hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: deprecate middleware.isAdmin

Browse Source 
Also, handle admin logout timer in middleware.admin.checkPrivileges
v1.18.x
Julian Lam 4 years ago
parent 4439864ce0
commit 15e0731dd9
2 changed files with 33 additions and 10 deletions
Show Stats Download Patch File Download Diff File

40
src/middleware/admin.js
Unescape Escape View File

@ -103,18 +103,12 @@ middleware.renderFooter = async function (req, res, data) {
return await req.app.renderAsync('admin/footer', data); return await req.app.renderAsync('admin/footer', data);
}; };
middleware.checkPrivileges = async (req, res, next) => { middleware.checkPrivileges = helpers.try(async (req, res, next) => {
// Kick out guests, obviously // Kick out guests, obviously
if (!req.uid) { if (req.uid <= 0) {
return controllers.helpers.notAllowed(req, res); return controllers.helpers.notAllowed(req, res);
} }
// Users in "administrators" group are considered super admins
const isAdmin = await user.isAdministrator(req.uid);
if (isAdmin) {
return next();
}
// Otherwise, check for privilege based on page (if not in mapping, deny access) // Otherwise, check for privilege based on page (if not in mapping, deny access)
const path = req.path.replace(/^(\/api)?\/admin\/?/g, ''); const path = req.path.replace(/^(\/api)?\/admin\/?/g, '');
if (path) { if (path) {
@ -130,5 +124,31 @@ middleware.checkPrivileges = async (req, res, next) => {
} }
} }
next(); // Reject if they need to re-login (due to ACP timeout), otherwise extend logout timer
}; const loginTime = req.session.meta ? req.session.meta.datetime : 0;
const adminReloginDuration = meta.config.adminReloginDuration * 60000;
const disabled = meta.config.adminReloginDuration === 0;
if (disabled || (loginTime && parseInt(loginTime, 10) > Date.now() - adminReloginDuration)) {
const timeLeft = parseInt(loginTime, 10) - (Date.now() - adminReloginDuration);
if (req.session.meta && timeLeft < Math.min(300000, adminReloginDuration)) {
req.session.meta.datetime += Math.min(300000, adminReloginDuration);
console.log('dateitme updated, now', req.session.meta.datetime);
}
return next();
}
let returnTo = req.path;
if (nconf.get('relative_path')) {
returnTo = req.path.replace(new RegExp('^' + nconf.get('relative_path')), '');
}
returnTo = returnTo.replace(/^\/api/, '');
req.session.returnTo = returnTo;
req.session.forceLogin = 1;
if (res.locals.isAPI) {
controllers.helpers.formatApiResponse(401, res);
} else {
res.redirect(nconf.get('relative_path') + '/login?local=1');
}
});

3
src/middleware/user.js
Unescape Escape View File

@ -200,6 +200,9 @@ module.exports = function (middleware) {
}); });
middleware.isAdmin = helpers.try(async function isAdmin(req, res, next) { middleware.isAdmin = helpers.try(async function isAdmin(req, res, next) {
// TODO: Remove in v1.16.0
winston.warn('[middleware] middleware.isAdmin deprecated, use middleware.admin.checkPrivileges instead');
const isAdmin = await user.isAdministrator(req.uid); const isAdmin = await user.isAdministrator(req.uid);
if (!isAdmin) { if (!isAdmin) {

Write Preview
Loading…
Cancel
Save