mirror of
https://github.com/bpatrik/pigallery2.git
synced 2024-12-23 01:27:14 +02:00
Fix sharing password. fixes #744
This commit is contained in:
parent
16bf756582
commit
ba9b5292e1
@ -1,5 +1,5 @@
|
||||
import {NextFunction, Request, Response} from 'express';
|
||||
import {CreateSharingDTO, SharingDTO} from '../../common/entities/SharingDTO';
|
||||
import {CreateSharingDTO, SharingDTO, SharingDTOKey} from '../../common/entities/SharingDTO';
|
||||
import {ObjectManagers} from '../model/ObjectManagers';
|
||||
import {ErrorCodes, ErrorDTO} from '../../common/entities/Error';
|
||||
import {Config} from '../../common/config/private/Config';
|
||||
@ -9,9 +9,9 @@ import {UserRoles} from '../../common/entities/UserDTO';
|
||||
|
||||
export class SharingMWs {
|
||||
public static async getSharing(
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction
|
||||
): Promise<void> {
|
||||
if (Config.Sharing.enabled === false) {
|
||||
return next();
|
||||
@ -20,36 +20,69 @@ export class SharingMWs {
|
||||
|
||||
try {
|
||||
req.resultPipe =
|
||||
await ObjectManagers.getInstance().SharingManager.findOne(sharingKey);
|
||||
await ObjectManagers.getInstance().SharingManager.findOne(sharingKey);
|
||||
return next();
|
||||
} catch (err) {
|
||||
return next(
|
||||
new ErrorDTO(
|
||||
ErrorCodes.GENERAL_ERROR,
|
||||
'Error during retrieving sharing link',
|
||||
err
|
||||
)
|
||||
new ErrorDTO(
|
||||
ErrorCodes.GENERAL_ERROR,
|
||||
'Error during retrieving sharing link',
|
||||
err
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
public static async getSharingKey(
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction
|
||||
): Promise<void> {
|
||||
if (Config.Sharing.enabled === false) {
|
||||
return next();
|
||||
}
|
||||
const sharingKey = req.params[QueryParams.gallery.sharingKey_params];
|
||||
|
||||
try {
|
||||
req.resultPipe =
|
||||
{sharingKey: (await ObjectManagers.getInstance().SharingManager.findOne(sharingKey)).sharingKey} as SharingDTOKey;
|
||||
return next();
|
||||
} catch (err) {
|
||||
return next(
|
||||
new ErrorDTO(
|
||||
ErrorCodes.GENERAL_ERROR,
|
||||
'Error during retrieving sharing key',
|
||||
err
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
public static async createSharing(
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction
|
||||
): Promise<void> {
|
||||
if (Config.Sharing.enabled === false) {
|
||||
return next();
|
||||
}
|
||||
if (
|
||||
typeof req.body === 'undefined' ||
|
||||
typeof req.body.createSharing === 'undefined'
|
||||
typeof req.body === 'undefined' ||
|
||||
typeof req.body.createSharing === 'undefined'
|
||||
) {
|
||||
return next(
|
||||
new ErrorDTO(ErrorCodes.INPUT_ERROR, 'createSharing filed is missing')
|
||||
new ErrorDTO(ErrorCodes.INPUT_ERROR, 'createSharing filed is missing')
|
||||
);
|
||||
}
|
||||
const createSharing: CreateSharingDTO = req.body.createSharing;
|
||||
|
||||
if (Config.Sharing.passwordRequired && !createSharing.password) {
|
||||
|
||||
return next(
|
||||
new ErrorDTO(ErrorCodes.INPUT_ERROR, 'Password is required.')
|
||||
);
|
||||
}
|
||||
|
||||
let sharingKey = SharingMWs.generateKey();
|
||||
|
||||
// create one not yet used
|
||||
@ -71,45 +104,45 @@ export class SharingMWs {
|
||||
password: createSharing.password,
|
||||
creator: req.session['user'],
|
||||
expires:
|
||||
createSharing.valid >= 0 // if === -1 its forever
|
||||
? Date.now() + createSharing.valid
|
||||
: new Date(9999, 0, 1).getTime(), // never expire
|
||||
createSharing.valid >= 0 // if === -1 its forever
|
||||
? Date.now() + createSharing.valid
|
||||
: new Date(9999, 0, 1).getTime(), // never expire
|
||||
includeSubfolders: createSharing.includeSubfolders,
|
||||
timeStamp: Date.now(),
|
||||
};
|
||||
|
||||
try {
|
||||
req.resultPipe =
|
||||
await ObjectManagers.getInstance().SharingManager.createSharing(
|
||||
sharing
|
||||
);
|
||||
await ObjectManagers.getInstance().SharingManager.createSharing(
|
||||
sharing
|
||||
);
|
||||
return next();
|
||||
} catch (err) {
|
||||
console.warn(err);
|
||||
return next(
|
||||
new ErrorDTO(
|
||||
ErrorCodes.GENERAL_ERROR,
|
||||
'Error during creating sharing link',
|
||||
err
|
||||
)
|
||||
new ErrorDTO(
|
||||
ErrorCodes.GENERAL_ERROR,
|
||||
'Error during creating sharing link',
|
||||
err
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
public static async updateSharing(
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction
|
||||
): Promise<void> {
|
||||
if (Config.Sharing.enabled === false) {
|
||||
return next();
|
||||
}
|
||||
if (
|
||||
typeof req.body === 'undefined' ||
|
||||
typeof req.body.updateSharing === 'undefined'
|
||||
typeof req.body === 'undefined' ||
|
||||
typeof req.body.updateSharing === 'undefined'
|
||||
) {
|
||||
return next(
