clannad
Version:
data storage service with RESTful APIs.
504 lines (397 loc) • 14.6 kB
JavaScript
'use strict';
Object.defineProperty(exports, "__esModule", {
value: true
});
var _regenerator = require('babel-runtime/regenerator');
var _regenerator2 = _interopRequireDefault(_regenerator);
var _asyncToGenerator2 = require('babel-runtime/helpers/asyncToGenerator');
var _asyncToGenerator3 = _interopRequireDefault(_asyncToGenerator2);
var _project = require('../models/project');
var _project2 = _interopRequireDefault(_project);
var _resterror = require('../services/resterror');
var _resterror2 = _interopRequireDefault(_resterror);
var _model = require('../services/model');
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
var checkRoute = function checkRoute(param) {
if (param && (param === 'admin' || param === 'table')) throw new _resterror2.default(400, 'ROUTE_PARAMS_ERR', 'projectName unexpand \'admin\' or \'table\'');
};
var dealCheck = function () {
var ref = (0, _asyncToGenerator3.default)(_regenerator2.default.mark(function _callee(ctx, needAuth, isDIY) {
var ownAuth, errAuth;
return _regenerator2.default.wrap(function _callee$(_context) {
while (1) {
switch (_context.prev = _context.next) {
case 0:
_context.next = 2;
return Auth.check(ctx, needAuth);
case 2:
ownAuth = _context.sent;
if (Array.isArray(ownAuth)) {
_context.next = 5;
break;
}
throw new _resterror2.default(400, 'AUTH_PARAMS_ERR', 'function error, authCheck function should return authArray');
case 5:
errAuth = needAuth.filter(function (item) {
return ownAuth.indexOf(item) === -1;
});
if (!errAuth.length) {
_context.next = 10;
break;
}
if (isDIY) {
_context.next = 9;
break;
}
throw new _resterror2.default(403, 'AUTH_VALIDATE_ERR', 'permission not enough, ' + errAuth + ' is required');
case 9:
return _context.abrupt('return', false);
case 10:
return _context.abrupt('return', true);
case 11:
case 'end':
return _context.stop();
}
}
}, _callee, undefined);
}));
return function dealCheck(_x, _x2, _x3) {
return ref.apply(this, arguments);
};
}();
var Auth = {
name: 'REST',
check: function check() {
var _this = this;
return (0, _asyncToGenerator3.default)(_regenerator2.default.mark(function _callee2() {
return _regenerator2.default.wrap(function _callee2$(_context2) {
while (1) {
switch (_context2.prev = _context2.next) {
case 0:
return _context2.abrupt('return', []);
case 1:
case 'end':
return _context2.stop();
}
}
}, _callee2, _this);
}))();
},
isMaster: function isMaster(ctx, next) {
var _this2 = this;
return (0, _asyncToGenerator3.default)(_regenerator2.default.mark(function _callee3() {
return _regenerator2.default.wrap(function _callee3$(_context3) {
while (1) {
switch (_context3.prev = _context3.next) {
case 0:
_context3.next = 2;
return dealCheck(ctx, [Auth.name + '.MASTER']);
case 2:
if (!_context3.sent) {
_context3.next = 4;
break;
}
return _context3.abrupt('return', next());
case 4:
case 'end':
return _context3.stop();
}
}
}, _callee3, _this2);
}))();
},
isRoot: function isRoot(ctx, next) {
var _this3 = this;
return (0, _asyncToGenerator3.default)(_regenerator2.default.mark(function _callee4() {
var projectName;
return _regenerator2.default.wrap(function _callee4$(_context4) {
while (1) {
switch (_context4.prev = _context4.next) {
case 0:
_context4.next = 2;
return Auth.setCORS(ctx, true);
case 2:
// 检查是否有某项目的管理员权限
