X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FUI.git;a=blobdiff_plain;f=skyquake%2Fframework%2Fcore%2Fmodules%2Froutes%2Fnavigation.js;fp=skyquake%2Fframework%2Fcore%2Fmodules%2Froutes%2Fnavigation.js;h=37e86e41b9cc9e17f5e1514d7d1d3f1409ae18e9;hp=82c7ec58023668875ce1537ec851cc2d86fd5cac;hb=03156e335275de1dafbc2a816e98006afdf249bf;hpb=f2dc2462571800e62cba969964de621dca09299c diff --git a/skyquake/framework/core/modules/routes/navigation.js b/skyquake/framework/core/modules/routes/navigation.js index 82c7ec580..37e86e41b 100644 --- a/skyquake/framework/core/modules/routes/navigation.js +++ b/skyquake/framework/core/modules/routes/navigation.js @@ -1,6 +1,6 @@ /* - * + * * Copyright 2016 RIFT.IO Inc * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -30,6 +30,7 @@ var navAPI = require('../api/navigation'); var Router = require('express').Router(); var utils = require('../../api_utils/utils'); var configurationAPI = require('../api/configuration'); +var csrfCheck = require('../../api_utils/csrf').csrfCheck; Router.use(bodyParser.json()); Router.use(cors()); @@ -37,48 +38,64 @@ Router.use(bodyParser.urlencoded({ extended: true })); -Router.get('/', cors(), function(req, res, next) { - res.redirect('/launchpad/?api_server=' + req.protocol + '://' + configurationAPI.globalConfiguration.get().api_server + '&upload_server=' + req.protocol + '://' + (configurationAPI.globalConfiguration.get().upload_server || req.hostname)); +//Should have a way of adding excluded routes to this via plugin registry, instead of hard coding +Router.use(/^(?!.*(login\/idp|session|composer\/upload|composer\/update)).*/, function(req, res, next) { + var api_server = req.query['api_server'] || (req.protocol + '://' + configurationAPI.globalConfiguration.get().api_server); + if (req.session && req.session.loggedIn) { + switch (req.method) { + case 'POST': + case 'PUT': + csrfCheck(req, res, next); + break; + default: + next(); + break; + } + } else { + console.log('Redirect to login.html'); + res.redirect(utils.buildRedirectURL(req, configurationAPI.globalConfiguration, 'login', '&referer=' + encodeURIComponent(req.headers.referer))); + } }); + Router.get('/nav', cors(), function(req, res) { - navAPI.get(req).then(function(data) { - utils.sendSuccessResponse(data, res); - }, function(error) { - utils.sendErrorResponse(error, res); - }); + navAPI.get(req).then(function(data) { + utils.sendSuccessResponse(data, res); + }, function(error) { + utils.sendErrorResponse(error, res); + }); }); Router.get('/nav/:plugin_id', cors(), function(req, res) { - navAPI.get(req).then(function(data) { - utils.sendSuccessResponse(data, res); - }, function(error) { - utils.sendErrorResponse(error, res); - }); + navAPI.get(req).then(function(data) { + utils.sendSuccessResponse(data, res); + }, function(error) { + utils.sendErrorResponse(error, res); + }); }); Router.post('/nav/:plugin_id', cors(), function(req, res) { - navAPI.create(req).then(function(data) { - utils.sendSuccessResponse(data, res); - }, function(error) { - utils.sendErrorResponse(error, res); - }); + navAPI.create(req).then(function(data) { + utils.sendSuccessResponse(data, res); + }, function(error) { + utils.sendErrorResponse(error, res); + }); }); Router.put('/nav/:plugin_id/:route_id', cors(), function(req, res) { - navAPI.update(req).then(function(data) { - utils.sendSuccessResponse(data, res); - }, function(error) { - utils.sendErrorResponse(error, res); - }); + navAPI.update(req).then(function(data) { + utils.sendSuccessResponse(data, res); + }, function(error) { + utils.sendErrorResponse(error, res); + }); }); Router.delete('/nav/:plugin_id/:route_id', cors(), function(req, res) { - navAPI.delete(req).then(function(data) { - utils.sendSuccessResponse(data, res); - }, function(error) { - utils.sendErrorResponse(error, res); - }); + navAPI.delete(req).then(function(data) { + utils.sendSuccessResponse(data, res); + }, function(error) { + utils.sendErrorResponse(error, res); + }); });