|
||||
new ErrorDTO(ErrorCodes.INPUT_ERROR, 'updateSharing filed is missing')
|
||||
new ErrorDTO(ErrorCodes.INPUT_ERROR, 'updateSharing filed is missing')
|
||||
);
|
||||
}
|
||||
const updateSharing: CreateSharingDTO = req.body.updateSharing;
|
||||
@ -119,14 +152,14 @@ export class SharingMWs {
|
||||
path: directoryName,
|
||||
sharingKey: '',
|
||||
password:
|
||||
updateSharing.password && updateSharing.password !== ''
|
||||
? updateSharing.password
|
||||
: null,
|
||||
updateSharing.password && updateSharing.password !== ''
|
||||
? updateSharing.password
|
||||
: null,
|
||||
creator: req.session['user'],
|
||||
expires:
|
||||
updateSharing.valid >= 0 // if === -1 its forever
|
||||
? Date.now() + updateSharing.valid
|
||||
: new Date(9999, 0, 1).getTime(), // never expire
|
||||
updateSharing.valid >= 0 // if === -1 its forever
|
||||
? Date.now() + updateSharing.valid
|
||||
: new Date(9999, 0, 1).getTime(), // never expire
|
||||
includeSubfolders: updateSharing.includeSubfolders,
|
||||
timeStamp: Date.now(),
|
||||
};
|
||||
@ -134,36 +167,37 @@ export class SharingMWs {
|
||||
try {
|
||||
const forceUpdate = req.session['user'].role >= UserRoles.Admin;
|
||||
req.resultPipe =
|
||||
await ObjectManagers.getInstance().SharingManager.updateSharing(
|
||||
sharing,
|
||||
forceUpdate
|
||||
);
|
||||
await ObjectManagers.getInstance().SharingManager.updateSharing(
|
||||
sharing,
|
||||
forceUpdate
|
||||
);
|
||||
console.log(req.resultPipe);
|
||||
return next();
|
||||
} catch (err) {
|
||||
return next(
|
||||
new ErrorDTO(
|
||||
ErrorCodes.GENERAL_ERROR,
|
||||
'Error during updating sharing link',
|
||||
err
|
||||
)
|
||||
new ErrorDTO(
|
||||
ErrorCodes.GENERAL_ERROR,
|
||||
'Error during updating sharing link',
|
||||
err
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
public static async deleteSharing(
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction
|
||||
): Promise<void> {
|
||||
if (Config.Sharing.enabled === false) {
|
||||
return next();
|
||||
}
|
||||
if (
|
||||
typeof req.params === 'undefined' ||
|
||||
typeof req.params['sharingKey'] === 'undefined'
|
||||
typeof req.params === 'undefined' ||
|
||||
typeof req.params['sharingKey'] === 'undefined'
|
||||
) {
|
||||
return next(
|
||||
new ErrorDTO(ErrorCodes.INPUT_ERROR, 'sharingKey is missing')
|
||||
new ErrorDTO(ErrorCodes.INPUT_ERROR, 'sharingKey is missing')
|
||||
);
|
||||
}
|
||||
const sharingKey: string = req.params['sharingKey'];
|
||||
@ -177,49 +211,49 @@ export class SharingMWs {
|
||||
}
|
||||
}
|
||||
req.resultPipe =
|
||||
await ObjectManagers.getInstance().SharingManager.deleteSharing(
|
||||
sharingKey
|
||||
);
|
||||
await ObjectManagers.getInstance().SharingManager.deleteSharing(
|
||||
sharingKey
|
||||
);
|
||||
req.resultPipe = 'ok';
|
||||
return next();
|
||||
} catch (err) {
|
||||
return next(
|
||||
new ErrorDTO(
|
||||
ErrorCodes.GENERAL_ERROR,
|
||||
'Error during deleting sharing',
|
||||
err
|
||||
)
|
||||
new ErrorDTO(
|
||||
ErrorCodes.GENERAL_ERROR,
|
||||
'Error during deleting sharing',
|
||||
err
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
public static async listSharing(
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction
|
||||
): Promise<void> {
|
||||
if (Config.Sharing.enabled === false) {
|
||||
return next();
|
||||
}
|
||||
try {
|
||||
req.resultPipe =
|
||||
await ObjectManagers.getInstance().SharingManager.listAll();
|
||||
await ObjectManagers.getInstance().SharingManager.listAll();
|
||||
return next();
|
||||
} catch (err) {
|
||||
return next(
|
||||
new ErrorDTO(
|
||||
ErrorCodes.GENERAL_ERROR,
|
||||
'Error during listing shares',
|
||||
err
|
||||
)
|
||||
new ErrorDTO(
|
||||
ErrorCodes.GENERAL_ERROR,
|
||||
'Error during listing shares',
|
||||
err
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
public static async listSharingForDir(
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction
|
||||
): Promise<void> {
|
||||
if (Config.Sharing.enabled === false) {
|
||||
return next();
|
||||
@ -229,19 +263,19 @@ export class SharingMWs {
|
||||
try {
|
||||
if (req.session['user'].role >= UserRoles.Admin) {
|
||||
req.resultPipe =
|
||||
await ObjectManagers.getInstance().SharingManager.listAllForDir(dir);
|
||||
await ObjectManagers.getInstance().SharingManager.listAllForDir(dir);
|
||||
} else {
|
||||
req.resultPipe =
|
||||
await ObjectManagers.getInstance().SharingManager.listAllForDir(dir, req.session['user']);
|
||||
await ObjectManagers.getInstance().SharingManager.listAllForDir(dir, req.session['user']);
|
||||
}
|
||||
return next();
|
||||
} catch (err) {
|
||||
return next(
|
||||
new ErrorDTO(
|
||||
ErrorCodes.GENERAL_ERROR,
|
||||
'Error during listing shares',
|
||||
err
|
||||
)
|
||||
new ErrorDTO(
|
||||
