Refacto on all CNXID replacements in myaccess & consequences
This commit is contained in:
+23
-12
@@ -10,31 +10,42 @@ export class AccesRights {
|
||||
this.rights = config.accessRights
|
||||
}
|
||||
|
||||
mustSubscribe(uid, roles) {
|
||||
expandPattern(pattern, uid, cnxId=null) {
|
||||
if(/\[CNXID\]/.test(pattern) && !cnxId) return(null)
|
||||
let item = pattern.replace(/\[UID\]/g, uid)
|
||||
if(cnxId) item = item.replace(/\[CNXID\]/g, cnxId)
|
||||
return(item)
|
||||
}
|
||||
|
||||
expandPatterns(patterns, uid, cnxId=null) {
|
||||
return(patterns.map(item => this.expandPattern(item, uid, cnxId)).filter(item => item != null))
|
||||
}
|
||||
|
||||
mustSubscribe(uid, roles, cnxId=null) {
|
||||
if(roles.indexOf('*')<0) roles.push('*')
|
||||
let chans = []
|
||||
for(let myRole of roles){
|
||||
for(let rightBlock of this.rights) {
|
||||
if(!rightBlock.mustSubscribe) continue
|
||||
if((rightBlock.roles=='*') || (rightBlock.roles.indexOf(myRole)>-1)) {
|
||||
chans = this.merge(chans, rightBlock.mustSubscribe.map(item=>item.replace(/\[UID\]/g,uid)))
|
||||
chans = this.merge(chans, this.expandPatterns(rightBlock.mustSubscribe, uid, cnxId))
|
||||
}
|
||||
}
|
||||
}
|
||||
return(chans)
|
||||
}
|
||||
|
||||
isMandatory(uid, roles, chan){
|
||||
return(this.mustSubscribe(uid, roles).filter(this.chanMatch.bind(this, chan)).length>0)
|
||||
isMandatory(uid, roles, chan, cnxId=null){
|
||||
return(this.mustSubscribe(uid, roles, cnxId).filter(this.chanMatch.bind(this, chan)).length>0)
|
||||
}
|
||||
|
||||
canSubscribe(uid, roles, myChan) {
|
||||
canSubscribe(uid, roles, myChan, cnxId=null) {
|
||||
if(roles.indexOf('*')<0) roles.push('*')
|
||||
for(let myRole of roles){
|
||||
for(let rightBlock of this.rights) {
|
||||
if(!rightBlock.canSubscribe) continue
|
||||
if((rightBlock.roles=='*') || (rightBlock.roles.indexOf(myRole)>-1)) {
|
||||
let canSubList = rightBlock.canSubscribe.map(item=>item.replace(/\[UID\]/g, uid))
|
||||
let canSubList = this.expandPatterns(rightBlock.canSubscribe, uid, cnxId)
|
||||
if(canSubList.find(this.chanMatch.bind(this, myChan))) return(true)
|
||||
}
|
||||
}
|
||||
@@ -43,13 +54,13 @@ export class AccesRights {
|
||||
return(false)
|
||||
}
|
||||
|
||||
canPublish(uid, roles, myChan) {
|
||||
canPublish(uid, roles, myChan, cnxId=null) {
|
||||
if(roles.indexOf('*')<0) roles.push('*')
|
||||
for(let myRole of roles){
|
||||
for(let rightBlock of this.rights) {
|
||||
if(!rightBlock.canPublish) continue
|
||||
if((rightBlock.roles=='*') || (rightBlock.roles.indexOf(myRole)>-1)) {
|
||||
let canPubList = rightBlock.canPublish.map(item=>item.replace(/\[UID\]/g, uid))
|
||||
let canPubList = this.expandPatterns(rightBlock.canPublish, uid, cnxId)
|
||||
if(canPubList.find(this.chanMatch.bind(this, myChan))) return(true)
|
||||
}
|
||||
}
|
||||
@@ -58,13 +69,13 @@ export class AccesRights {
|
||||
return(false)
|
||||
}
|
||||
|
||||
canSet(uid, roles, myKey){
|
||||
canSet(uid, roles, myKey, cnxId=null){
|
||||
if(roles.indexOf('*')<0) roles.push('*')
|
||||
for(let myRole of roles){
|
||||
for(let rightBlock of this.rights) {
|
||||
if(!rightBlock.canSet) continue
|
||||
if((rightBlock.roles=='*') || (rightBlock.roles.indexOf(myRole)>-1)) {
|
||||
let canSetList = rightBlock.canSet.map(item=>item.replace(/\[UID\]/g, uid))
|
||||
let canSetList = this.expandPatterns(rightBlock.canSet, uid, cnxId)
|
||||
if(canSetList.find(this.chanMatch.bind(this, myKey))) return(true)
|
||||
}
|
||||
}
|
||||
@@ -73,13 +84,13 @@ export class AccesRights {
|
||||
return(false)
|
||||
}
|
||||
|
||||
canGet(uid, roles, myKey){
|
||||
canGet(uid, roles, myKey, cnxId=null){
|
||||
if(roles.indexOf('*')<0) roles.push('*')
|
||||
for(let myRole of roles){
|
||||
for(let rightBlock of this.rights) {
|
||||
if(!rightBlock.canGet) continue
|
||||
if((rightBlock.roles=='*') || (rightBlock.roles.indexOf(myRole)>-1)) {
|
||||
let canGetList = rightBlock.canGet.map(item=>item.replace(/\[UID\]/g, uid))
|
||||
let canGetList = this.expandPatterns(rightBlock.canGet, uid, cnxId)
