|
|
|
@ -18,118 +18,114 @@ var controllers = {
|
|
|
|
helpers: require('../controllers/helpers'),
|
|
|
|
helpers: require('../controllers/helpers'),
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
module.exports = function (middleware) {
|
|
|
|
module.exports.buildHeader = helpers.try(async function (req, res, next) {
|
|
|
|
middleware.admin = {};
|
|
|
|
res.locals.renderAdminHeader = true;
|
|
|
|
|
|
|
|
res.locals.config = await controllers.api.loadConfig(req);
|
|
|
|
middleware.admin.buildHeader = helpers.try(async function (req, res, next) {
|
|
|
|
next();
|
|
|
|
res.locals.renderAdminHeader = true;
|
|
|
|
});
|
|
|
|
res.locals.config = await controllers.api.loadConfig(req);
|
|
|
|
|
|
|
|
next();
|
|
|
|
module.exports.renderHeader = async (req, res, data) => {
|
|
|
|
|
|
|
|
var custom_header = {
|
|
|
|
|
|
|
|
plugins: [],
|
|
|
|
|
|
|
|
authentication: [],
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
res.locals.config = res.locals.config || {};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
const results = await utils.promiseParallel({
|
|
|
|
|
|
|
|
userData: user.getUserFields(req.uid, ['username', 'userslug', 'email', 'picture', 'email:confirmed']),
|
|
|
|
|
|
|
|
scripts: getAdminScripts(),
|
|
|
|
|
|
|
|
custom_header: plugins.fireHook('filter:admin.header.build', custom_header),
|
|
|
|
|
|
|
|
configs: meta.configs.list(),
|
|
|
|
|
|
|
|
latestVersion: getLatestVersion(),
|
|
|
|
|
|
|
|
privileges: privileges.admin.get(req.uid),
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
middleware.admin.renderHeader = async (req, res, data) => {
|
|
|
|
var userData = results.userData;
|
|
|
|
var custom_header = {
|
|
|
|
userData.uid = req.uid;
|
|
|
|
plugins: [],
|
|
|
|
userData['email:confirmed'] = userData['email:confirmed'] === 1;
|
|
|
|
authentication: [],
|
|
|
|
userData.privileges = results.privileges;
|
|
|
|
};
|
|
|
|
|
|
|
|
res.locals.config = res.locals.config || {};
|
|
|
|
var acpPath = req.path.slice(1).split('/');
|
|
|
|
|
|
|
|
acpPath.forEach(function (path, i) {
|
|
|
|
const results = await utils.promiseParallel({
|
|
|
|
acpPath[i] = path.charAt(0).toUpperCase() + path.slice(1);
|
|
|
|
userData: user.getUserFields(req.uid, ['username', 'userslug', 'email', 'picture', 'email:confirmed']),
|
|
|
|
});
|
|
|
|
scripts: getAdminScripts(),
|
|
|
|
acpPath = acpPath.join(' > ');
|
|
|
|
custom_header: plugins.fireHook('filter:admin.header.build', custom_header),
|
|
|
|
|
|
|
|
configs: meta.configs.list(),
|
|
|
|
var version = nconf.get('version');
|
|
|
|
latestVersion: getLatestVersion(),
|
|
|
|
|
|
|
|
privileges: privileges.admin.get(req.uid),
|
|
|
|
res.locals.config.userLang = res.locals.config.acpLang || res.locals.config.userLang;
|
|
|
|
});
|
|
|
|
var templateValues = {
|
|
|
|
|
|
|
|
config: res.locals.config,
|
|
|
|
var userData = results.userData;
|
|
|
|
configJSON: jsesc(JSON.stringify(res.locals.config), { isScriptContext: true }),
|
|
|
|
userData.uid = req.uid;
|
|
|
|
relative_path: res.locals.config.relative_path,
|
|
|
|
userData['email:confirmed'] = userData['email:confirmed'] === 1;
|
|
|
|
adminConfigJSON: encodeURIComponent(JSON.stringify(results.configs)),
|
|
|
|
userData.privileges = results.privileges;
|
|
|
|
user: userData,
|
|
|
|
|
|
|
|
userJSON: jsesc(JSON.stringify(userData), { isScriptContext: true }),
|
|
|
|
var acpPath = req.path.slice(1).split('/');
|
|
|
|
plugins: results.custom_header.plugins,
|
|
|
|
acpPath.forEach(function (path, i) {
|
|
|
|
authentication: results.custom_header.authentication,
|
|
|
|
acpPath[i] = path.charAt(0).toUpperCase() + path.slice(1);
|
|
|
|
scripts: results.scripts,
|
|
|
|
});
|
|
|
|
'cache-buster': meta.config['cache-buster'] || '',
|
|
|
|
acpPath = acpPath.join(' > ');
|
|
|
|
env: !!process.env.NODE_ENV,
|
|
|
|
|
|
|
|
title: (acpPath || 'Dashboard') + ' | NodeBB Admin Control Panel',
|
|
|
|
var version = nconf.get('version');
|
|
|
|
bodyClass: data.bodyClass,
|
|
|
|
|
|
|
|
version: version,
|
|
|
|
res.locals.config.userLang = res.locals.config.acpLang || res.locals.config.userLang;
|
|
|
|
latestVersion: results.latestVersion,
|
|
|
|
var templateValues = {
|
|
|
|
upgradeAvailable: results.latestVersion && semver.gt(results.latestVersion, version),
|
|
|
|
config: res.locals.config,
|
|
|
|
|
|
|
|
configJSON: jsesc(JSON.stringify(res.locals.config), { isScriptContext: true }),
|
|
|
|
|
|
|
|
relative_path: res.locals.config.relative_path,
|
|
|
|
|
|
|
|
adminConfigJSON: encodeURIComponent(JSON.stringify(results.configs)),
|
|
|
|
|
|
|
|
user: userData,
|
|
|
|
|
|
|
|
userJSON: jsesc(JSON.stringify(userData), { isScriptContext: true }),
|
|
|
|
|
|
|
|
plugins: results.custom_header.plugins,
|
|
|
|
|
|
|
|
authentication: results.custom_header.authentication,
|
|
|
|
|
|
|
|
scripts: results.scripts,
|
|
|
|
|
|
|
|
'cache-buster': meta.config['cache-buster'] || '',