ErrorCodes.GENERAL_ERROR,
|
||||
'Error during listing shares',
|
||||
err
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
@ -249,8 +283,8 @@ export class SharingMWs {
|
||||
private static generateKey(): string {
|
||||
function s4(): string {
|
||||
return Math.floor((1 + Math.random()) * 0x10000)
|
||||
.toString(16)
|
||||
.substring(1);
|
||||
.toString(16)
|
||||
.substring(1);
|
||||
}
|
||||
|
||||
return s4() + s4();
|
||||
|
@ -156,8 +156,8 @@ export class AuthenticationMWs {
|
||||
if (
|
||||
!sharing ||
|
||||
sharing.expires < Date.now() ||
|
||||
(Config.Sharing.passwordProtected === true &&
|
||||
sharing.password &&
|
||||
((Config.Sharing.passwordRequired === true ||
|
||||
sharing.password) &&
|
||||
!PasswordHelper.comparePassword(password, sharing.password))
|
||||
) {
|
||||
Logger.warn(LOG_TAG, 'Failed login with sharing:' + sharing.sharingKey + ', bad password');
|
||||
@ -265,8 +265,9 @@ export class AuthenticationMWs {
|
||||
return null;
|
||||
}
|
||||
|
||||
// no 'free login' if passwords are required, or it is set
|
||||
if (
|
||||
Config.Sharing.passwordProtected === true &&
|
||||
Config.Sharing.passwordRequired === true ||
|
||||
sharing.password
|
||||
) {
|
||||
return null;
|
||||
|
@ -11,6 +11,7 @@ export class SharingRouter {
|
||||
public static route(app: express.Express): void {
|
||||
this.addShareLogin(app);
|
||||
this.addGetSharing(app);
|
||||
this.addGetSharingKey(app);
|
||||
this.addCreateSharing(app);
|
||||
this.addUpdateSharing(app);
|
||||
this.addListSharing(app);
|
||||
@ -20,79 +21,94 @@ export class SharingRouter {
|
||||
|
||||
private static addShareLogin(app: express.Express): void {
|
||||
app.post(
|
||||
Config.Server.apiPath + '/share/login',
|
||||
AuthenticationMWs.inverseAuthenticate,
|
||||
AuthenticationMWs.shareLogin,
|
||||
ServerTimingMWs.addServerTiming,
|
||||
RenderingMWs.renderSessionUser
|
||||
Config.Server.apiPath + '/share/login',
|
||||
AuthenticationMWs.inverseAuthenticate,
|
||||
AuthenticationMWs.shareLogin,
|
||||
ServerTimingMWs.addServerTiming,
|
||||
RenderingMWs.renderSessionUser
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Used to check the key validity
|
||||
* @param app
|
||||
* @private
|
||||
*/
|
||||
private static addGetSharingKey(app: express.Express): void {
|
||||
app.get(
|
||||
Config.Server.apiPath + '/share/:' + QueryParams.gallery.sharingKey_params + '/key',
|
||||
// its a public path
|
||||
SharingMWs.getSharingKey,
|
||||
ServerTimingMWs.addServerTiming,
|
||||
RenderingMWs.renderSharing
|
||||
);
|
||||
}
|
||||
|
||||
private static addGetSharing(app: express.Express): void {
|
||||
app.get(
|
||||
Config.Server.apiPath + '/share/:' + QueryParams.gallery.sharingKey_params,
|
||||
AuthenticationMWs.authenticate,
|
||||
AuthenticationMWs.authorise(UserRoles.LimitedGuest),
|
||||
SharingMWs.getSharing,
|
||||
ServerTimingMWs.addServerTiming,
|
||||
RenderingMWs.renderSharing
|
||||
Config.Server.apiPath + '/share/:' + QueryParams.gallery.sharingKey_params,
|
||||
AuthenticationMWs.authenticate,
|
||||
AuthenticationMWs.authorise(UserRoles.LimitedGuest),
|
||||
SharingMWs.getSharing,
|
||||
ServerTimingMWs.addServerTiming,
|
||||
RenderingMWs.renderSharing
|
||||
);
|
||||
}
|
||||
|
||||
private static addCreateSharing(app: express.Express): void {
|
||||
app.post(
|
||||
[Config.Server.apiPath + '/share/:directory(*)', Config.Server.apiPath + '/share/', Config.Server.apiPath + '/share//'],
|
||||
AuthenticationMWs.authenticate,
|
||||
AuthenticationMWs.authorise(UserRoles.User),
|
||||
SharingMWs.createSharing,
|
||||
ServerTimingMWs.addServerTiming,
|
||||
RenderingMWs.renderSharing
|
||||
[Config.Server.apiPath + '/share/:directory(*)', Config.Server.apiPath + '/share/', Config.Server.apiPath + '/share//'],
|
||||
AuthenticationMWs.authenticate,
|
||||
AuthenticationMWs.authorise(UserRoles.User),
|
||||
SharingMWs.createSharing,
|
||||
ServerTimingMWs.addServerTiming,
|
||||
RenderingMWs.renderSharing
|
||||
);
|
||||
}
|
||||
|
||||
private static addUpdateSharing(app: express.Express): void {
|
||||
app.put(
|
||||
[Config.Server.apiPath + '/share/:directory(*)', Config.Server.apiPath + '/share/', Config.Server.apiPath + '/share//'],
|
||||
AuthenticationMWs.authenticate,
|
||||
AuthenticationMWs.authorise(UserRoles.User),
|
||||
SharingMWs.updateSharing,
|
||||
ServerTimingMWs.addServerTiming,
|
||||
RenderingMWs.renderSharing
|
||||
[Config.Server.apiPath + '/share/:directory(*)', Config.Server.apiPath + '/share/', Config.Server.apiPath + '/share//'],
|
||||
AuthenticationMWs.authenticate,
|
||||
AuthenticationMWs.authorise(UserRoles.User),
|
||||
SharingMWs.updateSharing,
|
||||
ServerTimingMWs.addServerTiming,
|
||||
RenderingMWs.renderSharing
|
||||
);
|
||||
}
|
||||
|
||||
