Home Explore Help
Sign In
mirrors
/
wekan
mirror of https://github.com/wekan/wekan.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: 879a84184f
Branches Tags
wekan
/
server
/
authentication.js

authentication.js 2.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. import Fiber from 'fibers';
    2. 

  2. 

  3. Meteor.startup(() => {
    4. 

  4. 

  5.   // Node Fibers 100% CPU usage issue
    6. 

  6.   // https://github.com/wekan/wekan-mongodb/issues/2#issuecomment-381453161
    7. 

  7.   // https://github.com/meteor/meteor/issues/9796#issuecomment-381676326
    8. 

  8.   // https://github.com/sandstorm-io/sandstorm/blob/0f1fec013fe7208ed0fd97eb88b31b77e3c61f42/shell/server/00-startup.js#L99-L129
    9. 

  9.   Fiber.poolSize = 1e9;
    10. 

  10. 

  11.   Accounts.validateLoginAttempt(function (options) {
    12. 

  12.     const user = options.user || {};
    13. 

  13.     return !user.loginDisabled;
    14. 

  14.   });
    15. 

  15. 

  16.   Authentication = {};
    17. 

  17. 

  18.   Authentication.checkUserId = function (userId) {
    19. 

  19.     if (userId === undefined) {
    20. 

  20.       const error = new Meteor.Error('Unauthorized', 'Unauthorized');
    21. 

  21.       error.statusCode = 401;
    22. 

  22.       throw error;
    23. 

  23.     }
    24. 

  24.     const admin = Users.findOne({ _id: userId, isAdmin: true });
    25. 

  25. 

  26.     if (admin === undefined) {
    27. 

  27.       const error = new Meteor.Error('Forbidden', 'Forbidden');
    28. 

  28.       error.statusCode = 403;
    29. 

  29.       throw error;
    30. 

  30.     }
    31. 

  31. 

  32.   };
    33. 

  33. 

  34.   // This will only check if the user is logged in.
    35. 

  35.   // The authorization checks for the user will have to be done inside each API endpoint
    36. 

  36.   Authentication.checkLoggedIn = function(userId) {
    37. 

  37.     if(userId === undefined) {
    38. 

  38.       const error = new Meteor.Error('Unauthorized', 'Unauthorized');
    39. 

  39.       error.statusCode = 401;
    40. 

  40.       throw error;
    41. 

  41.     }
    42. 

  42.   };
    43. 

  43. 

  44.   // An admin should be authorized to access everything, so we use a separate check for admins
    45. 

  45.   // This throws an error if otherReq is false and the user is not an admin
    46. 

  46.   Authentication.checkAdminOrCondition = function(userId, otherReq) {
    47. 

  47.     if(otherReq) return;
    48. 

  48.     const admin = Users.findOne({ _id: userId, isAdmin: true });
    49. 

  49.     if (admin === undefined) {
    50. 

  50.       const error = new Meteor.Error('Forbidden', 'Forbidden');
    51. 

  51.       error.statusCode = 403;
    52. 

  52.       throw error;
    53. 

  53.     }
    54. 

  54.   };
    55. 

  55. 

  56.   // Helper function. Will throw an error if the user does not have read only access to the given board
    57. 

  57.   Authentication.checkBoardAccess = function(userId, boardId) {
    58. 

  58.     Authentication.checkLoggedIn(userId);
    59. 

  59. 

  60.     const board = Boards.findOne({ _id: boardId });
    61. 

  61.     const normalAccess = board.permission === 'public' || board.members.some((e) => e.userId === userId);
    62. 

  62.     Authentication.checkAdminOrCondition(userId, normalAccess);
    63. 

  63.   };
    64. 

  64. 

  65. });
    66. 

  66.