fix: Fixed socket.io guest authorization + rights

server/controllers/ws.js

@@ -1,10 +1,16 @@
 'use strict'
 
+/* global appconfig, rights */
 /* eslint-disable standard/no-callback-literal */
 
 const _ = require('lodash')
 
 module.exports = (socket) => {
+  // Check if Guest
+  if (!socket.request.user.logged_in) {
+    socket.request.user = _.assign(rights.guest, socket.request.user)
+  }
+
   // -----------------------------------------
   // SEARCH
   // -----------------------------------------
@@ -22,7 +28,7 @@ module.exports = (socket) => {
   // TREE VIEW (LIST ALL PAGES)
   // -----------------------------------------
 
-  if (socket.request.user.logged_in) {
+  if (appconfig.public || socket.request.user.logged_in) {
     socket.on('treeFetch', (data, cb) => {
       cb = cb || _.noop
       entries.getFromTree(data.basePath, socket.request.user).then((f) => {

server/index.js

@@ -92,14 +92,14 @@ require('./libs/auth')(passport)
 global.rights = require('./libs/rights')
 rights.init()
 
-var sessionStore = new SessionMongoStore({
+let sessionStore = new SessionMongoStore({
   mongooseConnection: db.connection,
   touchAfter: 15
 })
 
 app.use(cookieParser())
 app.use(session({
-  name: 'requarkswiki.sid',
+  name: 'wikijs.sid',
   store: sessionStore,
   secret: appconfig.sessionSecret,
   resave: false,
@@ -221,16 +221,15 @@ server.on('listening', () => {
 // ----------------------------------------
 
 io.use(passportSocketIo.authorize({
-  key: 'requarkswiki.sid',
+  key: 'wikijs.sid',
   store: sessionStore,
   secret: appconfig.sessionSecret,
-  passport,
   cookieParser,
   success: (data, accept) => {
     accept()
   },
   fail: (data, message, error, accept) => {
-    return accept(new Error(message))
+    accept()
   }
 }))
 

server/libs/entries.js

@@ -399,7 +399,6 @@ module.exports = {
   getFromTree (basePath, usr) {
     return db.Entry.find({ parentPath: basePath }, 'title parentPath isDirectory isEntry').sort({ title: 'asc' }).then(results => {
       return _.filter(results, r => {
-        console.log(r._id, rights.checkRole(r._id, usr.rights, 'read'))
         return rights.checkRole('/' + r._id, usr.rights, 'read')
       })
     })

server/views/error-forbidden.pug

@@ -22,7 +22,7 @@ html(data-logic='error')
 
   body(class='is-forbidden')
     .container
-      a(href='/'): img(src='/favicons/android-icon-96x96.png')
+      a(href='/'): img(src='/images/logo.png')
       h1 Forbidden
       h2 Sorry, you don't have the necessary permissions to access this page.
       a.button.is-amber.is-inverted(href='/') Go Home

server/views/error-notexist.pug

@@ -22,7 +22,7 @@ html(data-logic='error')
 
   body(class='is-notexist')
     .container
-      a(href='/'): img(src='/favicons/android-icon-96x96.png')
+      a(href='/'): img(src='/images/logo.png')
       h1= message
       h2 Would you like to create this entry?
       a.button.is-amber.is-inverted.is-featured(href='/create/' + newpath) Create

server/views/error.pug

@@ -22,7 +22,7 @@ html(data-logic='error')
 
   body(class='is-error')
     .container
-      a(href='/'): img(src='/favicons/android-icon-96x96.png')
+      a(href='/'): img(src='/images/logo.png')
       h1= message
       h2 Oops, something went wrong
       a.button.is-amber.is-inverted.is-featured(href='/') Go Home