private static addDeleteSharing(app: express.Express): void {
|
||||
app.delete(
|
||||
[Config.Server.apiPath + '/share/:' + QueryParams.gallery.sharingKey_params],
|
||||
AuthenticationMWs.authenticate,
|
||||
AuthenticationMWs.authorise(UserRoles.User),
|
||||
SharingMWs.deleteSharing,
|
||||
ServerTimingMWs.addServerTiming,
|
||||
RenderingMWs.renderResult
|
||||
[Config.Server.apiPath + '/share/:' + QueryParams.gallery.sharingKey_params],
|
||||
AuthenticationMWs.authenticate,
|
||||
AuthenticationMWs.authorise(UserRoles.User),
|
||||
SharingMWs.deleteSharing,
|
||||
ServerTimingMWs.addServerTiming,
|
||||
RenderingMWs.renderResult
|
||||
);
|
||||
}
|
||||
|
||||
private static addListSharing(app: express.Express): void {
|
||||
app.get(
|
||||
[Config.Server.apiPath + '/share/listAll'],
|
||||
AuthenticationMWs.authenticate,
|
||||
AuthenticationMWs.authorise(UserRoles.Admin),
|
||||
SharingMWs.listSharing,
|
||||
ServerTimingMWs.addServerTiming,
|
||||
RenderingMWs.renderSharingList
|
||||
[Config.Server.apiPath + '/share/listAll'],
|
||||
AuthenticationMWs.authenticate,
|
||||
AuthenticationMWs.authorise(UserRoles.Admin),
|
||||
SharingMWs.listSharing,
|
||||
ServerTimingMWs.addServerTiming,
|
||||
RenderingMWs.renderSharingList
|
||||
);
|
||||
}
|
||||
|
||||
private static addListSharingForDir(app: express.Express): void {
|
||||
app.get(
|
||||
[Config.Server.apiPath + '/share/list/:directory(*)',
|
||||
Config.Server.apiPath + '/share/list//',
|
||||
Config.Server.apiPath + '/share/list'],
|
||||
AuthenticationMWs.authenticate,
|
||||
AuthenticationMWs.authorise(UserRoles.User),
|
||||
SharingMWs.listSharingForDir,
|
||||
ServerTimingMWs.addServerTiming,
|
||||
RenderingMWs.renderSharingList
|
||||
[Config.Server.apiPath + '/share/list/:directory(*)',
|
||||
Config.Server.apiPath + '/share/list//',
|
||||
Config.Server.apiPath + '/share/list'],
|
||||
AuthenticationMWs.authenticate,
|
||||
AuthenticationMWs.authorise(UserRoles.User),
|
||||
SharingMWs.listSharingForDir,
|
||||
ServerTimingMWs.addServerTiming,
|
||||
RenderingMWs.renderSharingList
|
||||
);
|
||||
}
|
||||
}
|
||||
|
@ -273,12 +273,12 @@ export class ClientSharingConfig {
|
||||
@ConfigProperty({
|
||||
tags:
|
||||
{
|
||||
name: $localize`Password protected`,
|
||||
name: $localize`Require password`,
|
||||
priority: ConfigPriority.advanced
|
||||
},
|
||||
description: $localize`Enables password protected sharing links.`,
|
||||
description: $localize`Requires password protected sharing links.`,
|
||||
})
|
||||
passwordProtected: boolean = true;
|
||||
passwordRequired: boolean = false;
|
||||
}
|
||||
|
||||
@SubConfigClass({tags: {client: true}, softReadonly: true})
|
||||
|
@ -1,6 +1,10 @@
|
||||
import {UserDTO} from './UserDTO';
|
||||
|
||||
export interface SharingDTO {
|
||||
export interface SharingDTOKey {
|
||||
sharingKey: string;
|
||||
}
|
||||
|
||||
export interface SharingDTO extends SharingDTOKey {
|
||||
id: number;
|
||||
path: string;
|
||||
sharingKey: string;
|
||||
|
@ -65,16 +65,16 @@
|
||||
<li class="nav-item dropdown">
|
||||
<div class="btn-group" dropdown #dropdown="bs-dropdown" placement="bottom"
|
||||
[autoClose]="false" container="body">
|
||||
<button id="button-alignment" dropdownToggle
|
||||
<button id="button-frame-menu" dropdownToggle
|
||||
type="button" class="btn btn-tertiary dropdown-toggle"
|
||||
aria-controls="dropdown-alignment">
|
||||
aria-controls="dropdown-frame-menu">
|
||||
<ng-icon class="align-text-top" size="1.2em" name="ionMenuOutline"></ng-icon>
|
||||
<span *ngIf="isAdmin() && notificationService.numberOfNotifications>0"
|
||||
class="navbar-badge badge text-bg-warning">{{notificationService.numberOfNotifications}}</span>
|
||||
</button>
|
||||
<ul id="dropdown-alignment" *dropdownMenu
|
||||
<ul id="dropdown-frame-menu" *dropdownMenu
|
||||
class="dropdown-menu dropdown-menu-right"
|
||||
role="menu" aria-labelledby="button-alignment">
|
||||
role="menu" aria-labelledby="button-frame-menu">
|
||||
|
||||
<li role="menuitem" class="d-xl-none">
|
||||
<div style="white-space: nowrap;" class="dropdown-item">
|
||||
|
@ -52,18 +52,18 @@ export class GalleryComponent implements OnInit, OnDestroy {
|
||||
};
|
||||
|
||||
constructor(
|
||||
public contentLoader: ContentLoaderService,
|
||||
public galleryService: ContentService,
|
||||
private authService: AuthenticationService,
|
||||
private router: Router,
|
||||
private shareService: ShareService,
|
||||
private route: ActivatedRoute,
|
||||
private navigation: NavigationService,
|
||||
private filterService: FilterService,
|
||||
private sortingService: GallerySortingService,
|
||||
private piTitleService: PiTitleService,
|
||||
private gpxFilesFilterPipe: GPXFilesFilterPipe,
|
||||
private mdFilesFilterPipe: MDFilesFilterPipe,
