Add users default permission

Author: javalikescript

extensions/https/https.lua

@@ -2,15 +2,13 @@ local extension = ...
 
 local logger = require('jls.lang.logger')
 local HttpServer = require('jls.net.http.HttpServer')
-local HttpExchange = require('jls.net.http.HttpExchange')
-local HttpFilter = require('jls.net.http.HttpFilter')
 local Date = require('jls.util.Date')
 local secure = require('jls.net.secure')
+
 local utils = require('lha.utils')
 
 local function writeCertificateAndPrivateKey(certFile, pkeyFile, commonName)
   local cacert, pkey = secure.createCertificate({
-    --duration = (3600 * 24 * (365 + 31)),
     commonName = commonName
   })
   local cacertPem  = cacert:export('pem')
@@ -47,7 +45,7 @@ extension:subscribeEvent('startup', function()
   local pkeyFile = utils.getAbsoluteFile(configuration.key, engine:getWorkDirectory())
   if not certFile:exists() or not pkeyFile:exists() then
     writeCertificateAndPrivateKey(certFile, pkeyFile, configuration.commonName)
-    logger:info('Generate certificate %s and associated private key %s', certFile:getPath(), pkeyFile:getPath())
+    logger:info('Generated certificate %s and associated private key %s', certFile:getPath(), pkeyFile:getPath())
   else
     -- check and log certificate expiration
     local cert = readCertificate(certFile)
@@ -70,14 +68,8 @@ extension:subscribeEvent('startup', function()
     logger:warn('Cannot bind HTTP secure server to "%s" on port %s due to %s', configuration.address, configuration.port, err)
   end)
   if configuration.login then
-    local location = '/login.html'
-    httpSecureServer:addFilter(HttpFilter.byPath(HttpFilter:new(function(_, exchange)
-      local session = exchange:getSession()
-      if session and not session.attributes.user then
-        HttpExchange.redirect(exchange, location)
-        return false
-      end
-    end)):excludePath(location, '/login'))
+    local redirect = extension:require('users.login-redirect', true)
+    httpSecureServer:addFilter(redirect)
   end
   -- share contexts
   httpSecureServer:setParentContextHolder(httpServer)

extensions/users/login-redirect.lua

@@ -0,0 +1,12 @@
+local HttpExchange = require('jls.net.http.HttpExchange')
+local HttpFilter = require('jls.net.http.HttpFilter')
+
+local location = '/login.html'
+
+return HttpFilter.byPath(HttpFilter:new(function(_, exchange)
+  local session = exchange:getSession()
+  if session and not session.attributes.user then
+    HttpExchange.redirect(exchange, location)
+    return false
+  end
+end)):excludePath(location, '/login')

extensions/users/manifest.json

@@ -36,6 +36,23 @@
             }
           }
         }
+      },
+      "defaultPermission": {
+        "title": "No user access rigths",
+        "type": "string",
+        "enumValues": [
+          {"const": "-", "title": "No access"},
+          {"const": "r", "title": "Can read"},
+          {"const": "rw", "title": "Can read and write"},
+          {"const": "rwc", "title": "Can r/w and configure"},
+          {"const": "rwca", "title": "Can r/w, configure and administer"}
+        ],
+        "default": "rw"
+      },
+      "login": {
+        "title": "Restrict the access to logged users",
+        "type": "boolean",
+        "default": true
       }
     }
   }

extensions/users/users.lua

@@ -20,34 +20,8 @@ local User = class.create(function(user)
 end)
 
 local sessionFilter = HttpFilter.session()
-local filter = HttpFilter.byPath(HttpFilter.multiple(sessionFilter, HttpFilter:new(function(_, exchange)
-  local request = exchange:getRequest()
-  local method = request:getMethod()
-  if method == 'GET' or method == 'HEAD' then
-    return
-  end
-  local path = request:getTargetPath()
-  local session = exchange:getSession()
-  local permission = 'r'
-  if session.attributes.user then
-    permission = session.attributes.user.permission
-  end
-  if string.match(path, '^/things') then
-    if permission > 'r' then
-      return
-    end
-  elseif string.match(path, '^/engine/admin/') then
-    if permission > 'rwc' then
-      return
-    end
-  elseif permission > 'rw' or path == '/login' or path == '/logout' or string.match(path, '^/user') then
-    return
-  end
-  HttpExchange.forbidden(exchange)
-  return false
-end))):exclude('^/static')
 
-local contexts, base64, md, userMap
+local contexts, filter, base64, md, userMap
 
 local function cleanup(server)
   if contexts then
@@ -56,7 +30,10 @@ local function cleanup(server)
     end
   end
   contexts = {}
-  server:removeFilter(filter)
+  if filter then
+    server:removeFilter(filter)
+    filter = nil
+  end
   userMap = {}
   base64 = Codec.getInstance('base64')
   md = MessageDigest.getInstance('SHA-1')
@@ -114,6 +91,38 @@ extension:subscribeEvent('startup', function()
       HttpExchange.badRequest(exchange)
     end
   end)
+  local userFilter = HttpFilter:new(function(_, exchange)
+    local request = exchange:getRequest()
+    local method = request:getMethod()
+    if method == 'GET' or method == 'HEAD' then
+      return
+    end
+    local path = request:getTargetPath()
+    local session = exchange:getSession()
+    local permission = configuration.defaultPermission or ''
+    if session.attributes.user then
+      permission = session.attributes.user.permission
+    end
+    if string.match(path, '^/things') then
+      if permission > 'r' then
+        return
+      end
+    elseif string.match(path, '^/engine/admin/') then
+      if permission > 'rwc' then
+        return
+      end
+    elseif permission > 'rw' or path == '/login' or path == '/logout' or string.match(path, '^/user') then
+      return
+    end
+    HttpExchange.forbidden(exchange)
+    return false
+  end)
+  local filters = HttpFilter.multiple(sessionFilter, userFilter)
+  if configuration.login then
+    local redirect = extension:require('users.login-redirect', true)
+    filters:addFilter(redirect)
+  end
+  filter = HttpFilter.byPath(filters):exclude('^/static')
   server:addFilter(filter)
   engine:onExtension('web-base', function(webBaseExtension)
     webBaseExtension:registerAddonExtension(extension, 'user.js')