UNPKG

openhab-multiuser-proxy

Version:

Multi-User support for openHAB REST API with NGINX.

github.com/Davek145/openhab-multiuser-proxy

Davek145/openhab-multiuser-proxy

118 lines (113 loc) 5.02 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
import logger from './../../logger.js'; import { getSitemapsForUser } from './backend.js'; import { getItemsForUser } from './../items/backend.js'; import { ADMIN_OU, SITEMAPS_DISABLE } from '../../server.js'; /** * Sitemaps security namespace. Provides security checks for Sitemaps access. * * @namespace sitemapsSecurity */ /** * Check whether Sitemap access is allowed for client. * Must be used with await in async functions. * * @memberof sitemapsSecurity * @param {String} HOST hostname of openHAB server * @param {*} expressReq request object from expressjs* * @param {String} user username * @param {String|Array<String>} org organizations the client is member of * @param {String} sitemapname name of Sitemap * @returns {Boolean} whether Sitemap access is allowed or not */ export const sitemapAllowedForClient = async function (HOST, expressReq, user, org, sitemapname) { if (!user) throw Error('Parameter user is required!'); if (!org) org = []; if (typeof org === 'string') org = org.toString().split('.'); if (SITEMAPS_DISABLE == 'true') { //Sitemaps disabled for all clients logger.info({ user: user, orgs: org }, `sitemapAllowedForClient(): Sitemap ${sitemapname} allowed: false - Sitemaps disabled for all clients`); return false; } if (org.includes(ADMIN_OU)) { logger.info({ user: user, orgs: org }, `sitemapAllowedForClient(): Sitemap ${sitemapname} allowed: true due to admin privileges`); return true; } try { const userSitemaps = await getSitemapsForUser(HOST, expressReq, user, org); const allowed = userSitemaps.includes(sitemapname); logger.info({ user: user, orgs: org }, `sitemapAllowedForClient(): Sitemap ${sitemapname} allowed: ${allowed}`); return allowed; } catch (err) { logger.error(err); return false; } }; /** * Filter Items in widgets allowed for client - used for recursive filtering of Sitemap widgets. * Must be used with await in async functions. * * @memberof sitemapsSecurity * @param {String} HOST hostname of openHAB server * @param {*} expressReq request object from expressjs * @param {String} user username * @param {String|Array<String>} org organizations the client is member of * @param {String|Array<String>} list of widgets to filter * @returns {String|Array<String>} list of filtered widgets */ export const widgetsFilterForClient = async function (HOST, expressReq, user, org, allWidgets) { if (!user) throw Error('Parameter user is required!'); if (!org) org = []; if (typeof org === 'string') org = org.toString().split('.'); if (org.includes(ADMIN_OU)) { for (const i in allWidgets) { if (allWidgets[i].hasOwnProperty('item')) logger.info({ user: user, orgs: org }, `widgetsFilterForClient(): Widget ${allWidgets[i].label} with Item ${allWidgets[i].item.name} allowed: true due to admin privileges`); } return allWidgets; } try { const userItems = await getItemsForUser(HOST, expressReq, user, org); let filteredWidgets = []; for (const i in allWidgets) { //filter current widget let tempWidget = allWidgets[i]; if (tempWidget.hasOwnProperty('item')) { const tempItem = tempWidget.item; const allowed = userItems.includes(tempItem.name); if (allowed === true) { //recursive filtering of child widgets const tempWidget2 = tempWidget.widgets; if (Array.isArray(tempWidget2)) { tempWidget.widgets = []; const tempChWidgets = await widgetsFilterForClient(HOST, expressReq, user, org, tempWidget2); tempWidget.widgets = tempChWidgets; } filteredWidgets.push(tempWidget); } logger.info({ user: user, orgs: org }, `widgetsFilterForClient(): Item ${tempItem.name} allowed: ${allowed}`); } else if (tempWidget.hasOwnProperty('linkedPage')) { //recursive filtering of linkedPage and its child widgets const tempLinkedPage = tempWidget.linkedPage; const tempWidget2 = tempLinkedPage.widgets; if (Array.isArray(tempWidget2)) { tempWidget.linkedPage.widgets = []; const tempChWidgets = await widgetsFilterForClient(HOST, expressReq, user, org, tempWidget2); tempWidget.linkedPage.widgets = tempChWidgets; } filteredWidgets.push(tempWidget); } else { //recursive filtering of child widgets const tempWidget2 = tempWidget.widgets; if (Array.isArray(tempWidget2)) { tempWidget.widgets = []; const tempChWidgets = await widgetsFilterForClient(HOST, expressReq, user, org, tempWidget2); tempWidget.widgets = tempChWidgets; } filteredWidgets.push(tempWidget); } } return filteredWidgets; } catch (err) { logger.error(err); return []; } };