|
||||
public contentLoader: ContentLoaderService,
|
||||
public galleryService: ContentService,
|
||||
private authService: AuthenticationService,
|
||||
private router: Router,
|
||||
private shareService: ShareService,
|
||||
private route: ActivatedRoute,
|
||||
private navigation: NavigationService,
|
||||
private filterService: FilterService,
|
||||
private sortingService: GallerySortingService,
|
||||
private piTitleService: PiTitleService,
|
||||
private gpxFilesFilterPipe: GPXFilesFilterPipe,
|
||||
private mdFilesFilterPipe: MDFilesFilterPipe,
|
||||
) {
|
||||
this.mapEnabled = Config.Map.enabled;
|
||||
PageHelper.showScrollY();
|
||||
@ -79,17 +79,17 @@ export class GalleryComponent implements OnInit, OnDestroy {
|
||||
}
|
||||
// if the timer is longer than 10 years, just do not show it
|
||||
if (
|
||||
(this.shareService.sharingSubject.value.expires - Date.now()) /
|
||||
1000 /
|
||||
86400 /
|
||||
365 >
|
||||
10
|
||||
(this.shareService.sharingSubject.value.expires - Date.now()) /
|
||||
1000 /
|
||||
86400 /
|
||||
365 >
|
||||
10
|
||||
) {
|
||||
return;
|
||||
}
|
||||
|
||||
t = Math.floor(
|
||||
(this.shareService.sharingSubject.value.expires - Date.now()) / 1000
|
||||
(this.shareService.sharingSubject.value.expires - Date.now()) / 1000
|
||||
);
|
||||
this.countDown = {} as any;
|
||||
this.countDown.day = Math.floor(t / 86400);
|
||||
@ -118,31 +118,26 @@ export class GalleryComponent implements OnInit, OnDestroy {
|
||||
|
||||
async ngOnInit(): Promise<boolean> {
|
||||
await this.shareService.wait();
|
||||
if (
|
||||
!this.authService.isAuthenticated() &&
|
||||
(!this.shareService.isSharing() ||
|
||||
(this.shareService.isSharing() &&
|
||||
Config.Sharing.passwordProtected === true))
|
||||
) {
|
||||
if (!this.authService.isAuthenticated()) {
|
||||
return this.navigation.toLogin();
|
||||
}
|
||||
this.showSearchBar = this.authService.canSearch();
|
||||
this.showShare =
|
||||
Config.Sharing.enabled &&
|
||||
this.authService.isAuthorized(UserRoles.User);
|
||||
Config.Sharing.enabled &&
|
||||
this.authService.isAuthorized(UserRoles.User);
|
||||
this.showRandomPhotoBuilder =
|
||||
Config.RandomPhoto.enabled &&
|
||||
this.authService.isAuthorized(UserRoles.User);
|
||||
Config.RandomPhoto.enabled &&
|
||||
this.authService.isAuthorized(UserRoles.User);
|
||||
this.subscription.content = this.galleryService.sortedFilteredContent
|
||||
.subscribe((dc: GroupedDirectoryContent) => {
|
||||
this.onContentChange(dc);
|
||||
});
|
||||
.subscribe((dc: GroupedDirectoryContent) => {
|
||||
this.onContentChange(dc);
|
||||
});
|
||||
this.subscription.route = this.route.params.subscribe(this.onRoute);
|
||||
|
||||
if (this.shareService.isSharing()) {
|
||||
this.$counter = interval(1000);
|
||||
this.subscription.timer = this.$counter.subscribe((x): void =>
|
||||
this.updateTimer(x)
|
||||
this.updateTimer(x)
|
||||
);
|
||||
}
|
||||
}
|
||||
@ -156,18 +151,18 @@ export class GalleryComponent implements OnInit, OnDestroy {
|
||||
}
|
||||
|
||||
if (
|
||||
params[QueryParams.gallery.sharingKey_params] &&
|
||||
params[QueryParams.gallery.sharingKey_params] !== ''
|
||||
params[QueryParams.gallery.sharingKey_params] &&
|
||||
params[QueryParams.gallery.sharingKey_params] !== ''
|
||||
) {
|
||||
const sharing = await this.shareService.currentSharing
|
||||
.pipe(take(1))
|
||||
.toPromise();
|
||||
.pipe(take(1))
|
||||
.toPromise();
|
||||
const qParams: { [key: string]: any } = {};
|
||||
qParams[QueryParams.gallery.sharingKey_query] =
|
||||
this.shareService.getSharingKey();
|
||||
this.shareService.getSharingKey();
|
||||
this.router
|
||||
.navigate(['/gallery', sharing.path], {queryParams: qParams})
|
||||
.catch(console.error);
|
||||
.navigate(['/gallery', sharing.path], {queryParams: qParams})
|
||||
.catch(console.error);
|
||||
return;
|
||||
}
|
||||
|
||||
@ -191,8 +186,8 @@ export class GalleryComponent implements OnInit, OnDestroy {
|
||||
for (const mediaGroup of content.mediaGroups) {
|
||||
|
||||
if (
|
||||
mediaGroup.media
|
||||
.findIndex((m: PhotoDTO) => !!m.metadata?.positionData?.GPSData?.longitude) !== -1
|
||||
mediaGroup.media
|
||||
.findIndex((m: PhotoDTO) => !!m.metadata?.positionData?.GPSData?.longitude) !== -1
|
||||
) {
|
||||
this.isPhotoWithLocation = true;
|
||||
break;
|
||||
|
@ -1,11 +1,11 @@
|
||||
import {Injectable} from '@angular/core';
|
||||
import {NetworkService} from '../../model/network/network.service';
|
||||
import {CreateSharingDTO, SharingDTO,} from '../../../../common/entities/SharingDTO';
|
||||
import {CreateSharingDTO, SharingDTO, SharingDTOKey,} from '../../../../common/entities/SharingDTO';
|
||||
import {Router, RoutesRecognized} from '@angular/router';
|
||||
import {BehaviorSubject} from 'rxjs';
|
||||