|
|
|
|
|
|
|
|
env: !!process.env.NODE_ENV,
|
|
|
|
|
|
|
|
title: (acpPath || 'Dashboard') + ' | NodeBB Admin Control Panel',
|
|
|
|
|
|
|
|
bodyClass: data.bodyClass,
|
|
|
|
|
|
|
|
version: version,
|
|
|
|
|
|
|
|
latestVersion: results.latestVersion,
|
|
|
|
|
|
|
|
upgradeAvailable: results.latestVersion && semver.gt(results.latestVersion, version),
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
templateValues.template = { name: res.locals.template };
|
|
|
|
|
|
|
|
templateValues.template[res.locals.template] = true;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return await req.app.renderAsync('admin/header', templateValues);
|
|
|
|
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
async function getAdminScripts() {
|
|
|
|
templateValues.template = { name: res.locals.template };
|
|
|
|
const scripts = await plugins.fireHook('filter:admin.scripts.get', []);
|
|
|
|
templateValues.template[res.locals.template] = true;
|
|
|
|
return scripts.map(function (script) {
|
|
|
|
|
|
|
|
return { src: script };
|
|
|
|
return await req.app.renderAsync('admin/header', templateValues);
|
|
|
|
});
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
async function getAdminScripts() {
|
|
|
|
|
|
|
|
const scripts = await plugins.fireHook('filter:admin.scripts.get', []);
|
|
|
|
|
|
|
|
return scripts.map(function (script) {
|
|
|
|
|
|
|
|
return { src: script };
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
async function getLatestVersion() {
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
|
|
|
const result = await versions.getLatestVersion();
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
|
|
|
} catch (err) {
|
|
|
|
|
|
|
|
winston.error('[acp] Failed to fetch latest version' + err.stack);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return null;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
async function getLatestVersion() {
|
|
|
|
module.exports.renderFooter = async function (req, res, data) {
|
|
|
|
try {
|
|
|
|
return await req.app.renderAsync('admin/footer', data);
|
|
|
|
const result = await versions.getLatestVersion();
|
|
|
|
};
|
|
|
|
return result;
|
|
|
|
|
|
|
|
} catch (err) {
|
|
|
|
module.exports.checkPrivileges = async (req, res, next) => {
|
|
|
|
winston.error('[acp] Failed to fetch latest version' + err.stack);
|
|
|
|
// Kick out guests, obviously
|
|
|
|
}
|
|
|
|
if (!req.uid) {
|
|
|
|
return null;
|
|
|
|
return controllers.helpers.notAllowed(req, res);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
middleware.admin.renderFooter = async function (req, res, data) {
|
|
|
|
// Users in "administrators" group are considered super admins
|
|
|
|
return await req.app.renderAsync('admin/footer', data);
|
|
|
|
const isAdmin = await user.isAdministrator(req.uid);
|
|
|
|
};
|
|
|
|
if (isAdmin) {
|
|
|
|
|
|
|
|
return next();
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
middleware.admin.checkPrivileges = async (req, res, next) => {
|
|
|
|
// Otherwise, check for privilege based on page (if not in mapping, deny access)
|
|
|
|
// Kick out guests, obviously
|
|
|
|
const path = req.path.replace(/^(\/api)?\/admin\/?/g, '');
|
|
|
|
if (!req.uid) {
|
|
|
|
if (path) {
|
|
|
|
|
|
|
|
const privilege = privileges.admin.resolve(path);
|
|
|
|
|
|
|
|
if (!privilege || !await privileges.admin.can(privilege, req.uid)) {
|
|
|
|
return controllers.helpers.notAllowed(req, res);
|
|
|
|
return controllers.helpers.notAllowed(req, res);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
} else {
|
|
|
|
// Users in "administrators" group are considered super admins
|
|
|
|
// If accessing /admin, check for any valid admin privs
|
|
|
|
const isAdmin = await user.isAdministrator(req.uid);
|
|
|
|
const privilegeSet = await privileges.admin.get(req.uid);
|
|
|
|
if (isAdmin) {
|
|
|
|
if (!Object.values(privilegeSet).some(Boolean)) {
|
|
|
|
return next();
|
|
|
|
return controllers.helpers.notAllowed(req, res);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Otherwise, check for privilege based on page (if not in mapping, deny access)
|
|
|
|
|
|
|
|
const path = req.path.replace(/^(\/api)?\/admin\/?/g, '');
|
|
|
|
|
|
|
|
if (path) {
|
|
|
|
|
|
|
|
const privilege = privileges.admin.resolve(path);
|
|
|
|
|
|
|
|
if (!privilege || !await privileges.admin.can(privilege, req.uid)) {
|
|
|
|
|
|
|
|
return controllers.helpers.notAllowed(req, res);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
// If accessing /admin, check for any valid admin privs
|
|
|
|
|
|
|
|
const privilegeSet = await privileges.admin.get(req.uid);
|
|
|
|
|
|
|
|
if (!Object.values(privilegeSet).some(Boolean)) {
|
|
|
|
|
|
|
|
return controllers.helpers.notAllowed(req, res);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
next();
|
|
|
|
next();
|
|
|
|
};
|
|
|
|
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
Julian Lam
5 years ago