UNPKG

on-http-y1

Version:

OnRack Http Server

github.com/RackHD/on-http

RackHD/on-http

100 lines (86 loc) 3.78 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
// Copyright 2016, EMC Inc. 'use strict'; var injector = require('../../../index.js').injector; var controller = injector.get('Http.Services.Swagger').controller; var _ = injector.get('_'); // jshint ignore:line var configuration = injector.get('Services.Configuration'); var accountService = injector.get('Http.Services.Api.Account'); var Errors = injector.get('Errors'); var Promise = injector.get('Promise'); var assert = injector.get('Assert'); var addUser = controller({success: 201}, function(req, res) { var userObj = _.pick(req.swagger.params.body.value, ['username', 'password', 'role']); var localUserException = configuration.get('enableLocalHostException', true); userObj.role = userObj.role || 'ReadOnly'; //TODO: move to Constants when Role code is added return Promise.try(function() { assert.string(userObj.username); assert.string(userObj.password); assert.string(userObj.role); return accountService.listUsers(); }) .then(function(users) { if((!users.length && localUserException && res.locals.ipAddress === '127.0.0.1') || _.isEmpty(_.filter(users, {role: 'Administrator'}))) { // Only when there are no users, and the remote is a local connection, and we // permit it, then let them add the first user. // Added backdoor process to add an Administrator, in case there are none. return accountService.createUser(userObj) .then(function(user) { return _.pick(user, ['username', 'role']); }); } if( req.isAuthenticated && req.isAuthenticated() ) { return accountService.createUser(userObj) .then(function(user) { return _.pick(user, ['username', 'role']); }); } throw new Errors.UnauthorizedError('Unauthorized'); }); }); var modifyUser = controller(function(req) { var name = req.swagger.params.name.value; var userObj = _.pick(req.swagger.params.body.value, ['password', 'role']); var configureUsersAllows = ['password', 'role']; var configureSelfAllows = ['password']; return Promise.try(function() { if(!req.isAuthenticated || !req.isAuthenticated()) { throw new Errors.UnauthorizedError('Unauthorized'); } return accountService.getUserByName(name); }) .then(function(entry) { if(!entry) { throw new Error.NotFoundError(); } if(req.hasRole('Administrator') || req.hasRole('ConfigureUsers')) { if( Object.keys(_.omit(req.swagger.params.body.value, configureUsersAllows)).length !== 0 ) { throw new Errors.BadRequestError('Bad Request'); } return accountService.modifyUserByName(name, userObj); } else if(req.user === entry.username && req.hasRole('ConfigureSelf')) { if( Object.keys(_.omit(req.swagger.params.body.value, configureSelfAllows)).length !== 0 ) { throw new Errors.BadRequestError('Bad Request'); } return accountService.modifyUserByName(name, _.pick(userObj, 'password')); } throw new Errors.ForbiddenError('Forbidden'); }); }); var listUsers = controller(function() { return accountService.listUsers(); }); var getUser = controller(function(req) { var name = req.swagger.params.name.value; return accountService.getUserByName(name); }); var removeUser = controller({success: 204}, function(req) { var name = req.swagger.params.name.value; return accountService.removeUserByName(name); }); module.exports = { addUser: addUser, modifyUser: modifyUser, listUsers: listUsers, getUser: getUser, removeUser: removeUser };