import {distinctUntilChanged, filter} from 'rxjs/operators';
|
||||
import {QueryParams} from '../../../../common/QueryParams';
|
||||
import {UserDTO} from '../../../../common/entities/UserDTO';
|
||||
import {UserDTO, UserRoles} from '../../../../common/entities/UserDTO';
|
||||
import {Utils} from '../../../../common/Utils';
|
||||
import {Config} from '../../../../common/config/public/Config';
|
||||
|
||||
@ -21,12 +21,15 @@ export class ShareService {
|
||||
inited = false;
|
||||
public ReadyPR: Promise<void>;
|
||||
public sharingSubject: BehaviorSubject<SharingDTO> = new BehaviorSubject(
|
||||
null
|
||||
null
|
||||
);
|
||||
public sharingIsValid: BehaviorSubject<boolean> = new BehaviorSubject(
|
||||
null
|
||||
);
|
||||
public currentSharing = this.sharingSubject
|
||||
.asObservable()
|
||||
.pipe(filter((s) => s !== null))
|
||||
.pipe(distinctUntilChanged());
|
||||
.asObservable()
|
||||
.pipe(filter((s) => s !== null))
|
||||
.pipe(distinctUntilChanged());
|
||||
|
||||
private resolve: () => void;
|
||||
|
||||
@ -41,18 +44,18 @@ export class ShareService {
|
||||
this.router.events.subscribe(async (val) => {
|
||||
if (val instanceof RoutesRecognized) {
|
||||
this.param =
|
||||
val.state.root.firstChild.params[
|
||||
QueryParams.gallery.sharingKey_params
|
||||
] || null;
|
||||
val.state.root.firstChild.params[
|
||||
QueryParams.gallery.sharingKey_params
|
||||
] || null;
|
||||
this.queryParam =
|
||||
val.state.root.firstChild.queryParams[
|
||||
QueryParams.gallery.sharingKey_query
|
||||
] || null;
|
||||
val.state.root.firstChild.queryParams[
|
||||
QueryParams.gallery.sharingKey_query
|
||||
] || null;
|
||||
|
||||
const changed = this.sharingKey !== (this.param || this.queryParam);
|
||||
if (changed) {
|
||||
this.sharingKey = this.param || this.queryParam || this.sharingKey;
|
||||
await this.getSharing();
|
||||
await this.checkSharing();
|
||||
}
|
||||
if (this.resolve) {
|
||||
this.resolve();
|
||||
@ -69,12 +72,17 @@ export class ShareService {
|
||||
|
||||
|
||||
onNewUser = async (user: UserDTO) => {
|
||||
if (user && !!user.usedSharingKey) {
|
||||
// if this is a sharing user or a logged-in user, get sharing key
|
||||
if (user?.usedSharingKey || user?.role > UserRoles.LimitedGuest) {
|
||||
if (
|
||||
user.usedSharingKey !== this.sharingKey ||
|
||||
this.sharingSubject.value == null
|
||||
(user?.usedSharingKey &&
|
||||
user?.usedSharingKey !== this.sharingKey) ||
|
||||
this.sharingSubject.value == null
|
||||
) {
|
||||
this.sharingKey = user.usedSharingKey;
|
||||
this.sharingKey = user.usedSharingKey || this.getSharingKey();
|
||||
if(!this.sharingKey){ //no key to fetch
|
||||
return
|
||||
}
|
||||
await this.getSharing();
|
||||
}
|
||||
if (this.resolve) {
|
||||
@ -93,24 +101,26 @@ export class ShareService {
|
||||
}
|
||||
|
||||
public createSharing(
|
||||
dir: string,
|
||||
includeSubFolders: boolean,
|
||||
valid: number
|
||||
dir: string,
|
||||
includeSubFolders: boolean,
|
||||
password: string,
|
||||
valid: number
|
||||
): Promise<SharingDTO> {
|
||||
return this.networkService.postJson('/share/' + dir, {
|
||||
createSharing: {
|
||||
includeSubfolders: includeSubFolders,
|
||||
valid,
|
||||
...(!!password && {password: password}) // only add password if present
|
||||
} as CreateSharingDTO,
|
||||
});
|
||||
}
|
||||
|
||||
public updateSharing(
|
||||
dir: string,
|
||||
sharingId: number,
|
||||
includeSubFolders: boolean,
|
||||
password: string,
|
||||
valid: number
|
||||
dir: string,
|
||||
sharingId: number,
|
||||
includeSubFolders: boolean,
|
||||
password: string,
|
||||
valid: number
|
||||
): Promise<SharingDTO> {
|
||||
return this.networkService.putJson('/share/' + dir, {
|
||||
updateSharing: {
|
||||
@ -134,7 +144,7 @@ export class ShareService {
|
||||
try {
|
||||
this.sharingSubject.next(null);
|
||||
const sharing = await this.networkService.getJson<SharingDTO>(
|
||||
'/share/' + this.getSharingKey()
|
||||
'/share/' + this.getSharingKey()
|
||||
);
|
||||
this.sharingSubject.next(sharing);
|
||||
} catch (e) {
|
||||
@ -143,8 +153,21 @@ export class ShareService {
|
||||
}
|
||||
}
|
||||
|
||||
private async checkSharing(): Promise<void> {
|
||||
try {
|
||||
this.sharingIsValid.next(null);
|
||||
const sharing = await this.networkService.getJson<SharingDTOKey>(
|
||||
'/share/' + this.getSharingKey() + '/key'
|
||||
);
|
||||
this.sharingIsValid.next(sharing.sharingKey === this.getSharingKey());
|
||||
} catch (e) {
|
||||
this.sharingIsValid.next(false);
|
||||
console.error(e);
|
||||
}
|
||||
}
|
||||
|
||||
public async getSharingListForDir(
|
||||
dir: string
|
||||
dir: string
|
||||
): Promise<SharingDTO[]> {
|
||||
return this.networkService.getJson('/share/list/' + dir);
|
||||
}
|
||||
|
