(mode)
| 2 | // import debug from '../debug.mjs' |
| 3 | |
| 4 | export default function allow (mode) { |
| 5 | return async function allowHandler (req, res, next) { |
| 6 | const ldp = req.app.locals.ldp || {} |
| 7 | if (!ldp.webid) { |
| 8 | return next() |
| 9 | } |
| 10 | |
| 11 | // Set up URL to filesystem mapping |
| 12 | const rootUrl = ldp.resourceMapper.resolveUrl(req.hostname) |
| 13 | |
| 14 | // Determine the actual path of the request |
| 15 | // (This is used as an ugly hack to check the ACL status of other resources.) |
| 16 | let resourcePath = res && res.locals && res.locals.path |
| 17 | ? res.locals.path |
| 18 | : req.path |
| 19 | |
| 20 | // Check whether the resource exists |
| 21 | let stat |
| 22 | try { |
| 23 | const ret = await ldp.exists(req.hostname, resourcePath) |
| 24 | stat = ret.stream |
| 25 | } catch (err) { |
| 26 | stat = null |
| 27 | } |
| 28 | |
| 29 | // Ensure directories always end in a slash |
| 30 | if (!resourcePath.endsWith('/') && stat && stat.isDirectory()) { |
| 31 | resourcePath += '/' |
| 32 | } |
| 33 | |
| 34 | const trustedOrigins = [ldp.resourceMapper.resolveUrl(req.hostname)].concat(ldp.trustedOrigins) |
| 35 | if (ldp.multiuser) { |
| 36 | trustedOrigins.push(ldp.serverUri) |
| 37 | } |
| 38 | // Obtain and store the ACL of the requested resource |
| 39 | const resourceUrl = rootUrl + resourcePath |
| 40 | // Ensure the user has the required permission |
| 41 | const userId = req.session.userId |
| 42 | try { |
| 43 | req.acl = ACL.createFromLDPAndRequest(resourceUrl, ldp, req) |
| 44 | |
| 45 | // if (resourceUrl.endsWith('.acl')) mode = 'Control' |
| 46 | const isAllowed = await req.acl.can(userId, mode, req.method, stat) |
| 47 | if (isAllowed) { |
| 48 | return next() |
| 49 | } |
| 50 | } catch (error) { next(error) } |
| 51 | if (mode === 'Read' && (resourcePath === '' || resourcePath === '/')) { |
| 52 | // This is a hack to make NSS check the ACL for representation that is served for root (if any) |
| 53 | // See https://github.com/solid/node-solid-server/issues/1063 for more info |
| 54 | const representationUrl = `${rootUrl}/index.html` |
| 55 | let representationPath |
| 56 | try { |
| 57 | representationPath = await ldp.resourceMapper.mapUrlToFile({ url: representationUrl }) |
| 58 | } catch (err) { |
| 59 | } |
| 60 | |
| 61 | // We ONLY want to do this when the HTML representation exists |
no test coverage detected