oxen-io
/
session-open-group-server-legacy
mirror of https://github.com/oxen-io/session-open-group-server-legacy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

allow channels other than one

This commit is contained in:
Ryan Tharp 2020-08-17 06:24:39 +00:00
parent ead0187934
commit 17bdacce0f
1 changed files with 34 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
dialects/control/dialect.loki_control.js
View File

@ -5,23 +5,23 @@ const overlay = require('../../lib.overlay');
const allowedEndpoints = {
get: [
// '/token', // used for ??
'/channels/1',
'/channels/1/messages',
//'/channels/1',
//'/channels/1/messages',
],
post: [
'/files',
'/channels/1/messages',
'/channels/1/subscribe',
//'/channels/1/messages',
//'/channels/1/subscribe',
],
put: [
'/users/me',
'/channels/1',
//'/channels/1',
],
patch: [
'/users/me'
],
delete: [
'/channels/1/subscribe',
//'/channels/1/subscribe',
],
}
@ -122,11 +122,39 @@ module.exports = (app, prefix) => {
}));
}
let ok = true;
// check non-dynamic
if (!allowedEndpoints[req.method.toLowerCase()].includes(req.path.toLowerCase())) {
ok = false;
}
// need this for create_message unit tests
// get channels/X
// get channels/X/messages
if (req.method.toLowerCase() === 'get' && req.path.match(/^\/channels\//i)) {
ok = true;
}
// allow users to delete their own messages
// delete channels/X/messages/1
// delete channels/X/subscribe
if (req.method.toLowerCase() === 'delete' && req.path.match(/^\/channels\//i) &&
(req.path.match(/\/messages\//i) || req.path.match(/\/subscribe/i))) {
ok = true;
}
// update meta data
// put channels/X
if (req.method.toLowerCase() === 'put' && req.path.match(/^\/channels\//i)) {
ok = true;
}
// post sub/msgs
// post channels/X/messages
// post channels/X/subscribe
if (req.method.toLowerCase() === 'post' && req.path.match(/^\/channels\//i) &&
(req.path.match(/\/messages/i) || req.path.match(/\/subscribe/i))) {
ok = true;
}
// allow user look ups (but with a token, that check is done later)
if (req.method.toLowerCase() === 'get' && req.path.match(/^\/users\//i)) {
ok = true;
@ -137,16 +165,6 @@ module.exports = (app, prefix) => {
ok = true;
}
// need this for create_message unit tests
if (req.method.toLowerCase() === 'get' && req.path.match(/^\/channels\//i) && req.path.match(/\/messages\//i)) {
ok = true;
}
// allow users to delete their own messages
if (req.method.toLowerCase() === 'delete' && req.path.match(/^\/channels\//i) && req.path.match(/\/messages\//i)) {
ok = true;
}
// GET /token is valid, if you're passing a token...
if (req.method.toLowerCase() === 'get' && req.path.match(/^\/token/i)) {
ok = true;