@ -82,11 +82,11 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="row" *ngIf="passwordProtection">
|
||||
<div class="row">
|
||||
<div class="col-4">
|
||||
<label class="control-label" for="share-password">
|
||||
<ng-container i18n>Password</ng-container><!--
|
||||
-->*:
|
||||
<ng-container i18n>Password</ng-container>
|
||||
<ng-container *ngIf="passwordRequired">*</ng-container>
|
||||
</label>
|
||||
</div>
|
||||
<div class="col-8">
|
||||
@ -98,7 +98,7 @@
|
||||
[(ngModel)]="input.password"
|
||||
i18n-placeholder
|
||||
placeholder="Password"
|
||||
required>
|
||||
[required]="passwordRequired">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
@ -36,7 +36,7 @@ export class GalleryShareComponent implements OnInit, OnDestroy {
|
||||
currentDir = '';
|
||||
sharing: SharingDTO = null;
|
||||
contentSubscription: Subscription = null;
|
||||
readonly passwordProtection = Config.Sharing.passwordProtected;
|
||||
readonly passwordRequired = Config.Sharing.passwordRequired;
|
||||
readonly ValidityTypes = ValidityTypes;
|
||||
|
||||
modalRef: BsModalRef;
|
||||
@ -138,11 +138,16 @@ export class GalleryShareComponent implements OnInit, OnDestroy {
|
||||
}
|
||||
|
||||
async get(): Promise<void> {
|
||||
if(Config.Sharing.passwordRequired && !this.input.password){
|
||||
this.url = $localize`Set password.`;
|
||||
return;
|
||||
}
|
||||
this.urlValid = false;
|
||||
this.url = $localize`loading..`;
|
||||
this.sharing = await this.sharingService.createSharing(
|
||||
this.currentDir,
|
||||
this.input.includeSubfolders,
|
||||
this.input.password,
|
||||
this.calcValidity()
|
||||
);
|
||||
this.url = this.sharingService.getUrl(this.sharing);
|
||||
|
@ -7,10 +7,10 @@
|
||||
</div>
|
||||
<div class="row card align-self-center">
|
||||
<div class="card-body">
|
||||
<div *ngIf="(shareService.currentSharing | async) == shareService.UnknownSharingKey"
|
||||
<div *ngIf="!(shareService.sharingIsValid | async)"
|
||||
class="h3 text-center text-danger" i18n>Unknown sharing key.
|
||||
</div>
|
||||
<form *ngIf="(shareService.currentSharing | async) != shareService.UnknownSharingKey"
|
||||
<form *ngIf="(shareService.sharingIsValid | async)"
|
||||
name="form" id="form" class="form-horizontal" #LoginForm="ngForm" (submit)="onLogin()">
|
||||
<div class="error-message" [hidden]="loginError==false" i18n>Wrong password</div>
|
||||
|
||||
@ -32,6 +32,7 @@
|
||||
|
||||
<div class="col-sm-12 controls d-grid gap-2">
|
||||
<button class="btn btn-primary btn-lg"
|
||||
id="button-share-login"
|
||||
[disabled]="!LoginForm.form.valid || inProgress"
|
||||
type="submit"
|
||||
name="action" i18n>Enter
|
||||
|
@ -75,8 +75,15 @@ describe('PublicRouter', () => {
|
||||
.get('/share/' + sharingKey);
|
||||
};
|
||||
|
||||
it('should not get default user with passworded share share without password', async () => {
|
||||
Config.Sharing.passwordProtected = true;
|
||||
it('should not get default user with passworded share without required password', async () => {
|
||||
Config.Sharing.passwordRequired = false;
|
||||
const sharing = await RouteTestingHelper.createSharing(testUser, 'secret_pass');
|
||||
const res = await fistLoad(server, sharing.sharingKey);
|
||||
shouldHaveInjectedUser(res, null);
|
||||
});
|
||||
|
||||
it('should not get default user with passworded share share with required password', async () => {
|
||||
Config.Sharing.passwordRequired = true;
|
||||
const sharing = await RouteTestingHelper.createSharing(testUser, 'secret_pass');
|
||||
const res = await fistLoad(server, sharing.sharingKey);
|
||||
shouldHaveInjectedUser(res, null);
|
||||
@ -84,25 +91,13 @@ describe('PublicRouter', () => {
|
||||
|
||||
|
||||
it('should get default user with no-password share', async () => {
|
||||
Config.Sharing.passwordProtected = true;
|
||||
Config.Sharing.passwordRequired = false;
|
||||
const sharing = await RouteTestingHelper.createSharing(testUser);
|
||||
const res = await fistLoad(server, sharing.sharingKey);
|
||||
shouldHaveInjectedUser(res, RouteTestingHelper.getExpectedSharingUser(sharing));
|
||||
});
|
||||
|
||||
it('should get default user for no-password share when password protection disabled', async () => {
|
||||
Config.Sharing.passwordProtected = false;
|
||||
const sharing = await RouteTestingHelper.createSharing(testUser);
|
||||
const res = await fistLoad(server, sharing.sharingKey);
|
||||
shouldHaveInjectedUser(res, RouteTestingHelper.getExpectedSharingUser(sharing));
|
||||
});
|
||||
|
||||
it('should get default user for passworded share when password protection disabled', async () => {
|
||||
Config.Sharing.passwordProtected = false;
|
||||
const sharing = await RouteTestingHelper.createSharing(testUser, 'secret_pass');
|
||||
const res = await fistLoad(server, sharing.sharingKey);
|
||||
