Refacto on all CNXID replacements in myaccess & consequences
This commit is contained in:
+23
-12
@@ -10,31 +10,42 @@ export class AccesRights {
|
|||||||
this.rights = config.accessRights
|
this.rights = config.accessRights
|
||||||
}
|
}
|
||||||
|
|
||||||
mustSubscribe(uid, roles) {
|
expandPattern(pattern, uid, cnxId=null) {
|
||||||
|
if(/\[CNXID\]/.test(pattern) && !cnxId) return(null)
|
||||||
|
let item = pattern.replace(/\[UID\]/g, uid)
|
||||||
|
if(cnxId) item = item.replace(/\[CNXID\]/g, cnxId)
|
||||||
|
return(item)
|
||||||
|
}
|
||||||
|
|
||||||
|
expandPatterns(patterns, uid, cnxId=null) {
|
||||||
|
return(patterns.map(item => this.expandPattern(item, uid, cnxId)).filter(item => item != null))
|
||||||
|
}
|
||||||
|
|
||||||
|
mustSubscribe(uid, roles, cnxId=null) {
|
||||||
if(roles.indexOf('*')<0) roles.push('*')
|
if(roles.indexOf('*')<0) roles.push('*')
|
||||||
let chans = []
|
let chans = []
|
||||||
for(let myRole of roles){
|
for(let myRole of roles){
|
||||||
for(let rightBlock of this.rights) {
|
for(let rightBlock of this.rights) {
|
||||||
if(!rightBlock.mustSubscribe) continue
|
if(!rightBlock.mustSubscribe) continue
|
||||||
if((rightBlock.roles=='*') || (rightBlock.roles.indexOf(myRole)>-1)) {
|
if((rightBlock.roles=='*') || (rightBlock.roles.indexOf(myRole)>-1)) {
|
||||||
chans = this.merge(chans, rightBlock.mustSubscribe.map(item=>item.replace(/\[UID\]/g,uid)))
|
chans = this.merge(chans, this.expandPatterns(rightBlock.mustSubscribe, uid, cnxId))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return(chans)
|
return(chans)
|
||||||
}
|
}
|
||||||
|
|
||||||
isMandatory(uid, roles, chan){
|
isMandatory(uid, roles, chan, cnxId=null){
|
||||||
return(this.mustSubscribe(uid, roles).filter(this.chanMatch.bind(this, chan)).length>0)
|
return(this.mustSubscribe(uid, roles, cnxId).filter(this.chanMatch.bind(this, chan)).length>0)
|
||||||
}
|
}
|
||||||
|
|
||||||
canSubscribe(uid, roles, myChan) {
|
canSubscribe(uid, roles, myChan, cnxId=null) {
|
||||||
if(roles.indexOf('*')<0) roles.push('*')
|
if(roles.indexOf('*')<0) roles.push('*')
|
||||||
for(let myRole of roles){
|
for(let myRole of roles){
|
||||||
for(let rightBlock of this.rights) {
|
for(let rightBlock of this.rights) {
|
||||||
if(!rightBlock.canSubscribe) continue
|
if(!rightBlock.canSubscribe) continue
|
||||||
if((rightBlock.roles=='*') || (rightBlock.roles.indexOf(myRole)>-1)) {
|
if((rightBlock.roles=='*') || (rightBlock.roles.indexOf(myRole)>-1)) {
|
||||||
let canSubList = rightBlock.canSubscribe.map(item=>item.replace(/\[UID\]/g, uid))
|
let canSubList = this.expandPatterns(rightBlock.canSubscribe, uid, cnxId)
|
||||||
if(canSubList.find(this.chanMatch.bind(this, myChan))) return(true)
|
if(canSubList.find(this.chanMatch.bind(this, myChan))) return(true)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -43,13 +54,13 @@ export class AccesRights {
|
|||||||
return(false)
|
return(false)
|
||||||
}
|
}
|
||||||
|
|
||||||
canPublish(uid, roles, myChan) {
|
canPublish(uid, roles, myChan, cnxId=null) {
|
||||||
if(roles.indexOf('*')<0) roles.push('*')
|
if(roles.indexOf('*')<0) roles.push('*')
|
||||||
for(let myRole of roles){
|
for(let myRole of roles){
|
||||||
for(let rightBlock of this.rights) {
|
for(let rightBlock of this.rights) {
|
||||||
if(!rightBlock.canPublish) continue
|
if(!rightBlock.canPublish) continue
|
||||||
if((rightBlock.roles=='*') || (rightBlock.roles.indexOf(myRole)>-1)) {
|
if((rightBlock.roles=='*') || (rightBlock.roles.indexOf(myRole)>-1)) {
|
||||||
let canPubList = rightBlock.canPublish.map(item=>item.replace(/\[UID\]/g, uid))
|
let canPubList = this.expandPatterns(rightBlock.canPublish, uid, cnxId)
|
||||||
