1
0
mirror of https://github.com/Jermolene/TiddlyWiki5 synced 2025-01-09 08:50:26 +00:00

#8812 resolve issue with anonymous access (#8814)

This commit is contained in:
webplusai 2024-12-11 13:08:09 +01:00 committed by GitHub
parent a00e3e79d6
commit ae5bd9d4cd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 23 additions and 20 deletions

View File

@ -453,10 +453,10 @@ Server.prototype.requestHandler = function(request,response,options) {
// Check whether anonymous access is granted // Check whether anonymous access is granted
state.allowAnon = false; //this.isAuthorized(state.authorizationType,null); state.allowAnon = false; //this.isAuthorized(state.authorizationType,null);
var {allowReads, allowWrites, isEnabled} = this.getAnonymousAccessConfig(); var {allowReads, allowWrites, isEnabled} = this.getAnonymousAccessConfig();
state.allowAnon = isEnabled; state.allowAnon = isEnabled && (request.method === 'GET' ? allowReads : allowWrites);
state.allowAnonReads = allowReads; state.allowAnonReads = allowReads;
state.allowAnonWrites = allowWrites; state.allowAnonWrites = allowWrites;
state.showAnonConfig = !!state.authenticatedUser?.isAdmin && !state.allowAnon; state.showAnonConfig = !!state.authenticatedUser?.isAdmin && !isEnabled;
state.firstGuestUser = this.sqlTiddlerDatabase.listUsers().length === 0 && !state.authenticatedUser; state.firstGuestUser = this.sqlTiddlerDatabase.listUsers().length === 0 && !state.authenticatedUser;
// Authorize with the authenticated username // Authorize with the authenticated username

View File

@ -31,8 +31,8 @@ exports.handler = function(request,response,state) {
"Content-Type": "text/html" "Content-Type": "text/html"
}); });
// filter bags and recipies by user's read access from ACL // filter bags and recipies by user's read access from ACL
var allowedRecipes = recipeList.filter(recipe => sqlTiddlerDatabase.hasRecipePermission(state.authenticatedUser?.user_id, recipe.recipe_name, 'READ') || state.allowAnonReads); var allowedRecipes = recipeList.filter(recipe => recipe.recipe_name.startsWith("$:/") || sqlTiddlerDatabase.hasRecipePermission(state.authenticatedUser?.user_id, recipe.recipe_name, 'READ') || state.allowAnon && state.allowAnonReads);
var allowedBags = bagList.filter(bag => sqlTiddlerDatabase.hasBagPermission(state.authenticatedUser?.user_id, bag.bag_name, 'READ') || state.allowAnonReads); var allowedBags = bagList.filter(bag => bag.bag_name.startsWith("$:/") || sqlTiddlerDatabase.hasBagPermission(state.authenticatedUser?.user_id, bag.bag_name, 'READ') || state.allowAnon && state.allowAnonReads);
// Render the html // Render the html
var html = $tw.mws.store.adminWiki.renderTiddler("text/plain","$:/plugins/tiddlywiki/multiwikiserver/templates/page",{ var html = $tw.mws.store.adminWiki.renderTiddler("text/plain","$:/plugins/tiddlywiki/multiwikiserver/templates/page",{

View File

@ -47,10 +47,10 @@ exports.middleware = function (request, response, state, entityType, permissionN
var decodedEntityName = decodeURIComponent(partiallyDecoded); var decodedEntityName = decodeURIComponent(partiallyDecoded);
var aclRecord = sqlTiddlerDatabase.getACLByName(entityType, decodedEntityName); var aclRecord = sqlTiddlerDatabase.getACLByName(entityType, decodedEntityName);
var isGetRequest = request.method === "GET"; var isGetRequest = request.method === "GET";
var hasAnonymousAccess = isGetRequest ? state.allowAnonReads : state.allowAnonWrites; var hasAnonymousAccess = state.allowAnon && (isGetRequest ? state.allowAnonReads : state.allowAnonWrites);
var entity = sqlTiddlerDatabase.getEntityByName(entityType, decodedEntityName); var entity = sqlTiddlerDatabase.getEntityByName(entityType, decodedEntityName);
if(entity?.owner_id) { if(entity?.owner_id) {
if(state.authenticatedUser?.user_id !== entity.owner_id) { if(state.authenticatedUser?.user_id && (state.authenticatedUser?.user_id !== entity.owner_id) || !state.authenticatedUser?.user_id && !hasAnonymousAccess) {
if(!response.headersSent) { if(!response.headersSent) {
response.writeHead(403, "Forbidden"); response.writeHead(403, "Forbidden");
response.end(); response.end();
@ -58,22 +58,25 @@ exports.middleware = function (request, response, state, entityType, permissionN
return; return;
} }
} else { } else {
// Get permission record // First, we need to check if anonymous access is allowed
const permission = sqlTiddlerDatabase.getPermissionByName(permissionName); if(!state.authenticatedUser?.user_id && !hasAnonymousAccess && (isGetRequest && entity?.owner_id)) {
// ACL Middleware will only apply if the entity has a middleware record if(!response.headersSent) {
if(aclRecord && aclRecord?.permission_id === permission?.permission_id) {
// If not authenticated and anonymous access is not allowed, request authentication
if(!state.authenticatedUsername && !state.allowAnon) {
if(state.urlInfo.pathname !== '/login') {
redirectToLogin(response, request.url);
return;
}
}
// Check if user is authenticated
if(!state.authenticatedUser && !hasAnonymousAccess && !response.headersSent) {
response.writeHead(401, "Unauthorized"); response.writeHead(401, "Unauthorized");
response.end(); response.end();
return; }
return;
} else {
// Get permission record
const permission = sqlTiddlerDatabase.getPermissionByName(permissionName);
// ACL Middleware will only apply if the entity has a middleware record
if(aclRecord && aclRecord?.permission_id === permission?.permission_id) {
// If not authenticated and anonymous access is not allowed, request authentication
if(!state.authenticatedUsername && !state.allowAnon) {
if(state.urlInfo.pathname !== '/login') {
redirectToLogin(response, request.url);
return;
}
}
} }
// Check ACL permission // Check ACL permission