|
||||
if(canGetList.find(this.chanMatch.bind(this, myKey))) return(true)
|
||||
}
|
||||
}
|
||||
|
||||
+10
-6
@@ -21,7 +21,8 @@ export const methods = {
|
||||
for(var chan of payload){
|
||||
if((!chan) || (typeof(chan)!='string')) continue
|
||||
chan = chan.replace(/\[UID\]/g, this.userId)
|
||||
if(!this.accessRights.canSubscribe(this.userId, this.roles, chan)) {
|
||||
chan = chan.replace(/\[CNXID\]/g, this.uuid)
|
||||
if(!this.accessRights.canSubscribe(this.userId, this.roles, chan, this.uuid)) {
|
||||
if(this.debug) console.log('SUB: No rights to this chan!', this.userId, this.roles, chan)
|
||||
continue
|
||||
}
|
||||
@@ -74,7 +75,8 @@ export const methods = {
|
||||
for(var chan of payload){
|
||||
if((!chan) || (typeof(chan)!='string')) continue
|
||||
chan = chan.replace(/\[UID\]/g, this.userId)
|
||||
if(this.accessRights.isMandatory(this.userId, this.roles, chan)) continue
|
||||
chan = chan.replace(/\[CNXID\]/g, this.uuid)
|
||||
if(this.accessRights.isMandatory(this.userId, this.roles, chan, this.uuid)) continue
|
||||
|
||||
let couldUnsubscribe = false
|
||||
for(const rediscnx of this.allRediscnx){
|
||||
@@ -148,7 +150,7 @@ export const methods = {
|
||||
return;
|
||||
};
|
||||
|
||||
if( (!this.accessRights.canPublish(this.userId, this.roles, payload.chan)) ) {
|
||||
if( (!this.accessRights.canPublish(this.userId, this.roles, payload.chan, this.uuid)) ) {
|
||||
this.sendErr(action, 'Unauthorized chan !', reqid);
|
||||
if(this.debug) console.log('PUB: Unauthorized chan', payload.chan, this.userId, this.roles)
|
||||
return
|
||||
@@ -228,15 +230,17 @@ export const methods = {
|
||||
return
|
||||
}
|
||||
|
||||
if( (!this.accessRights.canSubscribe(this.userId, this.roles, payload.channel)) ) {
|
||||
payload.channel = payload.channel.replace(/\[UID\]/g, this.userId)
|
||||
.replace(/\[CNXID\]/g, this.uuid)
|
||||
if( (!this.accessRights.canSubscribe(this.userId, this.roles, payload.channel, this.uuid)) ) {
|
||||
this.sendErr(action, 'CHANHIST: Unauthorized channel !', reqid)
|
||||
return
|
||||
}
|
||||
|
||||
const primaryRediscnx = this.allRediscnx.find(cnx => ((chan.startsWith(cnx.redisConfig.chansNamespace)) &&(cnx.redisConfig.role=='primary')) )
|
||||
const primaryRediscnx = this.allRediscnx.find(cnx => ((payload.channel.startsWith(cnx.redisConfig.chansNamespace)) &&(cnx.redisConfig.role=='primary')) )
|
||||
if(!primaryRediscnx){
|
||||
this.sendErr(action, 'No primary redis for this chan !', reqid);
|
||||
if(this.debug) console.log('CHANHIST: No primary redis for this chan ', chan)
|
||||
if(this.debug) console.log('CHANHIST: No primary redis for this chan ', payload.channel)
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
+2
-2
@@ -30,7 +30,7 @@ export const methods = {
|
||||
return
|
||||
}
|
||||
|
||||
if(!this.accessRights.canSet(this.userId, this.roles, payload.key)){
|
||||
if(!this.accessRights.canSet(this.userId, this.roles, payload.key, this.uuid)){
|
||||
this.sendErr(action, 'Unauthorized key !', reqid);
|
||||
return
|
||||
}
|
||||
@@ -92,7 +92,7 @@ export const methods = {
|
||||
return;
|
||||
};
|
||||
|
||||
if(!this.accessRights.canGet(this.userId, this.roles, payload.key)) {
|
||||
if(!this.accessRights.canGet(this.userId, this.roles, payload.key, this.uuid)) {
|
||||
console.log('Unauth GET key:',this.userId, this.roles, payload.key)
|
||||
this.sendErr(action, 'Unauthorized key !', reqid);
|
||||
return
|
||||
|
||||
+1
-1
@@ -104,7 +104,7 @@ export class WssConnexion {
|
||||
}
|
||||
|
||||
subscribeMandatoryChans(){
|
||||
let mandaChans = this.accessRights.mustSubscribe(this.userId, this.roles)
|
||||
let mandaChans = this.accessRights.mustSubscribe(this.userId, this.roles, this.uuid)
|
||||
for(let rediscnx of this.allRediscnx){
|
||||
mandaChans = mandaChans.filter(chan => chan.startsWith(rediscnx.redisConfig.chansNamespace))
|
||||
mandaChans = mandaChans.map(item=>rediscnx.redisConfig.basePrefix+item)
|
||||
|
||||
Reference in New Issue
Block a user