projectName = ctx.params.projectName || ctx.req.body.name;
if (projectName) {
_context4.next = 7;
break;
}
throw new _resterror2.default(400, 'AUTH_PARAMS_ERR', 'missing param \'' + (ctx.params.projectName ? 'projectName' : 'name') + '\'');
case 7:
_context4.next = 9;
return dealCheck(ctx, [Auth.name + '.' + projectName.toUpperCase() + '.ROOT']);
case 9:
if (!_context4.sent) {
_context4.next = 11;
break;
}
return _context4.abrupt('return', next());
case 11:
case 'end':
return _context4.stop();
}
}
}, _callee4, _this3);
}))();
},
setCORS: function setCORS(ctx, isRoot) {
var _this4 = this;
return (0, _asyncToGenerator3.default)(_regenerator2.default.mark(function _callee5() {
var cors, origin, headers;
return _regenerator2.default.wrap(function _callee5$(_context5) {
while (1) {
switch (_context5.prev = _context5.next) {
case 0:
if (ctx.headers.origin) {
_context5.next = 2;
break;
}
return _context5.abrupt('return');
case 2:
if (!(isRoot || !ctx.params)) {
_context5.next = 6;
break;
}
_context5.t0 = null;
_context5.next = 9;
break;
case 6:
_context5.next = 8;
return (0, _model.getCORS)(ctx.params.projectName);
case 8:
_context5.t0 = _context5.sent;
case 9:
cors = _context5.t0;
origin = '';
if (cors && cors.indexOf(ctx.headers.origin) !== -1 || !cors) origin = ctx.headers.origin;
headers = {
'access-control-allow-credentials': true,
'access-control-allow-origin': origin
};
// 需要对 OPTIONS 和其他方法做出不同处理
if (ctx.method === 'OPTIONS') {
headers['access-control-allow-methods'] = 'GET, POST, PUT, DELETE, PATCH, OPTIONS';
headers['access-control-allow-headers'] = 'X-Requested-With, Content-Type, X-Token';
headers['access-control-max-age'] = 1728000;
}
ctx.set(headers);
case 15:
case 'end':
return _context5.stop();
}
}
}, _callee5, _this4);
}))();
},
fetchAuth: function fetchAuth(ctx, next) {
var _this5 = this;
return (0, _asyncToGenerator3.default)(_regenerator2.default.mark(function _callee6() {
var projects, pointers, authArr, ownAuth;
return _regenerator2.default.wrap(function _callee6$(_context6) {
while (1) {
switch (_context6.prev = _context6.next) {
case 0:
_context6.next = 2;
return Auth.setCORS(ctx, true);
case 2:
_context6.next = 4;
return _project2.default.find({}, '-__v').sort('-createdAt');
case 4:
projects = _context6.sent;
pointers = {};
authArr = projects.map(function (project) {
var value = Auth.name + '.' + project.name.toUpperCase() + '.ROOT';
pointers[project.name] = value;
return value;
});
_context6.next = 9;
return Auth.check(ctx, authArr);
case 9:
ownAuth = _context6.sent;
ctx.body = projects.filter(function (project) {
return ownAuth.indexOf(pointers[project.name]) !== -1;
});
case 11:
case 'end':
return _context6.stop();
}
}
}, _callee6, _this5);
}))();
},
hasTableAuth: function hasTableAuth(ctx, next) {
var _this6 = this;
return (0, _asyncToGenerator3.default)(_regenerator2.default.mark(function _callee7() {
var authErr, method, _ctx$params, projectName, tableName, auth;
return _regenerator2.default.wrap(function _callee7$(_context7) {
while (1) {
switch (_context7.prev = _context7.next) {
case 0:
_context7.next = 2;
return Auth.setCORS(ctx);
case 2:
// 获取当前用户对该表的使用权限
authErr = new _resterror2.default(403, 'AUTH_ERR', 'permission denied');
method = ctx.method.toLowerCase();
_ctx$params = ctx.params;
projectName = _ctx$params.projectName;
tableName = _ctx$params.tableName;
checkRoute(projectName);
