Commit 8a27995a authored by Nelson Gonçalves's avatar Nelson Gonçalves
Browse files

Bypass authorize for endpoints using /api

parent 78447232
var settings = require('ep_etherpad-lite/node/utils/Settings');
var padManager = require("ep_etherpad-lite/node/db/PadManager");
const settings = require('ep_etherpad-lite/node/utils/Settings');
const padManager = require("ep_etherpad-lite/node/db/PadManager");
const rateLimit = require("express-rate-limit");
var exportHandler = require('ep_etherpad-lite/node/handler/ExportHandler');
var importHandler = require('ep_etherpad-lite/node/handler/ImportHandler');
const exportHandler = require('ep_etherpad-lite/node/handler/ExportHandler');
const importHandler = require('ep_etherpad-lite/node/handler/ImportHandler');
const absolutePaths = require('ep_etherpad-lite/node/utils/AbsolutePaths');
const fs = require("fs");
const log4js = require('log4js');
var createHTTPError = require('http-errors');
laclasseLogger = log4js.getLogger("ep_laclasse");
//ensure we have an apikey
var apikey = null;
var apikeyFilename = absolutePaths.makeAbsolute("./APIKEY.txt");
const apikeyFilename = absolutePaths.makeAbsolute("./APIKEY.txt");
try {
apikey = fs.readFileSync(apikeyFilename,"utf8");
......@@ -25,13 +24,13 @@ settings.importExportRateLimiting.onLimitReached = function(req, res, options) {
laclasseLogger.warn(`Import/Export rate limiter triggered on "${req.originalUrl}" for IP address ${req.ip}`);
}
var limiter = rateLimit(settings.importExportRateLimiting);
const limiter = rateLimit(settings.importExportRateLimiting);
exports.expressCreateServer = function (hook_name, args, cb) {
// handle export requests
args.app.use('/laclasse/:pad/:rev?/export/:type', limiter);
args.app.get('/laclasse/:pad/:rev?/export/:type', async function(req, res, next) {
args.app.use('/api/laclasse/:pad/:rev?/export/:type', limiter);
args.app.get('/api/laclasse/:pad/:rev?/export/:type', async function(req, res, next) {
var types = ["pdf", "doc", "txt", "html", "odt", "etherpad"];
//send a 404 if we don't support this filetype
if (types.indexOf(req.params.type) == -1) {
......@@ -67,8 +66,8 @@ exports.expressCreateServer = function (hook_name, args, cb) {
});
// handle import requests
args.app.use('/laclasse/:pad/import', limiter);
args.app.post('/laclasse/:pad/import', async function(req, res, next) {
args.app.use('/api/laclasse/:pad/import', limiter);
args.app.post('/api/laclasse/:pad/import', async function(req, res, next) {
if (!(await padManager.doesPadExists(req.params.pad))) {
laclasseLogger.warn(`Laclasse tried to import into a pad that doesn't exist (${req.params.pad})`);
return next();
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment