mirror of
https://github.com/ether/etherpad-lite.git
synced 2025-04-22 16:36:15 -04:00
8b0baa9679
* Move session validity check and session author ID fetch to a
separate function. This separate function can be used by hooks,
making it easier for them to properly determine the author ID.
* Rewrite the remainder of checkAccess. Benefits:
- The function is more readable and maintainable now.
- Vulnerability fix: Before, the session IDs in sessionCookie
were not validated when checking settings.requireSession. Now,
sessionCookie must identify a valid session for the
settings.requireSession test to pass.
- Bug fix: Before, checkAccess would sometimes use the author ID
associated with the token even if sessionCookie identified a
valid session. Now it always uses the author ID associated
with the session if available.
|
||
|---|---|---|
| .. | ||
| db | ||
| eejs | ||
| handler | ||
| hooks | ||
| utils | ||
| easysync_tests.js | ||
| padaccess.js | ||
| README.md | ||
| server.js | ||
| stats.js | ||
About the folder structure
- db - all modules that are accessing the data structure and are communicating directly to the database
- handler - all modules that respond directly to requests/messages of the browser
- utils - helper modules
Module name conventions
Module file names start with a capital letter and uses camelCase
Where does it start?
server.js is started directly