shouldHaveInjectedUser(res, RouteTestingHelper.getExpectedSharingUser(sharing));
|
||||
});
|
||||
|
||||
|
||||
});
|
||||
|
@ -74,15 +74,32 @@ describe('SharingRouter', () => {
|
||||
beforeEach(setUp);
|
||||
afterEach(tearDown);
|
||||
|
||||
it('should login with passworded share', async () => {
|
||||
Config.Sharing.passwordProtected = true;
|
||||
it('should login with passworded share when password required', async () => {
|
||||
Config.Sharing.passwordRequired = true;
|
||||
const sharing = await RouteTestingHelper.createSharing(testUser, 'secret_pass');
|
||||
const res = await shareLogin(server, sharing.sharingKey, sharing.password);
|
||||
shouldBeValidUser(res, RouteTestingHelper.getExpectedSharingUser(sharing));
|
||||
});
|
||||
|
||||
it('should login with passworded share when password not required', async () => {
|
||||
Config.Sharing.passwordRequired = false;
|
||||
const sharing = await RouteTestingHelper.createSharing(testUser, 'secret_pass');
|
||||
const res = await shareLogin(server, sharing.sharingKey, sharing.password);
|
||||
shouldBeValidUser(res, RouteTestingHelper.getExpectedSharingUser(sharing));
|
||||
});
|
||||
|
||||
|
||||
it('should login without passworded share when password not required', async () => {
|
||||
Config.Sharing.passwordRequired = false;
|
||||
const sharing = await RouteTestingHelper.createSharing(testUser );
|
||||
const res = await shareLogin(server, sharing.sharingKey, sharing.password);
|
||||
shouldBeValidUser(res, RouteTestingHelper.getExpectedSharingUser(sharing));
|
||||
});
|
||||
|
||||
|
||||
|
||||
it('should not login with passworded share without password', async () => {
|
||||
Config.Sharing.passwordProtected = true;
|
||||
Config.Sharing.passwordRequired = true;
|
||||
const sharing = await RouteTestingHelper.createSharing(testUser, 'secret_pass');
|
||||
const result = await shareLogin(server, sharing.sharingKey);
|
||||
|
||||
@ -92,22 +109,22 @@ describe('SharingRouter', () => {
|
||||
should.equal(result.body.error.code, ErrorCodes.CREDENTIAL_NOT_FOUND);
|
||||
});
|
||||
|
||||
it('should not login with passworded share but password protection disabled', async () => {
|
||||
Config.Sharing.passwordProtected = false;
|
||||
const sharing = await RouteTestingHelper.createSharing(testUser, 'secret_pass');
|
||||
const res = await shareLogin(server, sharing.sharingKey);
|
||||
|
||||
shouldBeValidUser(res, RouteTestingHelper.getExpectedSharingUser(sharing));
|
||||
});
|
||||
|
||||
it('should login with no-password share', async () => {
|
||||
Config.Sharing.passwordProtected = true;
|
||||
it('should not login to share without password when password required', async () => {
|
||||
Config.Sharing.passwordRequired = false;
|
||||
const sharing = await RouteTestingHelper.createSharing(testUser);
|
||||
const res = await shareLogin(server, sharing.sharingKey, sharing.password);
|
||||
shouldBeValidUser(res, RouteTestingHelper.getExpectedSharingUser(sharing));
|
||||
Config.Sharing.passwordRequired = true;
|
||||
const result = await shareLogin(server, sharing.sharingKey);
|
||||
|
||||
result.should.have.status(401);
|
||||
result.body.should.be.a('object');
|
||||
result.body.error.should.be.a('object');
|
||||
should.equal(result.body.error.code, ErrorCodes.CREDENTIAL_NOT_FOUND);
|
||||
});
|
||||
|
||||
|
||||
|
||||
|
||||
});
|
||||
|
||||
|
||||
|
@ -125,9 +125,9 @@ describe('UserRouter', () => {
|
||||
it('it should authenticate as user with sharing key', async () => {
|
||||
Config.Users.authenticationRequired = true;
|
||||
Config.Sharing.enabled = true;
|
||||
Config.Sharing.passwordProtected = true;
|
||||
Config.Sharing.passwordRequired = true;
|
||||
|
||||
const sharingKey = (await RouteTestingHelper.createSharing(testUser)).sharingKey;
|
||||
const sharingKey = (await RouteTestingHelper.createSharing(testUser, 'pass')).sharingKey;
|
||||
|
||||
|
||||
const loginRes = await login(server);
|
||||
@ -146,7 +146,7 @@ describe('UserRouter', () => {
|
||||
it('it should authenticate with sharing key', async () => {
|
||||
Config.Users.authenticationRequired = true;
|
||||
Config.Sharing.enabled = true;
|
||||
Config.Sharing.passwordProtected = true;
|
||||
Config.Sharing.passwordRequired = false;
|
||||
const sharing = (await RouteTestingHelper.createSharing(testUser));
|
||||
|
||||
|
||||
@ -161,7 +161,7 @@ describe('UserRouter', () => {
|
||||
it('it should not authenticate with sharing key without password', async () => {
|
||||
Config.Users.authenticationRequired = true;
|
||||
Config.Sharing.enabled = true;
|
||||
Config.Sharing.passwordProtected = true;
|
||||
Config.Sharing.passwordRequired = true;
|
||||
const sharing = (await RouteTestingHelper.createSharing(testUser, 'pass_secret'));
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user