Docker/documize
Docker/documize
1
0
Fork 0
mirror of https://github.com/documize/community.git synced 2025-07-24 07:39:43 +02:00
Code Releases Activity

bug fixes galore

Browse source
This commit is contained in:
Harvey Kandola 2017-08-07 14:42:02 +01:00
parent 62b7b149c1
commit 557da2847e
13 changed files with 148 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

35
server/middleware.go
View file

@ -68,9 +68,11 @@ func (m *middleware) Authorize(w http.ResponseWriter, r *http.Request, next http
method := "middleware.auth"
// Let certain requests pass straight through
authenticated := preAuthorizeStaticAssets(m.Runtime, r)
if !authenticated {
authenticated, ctx := m.preAuthorizeStaticAssets(m.Runtime, r)
if authenticated {
ctx2 := context.WithValue(r.Context(), domain.DocumizeContextKey, ctx)
r = r.WithContext(ctx2)
} else {
token := auth.FindJWT(r)
rc, _, tokenErr := auth.DecodeJWT(m.Runtime, token)
@ -195,7 +197,9 @@ func (m *middleware) Authorize(w http.ResponseWriter, r *http.Request, next http
// Certain assets/URL do not require authentication.
// Just stops the log files being clogged up with failed auth errors.
func preAuthorizeStaticAssets(rt *env.Runtime, r *http.Request) bool {
func (m *middleware) preAuthorizeStaticAssets(rt *env.Runtime, r *http.Request) (auth bool, ctx domain.RequestContext) {
ctx = domain.RequestContext{}
if strings.ToLower(r.URL.Path) == "/" ||
strings.ToLower(r.URL.Path) == "/validate" ||
strings.ToLower(r.URL.Path) == "/favicon.ico" ||
@ -204,8 +208,27 @@ func preAuthorizeStaticAssets(rt *env.Runtime, r *http.Request) bool {
strings.HasPrefix(strings.ToLower(r.URL.Path), "/api/public/") ||
((rt.Flags.SiteMode == env.SiteModeSetup) && (strings.ToLower(r.URL.Path) == "/api/setup")) {
return true
return true, ctx
}
return false
if strings.HasPrefix(strings.ToLower(r.URL.Path), "/api/public/") ||
((rt.Flags.SiteMode == env.SiteModeSetup) && (strings.ToLower(r.URL.Path) == "/api/setup")) {
dom := organization.GetRequestSubdomain(r)
dom = m.Store.Organization.CheckDomain(ctx, dom)
org, _ := m.Store.Organization.GetOrganizationByDomain(dom)
ctx.Subdomain = organization.GetSubdomainFromHost(r)
ctx.AllowAnonymousAccess = org.AllowAnonymousAccess
ctx.OrgName = org.Title
ctx.Administrator = false
ctx.Editor = false
ctx.Global = false
ctx.AppURL = r.Host
ctx.SSL = r.TLS != nil
return true, ctx
}
return false, ctx
}