_context7.next = 10;
return (0, _model.getAuths)(projectName);
case 10:
_context7.t0 = projectName + '.' + tableName;
auth = _context7.sent[_context7.t0];
if (auth) {
_context7.next = 14;
break;
}
throw new _resterror2.default(404, 'AUTH_NOTFOUND_ERR', 'table auths are not found');
case 14:
_context7.next = 16;
return dealCheck(ctx, [Auth.name + '.' + projectName.toUpperCase() + '.ROOT'], true);
case 16:
_context7.t1 = _context7.sent;
if (_context7.t1) {
_context7.next = 21;
break;
}
_context7.next = 20;
return dealCheck(ctx, [Auth.name + '.' + projectName.toUpperCase() + '.ADMIN'], true);
case 20:
_context7.t1 = _context7.sent;
case 21:
if (!_context7.t1) {
_context7.next = 27;
break;
}
ctx.req.auth = 'admin';
if (!auth.adminAuth[method]) {
_context7.next = 25;
break;
}
return _context7.abrupt('return', next());
case 25:
_context7.next = 43;
break;
case 27:
_context7.next = 29;
return dealCheck(ctx, [Auth.name + '.' + projectName.toUpperCase() + '.USER'], true);
case 29:
_context7.t2 = _context7.sent;
if (_context7.t2) {
_context7.next = 34;
break;
}
_context7.next = 33;
return (0, _model.hasToken)(ctx.headers['x-token'], projectName);
case 33:
_context7.t2 = _context7.sent;
case 34:
if (!_context7.t2) {
_context7.next = 40;
break;
}
ctx.req.auth = 'user';
if (!auth.userAuth[ctx.method.toLowerCase()]) {
_context7.next = 38;
break;
}
return _context7.abrupt('return', next());
case 38:
_context7.next = 43;
break;
case 40:
ctx.req.auth = 'visitor';
if (!auth.visitorAuth[ctx.method.toLowerCase()]) {
_context7.next = 43;
break;
}
return _context7.abrupt('return', next());
case 43:
throw authErr;
case 44:
case 'end':
return _context7.stop();
}
}
}, _callee7, _this6);
}))();
},
getProjectAuth: function getProjectAuth(ctx) {
var _this7 = this;
return (0, _asyncToGenerator3.default)(_regenerator2.default.mark(function _callee8() {
var auth, projectName;
return _regenerator2.default.wrap(function _callee8$(_context8) {
while (1) {
switch (_context8.prev = _context8.next) {
case 0:
_context8.next = 2;
return Auth.setCORS(ctx);
case 2:
auth = 0;
projectName = ctx.params.projectName;
_context8.next = 6;
return dealCheck(ctx, [Auth.name + '.' + projectName.toUpperCase() + '.MASTER'], true);
case 6:
if (!_context8.sent) {
_context8.next = 10;
break;
}
auth = 3;
_context8.next = 30;
break;
case 10:
_context8.next = 12;
return dealCheck(ctx, [Auth.name + '.' + projectName.toUpperCase() + '.ROOT'], true);
case 12:
_context8.t0 = _context8.sent;
if (_context8.t0) {
_context8.next = 17;
break;
}
_context8.next = 16;
return dealCheck(ctx, [Auth.name + '.' + projectName.toUpperCase() + '.ADMIN'], true);
case 16:
_context8.t0 = _context8.sent;
case 17:
if (!_context8.t0) {
_context8.next = 21;
break;
}
auth = 2;
_context8.next = 30;
break;
case 21:
_context8.next = 23;
return dealCheck(ctx, [Auth.name + '.' + projectName.toUpperCase() + '.USER'], true);
case 23:
_context8.t1 = _context8.sent;
if (_context8.t1) {
_context8.next = 28;
break;
}
_context8.next = 27;
return (0, _model.hasToken)(ctx.headers['x-token'], projectName);
case 27:
_context8.t1 = _context8.sent;
case 28:
if (!_context8.t1) {
_context8.next = 30;
break;
}
auth = 1;
case 30:
ctx.body = { auth: auth };
case 31:
case 'end':
return _context8.stop();
}
}
}, _callee8, _this7);
}))();
}
};
exports.default = Auth;
module.exports = exports['default'];