Merge pull request #37 from fedwiki/paul90/login2view

Updating login to view
fedwiki · Aug 22, 2023 · ebcfe9c · ebcfe9c
2 parents cec8c04 + 5137dd8
commit ebcfe9c
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 10 deletions.
diff --git a/client/security.coffee b/client/security.coffee
@@ -31,10 +31,13 @@ claim_wiki = () ->
     .then (response) ->
       if response.ok
         response.json().then (json) ->
-          ownerName = json.ownerName
-          window.isClaimed = true
-          window.isOwner = true
-          update_footer ownerName, true
+          if wiki.lineup.bestTitle() is 'Login Required'
+            location.reload()
+          else
+            ownerName = json.ownerName
+            window.isClaimed = true
+            window.isOwner = true
+            update_footer ownerName, true
       else
         console.log 'Attempt to claim site failed', response
 
@@ -103,7 +106,10 @@ update_footer = (ownerName, isAuthenticated) ->
             if !isClaimed
               claim_wiki()
             else
-              update_footer ownerName, true)
+              if wiki.lineup.bestTitle() is 'Login Required'
+                location.reload()
+              else
+                update_footer ownerName, true)
 
 
 
@@ -165,8 +171,6 @@ setup = (user) ->
         settings.dialogURL = dialogProtocol + '//' + dialogHost + '/auth/loginDialog'
         settings.relayURL = dialogProtocol + '//' + dialogHost + '/auth/relay.html'
         settings.dialogAddAltURL = dialogProtocol + '//' + dialogHost + '/auth/addAuthDialog'
-
-
         update_footer ownerName, isAuthenticated
     else
       console.log 'Unable to fetch client settings: ', response

diff --git a/server/social.coffee b/server/social.coffee
@@ -400,15 +400,17 @@ module.exports = exports = (log, loga, argv) ->
         false
 
       app.all '*', (req, res, next) ->
-        # todo: think about assets??
+        # don't protect site flag,
+        return next() if req.url is '/favicon.png'
         return next() unless /\.(json|html)$/.test req.url
 
         # prepare to examine remote server's forwarded session
         res.header 'Access-Control-Allow-Origin', req.get('Origin')||'*'
         res.header 'Access-Control-Allow-Credentials', 'true'
-        return next() if isAuthorized(req) || allowedToView(req)
+        # protect unclaimed by adding "add owner isnt ''" - maybe via parameter
+        return next() if isAuthorized(req) or allowedToView(req)
         return res.redirect("/view/#{m[1]}") if m = req.url.match /\/(.*)\.html/
-        return res.json([]) if req.url == '/system/sitemap.json'
+        return res.json(['Login Required']) if req.url == '/system/sitemap.json'
 
         # not happy, explain why these pages can't be viewed
         problem = "This is a restricted wiki requires users to login to view pages. You do not have to be the site owner but you do need to login with a participating email address."