diff --git a/src/middleware/admin.js b/src/middleware/admin.js index 5ea13a5981ee..3b2a68a4555b 100644 --- a/src/middleware/admin.js +++ b/src/middleware/admin.js @@ -18,118 +18,114 @@ var controllers = { helpers: require('../controllers/helpers'), }; -module.exports = function (middleware) { - middleware.admin = {}; - - middleware.admin.buildHeader = helpers.try(async function (req, res, next) { - res.locals.renderAdminHeader = true; - res.locals.config = await controllers.api.loadConfig(req); - next(); +module.exports.buildHeader = helpers.try(async function (req, res, next) { + res.locals.renderAdminHeader = true; + res.locals.config = await controllers.api.loadConfig(req); + next(); +}); + +module.exports.renderHeader = async (req, res, data) => { + var custom_header = { + plugins: [], + authentication: [], + }; + res.locals.config = res.locals.config || {}; + + const results = await utils.promiseParallel({ + userData: user.getUserFields(req.uid, ['username', 'userslug', 'email', 'picture', 'email:confirmed']), + scripts: getAdminScripts(), + custom_header: plugins.fireHook('filter:admin.header.build', custom_header), + configs: meta.configs.list(), + latestVersion: getLatestVersion(), + privileges: privileges.admin.get(req.uid), }); - middleware.admin.renderHeader = async (req, res, data) => { - var custom_header = { - plugins: [], - authentication: [], - }; - res.locals.config = res.locals.config || {}; - - const results = await utils.promiseParallel({ - userData: user.getUserFields(req.uid, ['username', 'userslug', 'email', 'picture', 'email:confirmed']), - scripts: getAdminScripts(), - custom_header: plugins.fireHook('filter:admin.header.build', custom_header), - configs: meta.configs.list(), - latestVersion: getLatestVersion(), - privileges: privileges.admin.get(req.uid), - }); - - var userData = results.userData; - userData.uid = req.uid; - userData['email:confirmed'] = userData['email:confirmed'] === 1; - userData.privileges = results.privileges; - - var acpPath = req.path.slice(1).split('/'); - acpPath.forEach(function (path, i) { - acpPath[i] = path.charAt(0).toUpperCase() + path.slice(1); - }); - acpPath = acpPath.join(' > '); - - var version = nconf.get('version'); - - res.locals.config.userLang = res.locals.config.acpLang || res.locals.config.userLang; - var templateValues = { - config: res.locals.config, - configJSON: jsesc(JSON.stringify(res.locals.config), { isScriptContext: true }), - relative_path: res.locals.config.relative_path, - adminConfigJSON: encodeURIComponent(JSON.stringify(results.configs)), - user: userData, - userJSON: jsesc(JSON.stringify(userData), { isScriptContext: true }), - plugins: results.custom_header.plugins, - authentication: results.custom_header.authentication, - scripts: results.scripts, - 'cache-buster': meta.config['cache-buster'] || '', - env: !!process.env.NODE_ENV, - title: (acpPath || 'Dashboard') + ' | NodeBB Admin Control Panel', - bodyClass: data.bodyClass, - version: version, - latestVersion: results.latestVersion, - upgradeAvailable: results.latestVersion && semver.gt(results.latestVersion, version), - }; - - templateValues.template = { name: res.locals.template }; - templateValues.template[res.locals.template] = true; - - return await req.app.renderAsync('admin/header', templateValues); + var userData = results.userData; + userData.uid = req.uid; + userData['email:confirmed'] = userData['email:confirmed'] === 1; + userData.privileges = results.privileges; + + var acpPath = req.path.slice(1).split('/'); + acpPath.forEach(function (path, i) { + acpPath[i] = path.charAt(0).toUpperCase() + path.slice(1); + }); + acpPath = acpPath.join(' > '); + + var version = nconf.get('version'); + + res.locals.config.userLang = res.locals.config.acpLang || res.locals.config.userLang; + var templateValues = { + config: res.locals.config, + configJSON: jsesc(JSON.stringify(res.locals.config), { isScriptContext: true }), + relative_path: res.locals.config.relative_path, + adminConfigJSON: encodeURIComponent(JSON.stringify(results.configs)), + user: userData, + userJSON: jsesc(JSON.stringify(userData), { isScriptContext: true }), + plugins: results.custom_header.plugins, + authentication: results.custom_header.authentication, + scripts: results.scripts, + 'cache-buster': meta.config['cache-buster'] || '', + env: !!process.env.NODE_ENV, + title: (acpPath || 'Dashboard') + ' | NodeBB Admin Control Panel', + bodyClass: data.bodyClass, + version: version, + latestVersion: results.latestVersion, + upgradeAvailable: results.latestVersion && semver.gt(results.latestVersion, version), }; - async function getAdminScripts() { - const scripts = await plugins.fireHook('filter:admin.scripts.get', []); - return scripts.map(function (script) { - return { src: script }; - }); + templateValues.template = { name: res.locals.template }; + templateValues.template[res.locals.template] = true; + + return await req.app.renderAsync('admin/header', templateValues); +}; + +async function getAdminScripts() { + const scripts = await plugins.fireHook('filter:admin.scripts.get', []); + return scripts.map(function (script) { + return { src: script }; + }); +} + +async function getLatestVersion() { + try { + const result = await versions.getLatestVersion(); + return result; + } catch (err) { + winston.error('[acp] Failed to fetch latest version' + err.stack); } + return null; +} - async function getLatestVersion() { - try { - const result = await versions.getLatestVersion(); - return result; - } catch (err) { - winston.error('[acp] Failed to fetch latest version' + err.stack); - } - return null; +module.exports.renderFooter = async function (req, res, data) { + return await req.app.renderAsync('admin/footer', data); +}; + +module.exports.checkPrivileges = async (req, res, next) => { + // Kick out guests, obviously + if (!req.uid) { + return controllers.helpers.notAllowed(req, res); } - middleware.admin.renderFooter = async function (req, res, data) { - return await req.app.renderAsync('admin/footer', data); - }; + // Users in "administrators" group are considered super admins + const isAdmin = await user.isAdministrator(req.uid); + if (isAdmin) { + return next(); + } - middleware.admin.checkPrivileges = async (req, res, next) => { - // Kick out guests, obviously - if (!req.uid) { + // Otherwise, check for privilege based on page (if not in mapping, deny access) + const path = req.path.replace(/^(\/api)?\/admin\/?/g, ''); + if (path) { + const privilege = privileges.admin.resolve(path); + if (!privilege || !await privileges.admin.can(privilege, req.uid)) { return controllers.helpers.notAllowed(req, res); } - - // Users in "administrators" group are considered super admins - const isAdmin = await user.isAdministrator(req.uid); - if (isAdmin) { - return next(); - } - - // Otherwise, check for privilege based on page (if not in mapping, deny access) - const path = req.path.replace(/^(\/api)?\/admin\/?/g, ''); - if (path) { - const privilege = privileges.admin.resolve(path); - if (!privilege || !await privileges.admin.can(privilege, req.uid)) { - return controllers.helpers.notAllowed(req, res); - } - } else { - // If accessing /admin, check for any valid admin privs - const privilegeSet = await privileges.admin.get(req.uid); - if (!Object.values(privilegeSet).some(Boolean)) { - return controllers.helpers.notAllowed(req, res); - } + } else { + // If accessing /admin, check for any valid admin privs + const privilegeSet = await privileges.admin.get(req.uid); + if (!Object.values(privilegeSet).some(Boolean)) { + return controllers.helpers.notAllowed(req, res); } + } - next(); - }; + next(); }; diff --git a/src/middleware/index.js b/src/middleware/index.js index b84cfd35afd4..04767c649348 100644 --- a/src/middleware/index.js +++ b/src/middleware/index.js @@ -51,7 +51,7 @@ middleware.applyCSRF = function (req, res, next) { middleware.ensureLoggedIn = ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login'); -require('./admin')(middleware); +middleware.admin = require('./admin'); require('./header')(middleware); require('./render')(middleware); require('./maintenance')(middleware);