Главная Обзор Помощь
Вход
mirrors
/
wekan
зеркало из https://github.com/wekan/wekan.git
2
0
Ответвить 0
Файлы Задачи 0 Вики
Дерево: 3e927b4e58
Ветки Метки
wekan
/
server
/
authentication.js

authentication.js 2.4 KB
История Исходник

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677 
  1. Meteor.startup(() => {
    2. 

  2. 

  3.   Accounts.validateLoginAttempt(function (options) {
    4. 

  4.     const user = options.user || {};
    5. 

  5.     return !user.loginDisabled;
    6. 

  6.   });
    7. 

  7. 

  8.   Authentication = {};
    9. 

  9. 

  10.   Authentication.checkUserId = function (userId) {
    11. 

  11.     if (userId === undefined) {
    12. 

  12.       const error = new Meteor.Error('Unauthorized', 'Unauthorized');
    13. 

  13.       error.statusCode = 401;
    14. 

  14.       throw error;
    15. 

  15.     }
    16. 

  16.     const admin = Users.findOne({ _id: userId, isAdmin: true });
    17. 

  17. 

  18.     if (admin === undefined) {
    19. 

  19.       const error = new Meteor.Error('Forbidden', 'Forbidden');
    20. 

  20.       error.statusCode = 403;
    21. 

  21.       throw error;
    22. 

  22.     }
    23. 

  23. 

  24.   };
    25. 

  25. 

  26.   // This will only check if the user is logged in.
    27. 

  27.   // The authorization checks for the user will have to be done inside each API endpoint
    28. 

  28.   Authentication.checkLoggedIn = function(userId) {
    29. 

  29.     if(userId === undefined) {
    30. 

  30.       const error = new Meteor.Error('Unauthorized', 'Unauthorized');
    31. 

  31.       error.statusCode = 401;
    32. 

  32.       throw error;
    33. 

  33.     }
    34. 

  34.   };
    35. 

  35. 

  36.   // An admin should be authorized to access everything, so we use a separate check for admins
    37. 

  37.   // This throws an error if otherReq is false and the user is not an admin
    38. 

  38.   Authentication.checkAdminOrCondition = function(userId, otherReq) {
    39. 

  39.     if(otherReq) return;
    40. 

  40.     const admin = Users.findOne({ _id: userId, isAdmin: true });
    41. 

  41.     if (admin === undefined) {
    42. 

  42.       const error = new Meteor.Error('Forbidden', 'Forbidden');
    43. 

  43.       error.statusCode = 403;
    44. 

  44.       throw error;
    45. 

  45.     }
    46. 

  46.   };
    47. 

  47. 

  48.   // Helper function. Will throw an error if the user does not have read only access to the given board
    49. 

  49.   Authentication.checkBoardAccess = function(userId, boardId) {
    50. 

  50.     Authentication.checkLoggedIn(userId);
    51. 

  51. 

  52.     const board = Boards.findOne({ _id: boardId });
    53. 

  53.     const normalAccess = board.permission === 'public' || board.members.some((e) => e.userId === userId);
    54. 

  54.     Authentication.checkAdminOrCondition(userId, normalAccess);
    55. 

  55.   };
    56. 

  56. 

  57.   if (Meteor.isServer) {
    58. 

  58.     ServiceConfiguration.configurations.upsert(
    59. 

  59.       { service: 'oidc' },
    60. 

  60.       {
    61. 

  61.         $set: {
    62. 

  62.           loginStyle: 'redirect',
    63. 

  63.           clientId: 'CLIENT_ID',
    64. 

  64.           secret: 'SECRET',
    65. 

  65.           serverUrl: 'https://my-server',
    66. 

  66.           authorizationEndpoint: '/oauth/authorize',
    67. 

  67.           userinfoEndpoint: '/oauth/userinfo',
    68. 

  68.           tokenEndpoint: '/oauth/token',
    69. 

  69.           idTokenWhitelistFields: [],
    70. 

  70.           requestPermissions: ['openid']
    71. 

  71.         }
    72. 

  72.       }
    73. 

  73.     );
    74. 

  74.     }
    75. 

  75. 

  76. });
    77. 

  77.