From e6e81135a7cbabf79914cabf833cb4f7c2e43992 Mon Sep 17 00:00:00 2001 From: booo Date: Wed, 8 Feb 2012 15:52:13 +0100 Subject: [PATCH] remove code duplication --- node/routes/export.js | 21 +-------------------- node/routes/import.js | 20 +------------------- node/routes/preconditions.js | 31 ++++++++++++++++++++++++++++++- node/routes/readonly.js | 20 +------------------- 4 files changed, 33 insertions(+), 59 deletions(-) diff --git a/node/routes/export.js b/node/routes/export.js index c2fdf5090..9984e83aa 100644 --- a/node/routes/export.js +++ b/node/routes/export.js @@ -2,26 +2,7 @@ var ERR = require("async-stacktrace"); module.exports = function(app) { - //TODO put this into module - //checks for padAccess - function hasPadAccess(req, res, callback) - { - app.securityManager.checkAccess(req.params.pad, req.cookies.sessionid, req.cookies.token, req.cookies.password, function(err, accessObj) - { - if(ERR(err, callback)) return; - - //there is access, continue - if(accessObj.accessStatus == "grant") - { - callback(); - } - //no access - else - { - res.send("403 - Can't touch this", 403); - } - }); - } + var hasPadAccess = require('./preconditions').hasPadAccess(app); //serve timeslider.html under /p/$padname/timeslider app.get('/p/:pad/:rev?/export/:type', function(req, res, next) diff --git a/node/routes/import.js b/node/routes/import.js index ffcc9f4ee..f0f6e272f 100644 --- a/node/routes/import.js +++ b/node/routes/import.js @@ -2,26 +2,8 @@ var ERR = require("async-stacktrace"); module.exports = function(app) { - //TODO put this into module - //checks for padAccess - function hasPadAccess(req, res, callback) - { - app.securityManager.checkAccess(req.params.pad, req.cookies.sessionid, req.cookies.token, req.cookies.password, function(err, accessObj) - { - if(ERR(err, callback)) return; - //there is access, continue - if(accessObj.accessStatus == "grant") - { - callback(); - } - //no access - else - { - res.send("403 - Can't touch this", 403); - } - }); - } + var hasPadAccess = require('./preconditions').hasPadAccess(app); //handle import requests app.post('/p/:pad/import', function(req, res, next) diff --git a/node/routes/preconditions.js b/node/routes/preconditions.js index d3e2e4107..219f17c39 100644 --- a/node/routes/preconditions.js +++ b/node/routes/preconditions.js @@ -1,6 +1,8 @@ +var ERR = require('async-stacktrace'); + module.exports = function(app) { - //redirects browser to the pad's sanitized url if needed. otherwise, renders the html + //redirects browser to the pad's sanitized url if needed. otherwise, renders the html app.param('pad', function (req, res, next, padId) { //ensure the padname is valid and the url doesn't end with a / if(!app.padManager.isValidPadId(padId) || /\/$/.test(req.url)) @@ -26,3 +28,30 @@ module.exports = function(app) } }); }; + +module.exports.hasPadAccess = function(app) +{ + + //checks for padAccess + var hasPadAccess = function hasPadAccess(req, res, callback) + { + app.securityManager.checkAccess(req.params.pad, req.cookies.sessionid, req.cookies.token, req.cookies.password, function(err, accessObj) + { + if(ERR(err, callback)) return; + + //there is access, continue + if(accessObj.accessStatus == "grant") + { + callback(); + } + //no access + else + { + res.send("403 - Can't touch this", 403); + } + }); + }; + + return hasPadAccess; + +}; diff --git a/node/routes/readonly.js b/node/routes/readonly.js index d087e97c4..3970444f8 100644 --- a/node/routes/readonly.js +++ b/node/routes/readonly.js @@ -3,26 +3,8 @@ var ERR = require('async-stacktrace'); module.exports = function(app) { - //TODO put this into module - //checks for padAccess - function hasPadAccess(req, res, callback) - { - app.securityManager.checkAccess(req.params.pad, req.cookies.sessionid, req.cookies.token, req.cookies.password, function(err, accessObj) - { - if(ERR(err, callback)) return; - //there is access, continue - if(accessObj.accessStatus == "grant") - { - callback(); - } - //no access - else - { - res.send("403 - Can't touch this", 403); - } - }); - } + var hasPadAccess = require('./preconditions').hasPadAccess(app); //serve read only pad app.get('/ro/:id', function(req, res)