if(canPubList.find(this.chanMatch.bind(this, myChan))) return(true)
|
if(canPubList.find(this.chanMatch.bind(this, myChan))) return(true)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -58,13 +69,13 @@ export class AccesRights {
|
|||||||
return(false)
|
return(false)
|
||||||
}
|
}
|
||||||
|
|
||||||
canSet(uid, roles, myKey){
|
canSet(uid, roles, myKey, cnxId=null){
|
||||||
if(roles.indexOf('*')<0) roles.push('*')
|
if(roles.indexOf('*')<0) roles.push('*')
|
||||||
for(let myRole of roles){
|
for(let myRole of roles){
|
||||||
for(let rightBlock of this.rights) {
|
for(let rightBlock of this.rights) {
|
||||||
if(!rightBlock.canSet) continue
|
if(!rightBlock.canSet) continue
|
||||||
if((rightBlock.roles=='*') || (rightBlock.roles.indexOf(myRole)>-1)) {
|
if((rightBlock.roles=='*') || (rightBlock.roles.indexOf(myRole)>-1)) {
|
||||||
let canSetList = rightBlock.canSet.map(item=>item.replace(/\[UID\]/g, uid))
|
let canSetList = this.expandPatterns(rightBlock.canSet, uid, cnxId)
|
||||||
if(canSetList.find(this.chanMatch.bind(this, myKey))) return(true)
|
if(canSetList.find(this.chanMatch.bind(this, myKey))) return(true)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -73,13 +84,13 @@ export class AccesRights {
|
|||||||
return(false)
|
return(false)
|
||||||
}
|
}
|
||||||
|
|
||||||
canGet(uid, roles, myKey){
|
canGet(uid, roles, myKey, cnxId=null){
|
||||||
if(roles.indexOf('*')<0) roles.push('*')
|
if(roles.indexOf('*')<0) roles.push('*')
|
||||||
for(let myRole of roles){
|
for(let myRole of roles){
|
||||||
for(let rightBlock of this.rights) {
|
for(let rightBlock of this.rights) {
|
||||||
if(!rightBlock.canGet) continue
|
if(!rightBlock.canGet) continue
|
||||||
if((rightBlock.roles=='*') || (rightBlock.roles.indexOf(myRole)>-1)) {
|
if((rightBlock.roles=='*') || (rightBlock.roles.indexOf(myRole)>-1)) {
|
||||||
let canGetList = rightBlock.canGet.map(item=>item.replace(/\[UID\]/g, uid))
|
let canGetList = this.expandPatterns(rightBlock.canGet, uid, cnxId)
|
||||||
if(canGetList.find(this.chanMatch.bind(this, myKey))) return(true)
|
if(canGetList.find(this.chanMatch.bind(this, myKey))) return(true)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
+11
-7
@@ -21,7 +21,8 @@ export const methods = {
|
|||||||
for(var chan of payload){
|
for(var chan of payload){
|
||||||
if((!chan) || (typeof(chan)!='string')) continue
|
if((!chan) || (typeof(chan)!='string')) continue
|
||||||
chan = chan.replace(/\[UID\]/g, this.userId)
|
chan = chan.replace(/\[UID\]/g, this.userId)
|
||||||
if(!this.accessRights.canSubscribe(this.userId, this.roles, chan)) {
|
chan = chan.replace(/\[CNXID\]/g, this.uuid)
|
||||||
|
if(!this.accessRights.canSubscribe(this.userId, this.roles, chan, this.uuid)) {
|
||||||
if(this.debug) console.log('SUB: No rights to this chan!', this.userId, this.roles, chan)
|
if(this.debug) console.log('SUB: No rights to this chan!', this.userId, this.roles, chan)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
@@ -73,8 +74,9 @@ export const methods = {
|
|||||||
let unSubscribed = []
|
let unSubscribed = []
|
||||||
for(var chan of payload){
|
for(var chan of payload){
|
||||||
if((!chan) || (typeof(chan)!='string')) continue
|
if((!chan) || (typeof(chan)!='string')) continue
|
||||||
chan = chan.replace(/\[UID\]/g, this.userId)
|
chan = chan.replace(/\[UID\]/g, this.userId)
|
||||||
if(this.accessRights.isMandatory(this.userId, this.roles, chan)) continue
|
chan = chan.replace(/\[CNXID\]/g, this.uuid)
|
||||||
|
if(this.accessRights.isMandatory(this.userId, this.roles, chan, this.uuid)) continue
|
||||||
|
|
||||||
let couldUnsubscribe = false
|
let couldUnsubscribe = false
|
||||||
for(const rediscnx of this.allRediscnx){
|
for(const rediscnx of this.allRediscnx){
|
