole == "editor" && (role == "viewer")) {
finalizeReq(space, newRole);
} else {
finalizeReq(space, role);
}
});
} else {
finalizeReq(space, role);
}
};
var userMapping = {
'_id': 1,
'nickname': 1,
'email': 1
};
db.Space.findOne({where: {
"_id": spaceId
}}).then(function(space) {
if (space) {
if (space.access_mode == "public") {
if (space.password) {
if (req.spacePassword) {
if (req.spacePassword === space.password) {
finalizeAnonymousLogin(space, req["spaceAuth"]);
} else {
res.status(403).json({
"error": "password_wrong"
});
}
} else {
res.status(401).json({
"error": "password_required"
});
}
} else {
finalizeAnonymousLogin(space, req["spaceAuth"]);
}
} else {
// space is private
// special permission for screenshot/pdf export from backend
if (req.query['api_token'] && req.query['api_token'] == config.get('phantom_api_secret')) {
finalizeReq(space, "viewer");
return;
}
if (req.user) {
db.getUserRoleInSpace(space, req.user, function(role) {
if (role == "none") {
finalizeAnonymousLogin(space, req["spaceAuth"]);
} else {
finalizeReq(space, role);
}
});
} else {
if (req.spaceAuth && space.edit_hash) {
finalizeAnonymousLogin(space, req["spaceAuth"]);
} else {
res.status(403).json({
"error": "auth_required"
});
}
}
}
} else {
res.status(404).json({
"error": "space_not_found"
});
}
});
}