From 7a6808ed1d0051cc42b5f15b2e188b080eb90637 Mon Sep 17 00:00:00 2001 From: bouncepaw Date: Wed, 14 Jul 2021 21:30:30 +0000 Subject: [PATCH] Implement white list --- cfg/config.go | 8 ++++++++ util/util.go | 14 +++++++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/cfg/config.go b/cfg/config.go index 37c565f..ec55c4f 100644 --- a/cfg/config.go +++ b/cfg/config.go @@ -30,6 +30,8 @@ var ( AllowRegistration bool RegistrationLimit uint64 Locked bool + UseWhiteList bool + WhiteList []string CommonScripts []string ViewScripts []string @@ -89,6 +91,8 @@ type Authorization struct { AllowRegistration bool RegistrationLimit uint64 `comment:"This field controls the maximum amount of allowed registrations."` Locked bool `comment:"Set if users have to authorize to see anything on the wiki."` + UseWhiteList bool `comment:"If true, WhiteList is used. Else it is not used."` + WhiteList []string `delim:"," comment:"Usernames of people who can log in to your wiki separated by comma."` } // Telegram is the section of Config that sets Telegram authorization. @@ -117,6 +121,8 @@ func ReadConfigFile(path string) error { AllowRegistration: false, RegistrationLimit: 0, Locked: false, + UseWhiteList: false, + WhiteList: []string{}, }, CustomScripts: CustomScripts{ CommonScripts: []string{}, @@ -171,6 +177,8 @@ func ReadConfigFile(path string) error { AllowRegistration = cfg.AllowRegistration RegistrationLimit = cfg.RegistrationLimit Locked = cfg.Locked && cfg.UseAuth // Makes no sense to have the lock but no auth + UseWhiteList = cfg.UseWhiteList + WhiteList = cfg.WhiteList CommonScripts = cfg.CommonScripts ViewScripts = cfg.ViewScripts EditScripts = cfg.EditScripts diff --git a/util/util.go b/util/util.go index e55000f..24f9680 100644 --- a/util/util.go +++ b/util/util.go @@ -77,7 +77,19 @@ func IsCanonicalName(name string) bool { // IsPossibleUsername is true if the given username is ok. Same as IsCanonicalName, but cannot have / in it and cannot be equal to "anon" or "wikimind" func IsPossibleUsername(username string) bool { - return username != "anon" && username != "wikimind" && usernamePattern.MatchString(strings.TrimSpace(username)) + return username != "anon" && username != "wikimind" && usernameIsWhiteListed(username) && usernamePattern.MatchString(strings.TrimSpace(username)) +} + +func usernameIsWhiteListed(username string) bool { + if !cfg.UseWhiteList { + return true + } + for _, allowedUsername := range cfg.WhiteList { + if allowedUsername == username { + return true + } + } + return false } // HyphaNameFromRq extracts hypha name from http request. You have to also pass the action which is embedded in the url or several actions. For url /hypha/hypha, the action would be "hypha".