||||||
@@ -148,7 +150,7 @@ export const methods = {
|
|||||||
return;
|
return;
|
||||||
};
|
};
|
||||||
|
|
||||||
if( (!this.accessRights.canPublish(this.userId, this.roles, payload.chan)) ) {
|
if( (!this.accessRights.canPublish(this.userId, this.roles, payload.chan, this.uuid)) ) {
|
||||||
this.sendErr(action, 'Unauthorized chan !', reqid);
|
this.sendErr(action, 'Unauthorized chan !', reqid);
|
||||||
if(this.debug) console.log('PUB: Unauthorized chan', payload.chan, this.userId, this.roles)
|
if(this.debug) console.log('PUB: Unauthorized chan', payload.chan, this.userId, this.roles)
|
||||||
return
|
return
|
||||||
@@ -228,15 +230,17 @@ export const methods = {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if( (!this.accessRights.canSubscribe(this.userId, this.roles, payload.channel)) ) {
|
payload.channel = payload.channel.replace(/\[UID\]/g, this.userId)
|
||||||
|
.replace(/\[CNXID\]/g, this.uuid)
|
||||||
|
if( (!this.accessRights.canSubscribe(this.userId, this.roles, payload.channel, this.uuid)) ) {
|
||||||
this.sendErr(action, 'CHANHIST: Unauthorized channel !', reqid)
|
this.sendErr(action, 'CHANHIST: Unauthorized channel !', reqid)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
const primaryRediscnx = this.allRediscnx.find(cnx => ((chan.startsWith(cnx.redisConfig.chansNamespace)) &&(cnx.redisConfig.role=='primary')) )
|
const primaryRediscnx = this.allRediscnx.find(cnx => ((payload.channel.startsWith(cnx.redisConfig.chansNamespace)) &&(cnx.redisConfig.role=='primary')) )
|
||||||
if(!primaryRediscnx){
|
if(!primaryRediscnx){
|
||||||
this.sendErr(action, 'No primary redis for this chan !', reqid);
|
this.sendErr(action, 'No primary redis for this chan !', reqid);
|
||||||
if(this.debug) console.log('CHANHIST: No primary redis for this chan ', chan)
|
if(this.debug) console.log('CHANHIST: No primary redis for this chan ', payload.channel)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
+2
-2
@@ -30,7 +30,7 @@ export const methods = {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!this.accessRights.canSet(this.userId, this.roles, payload.key)){
|
if(!this.accessRights.canSet(this.userId, this.roles, payload.key, this.uuid)){
|
||||||
this.sendErr(action, 'Unauthorized key !', reqid);
|
this.sendErr(action, 'Unauthorized key !', reqid);
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -92,7 +92,7 @@ export const methods = {
|
|||||||
return;
|
return;
|
||||||
};
|
};
|
||||||
|
|
||||||
if(!this.accessRights.canGet(this.userId, this.roles, payload.key)) {
|
if(!this.accessRights.canGet(this.userId, this.roles, payload.key, this.uuid)) {
|
||||||
console.log('Unauth GET key:',this.userId, this.roles, payload.key)
|
console.log('Unauth GET key:',this.userId, this.roles, payload.key)
|
||||||
this.sendErr(action, 'Unauthorized key !', reqid);
|
this.sendErr(action, 'Unauthorized key !', reqid);
|
||||||
return
|
return
|
||||||
|
|||||||
+1
-1
@@ -104,7 +104,7 @@ export class WssConnexion {
|
|||||||
}
|
}
|
||||||
|
|
||||||
subscribeMandatoryChans(){
|
subscribeMandatoryChans(){
|
||||||
let mandaChans = this.accessRights.mustSubscribe(this.userId, this.roles)
|
let mandaChans = this.accessRights.mustSubscribe(this.userId, this.roles, this.uuid)
|
||||||
for(let rediscnx of this.allRediscnx){
|
for(let rediscnx of this.allRediscnx){
|
||||||
mandaChans = mandaChans.filter(chan => chan.startsWith(rediscnx.redisConfig.chansNamespace))
|
mandaChans = mandaChans.filter(chan => chan.startsWith(rediscnx.redisConfig.chansNamespace))
|
||||||
mandaChans = mandaChans.map(item=>rediscnx.redisConfig.basePrefix+item)
|
mandaChans = mandaChans.map(item=>rediscnx.redisConfig.basePrefix+item)
|
||||||
|
|||||||
Reference in New Issue
Block a user