Move some values into configuration.rkt, and check if secured when retrieving the user from its cookie (ignore the cookie in http unless in dev mode).
This commit is contained in:
parent
ab80cf5ef9
commit
a02208ed74
|
@ -0,0 +1,12 @@
|
|||
#lang racket/base
|
||||
|
||||
(provide
|
||||
configuration:notepad:path
|
||||
configuration:notepad:dev?
|
||||
)
|
||||
|
||||
; Notepad configuration
|
||||
; Path
|
||||
(define configuration:notepad:path "./notepad")
|
||||
; Development mode for notepad
|
||||
(define configuration:notepad:dev? #f)
|
8
main.rkt
8
main.rkt
|
@ -18,7 +18,8 @@
|
|||
"src/pages/flag.rkt"
|
||||
"src/pages/road-map.rkt"
|
||||
"src/pages/island.rkt"
|
||||
"src/pages/notepad.rkt")
|
||||
"src/pages/notepad.rkt"
|
||||
"configuration.rkt")
|
||||
; Website
|
||||
(define *website*
|
||||
(website
|
||||
|
@ -83,6 +84,7 @@
|
|||
("edit" weblet pages:notepad:page-edit)
|
||||
("edit/{page}" matching-weblet pages:notepad:page-edit)
|
||||
("delete/{page}" matching-weblet pages:notepad:page-delete)
|
||||
("preview" weblet pages:notepad:preview)
|
||||
)
|
||||
("media" symlink "/media/list"
|
||||
("list" weblet pages:notepad:media-list)
|
||||
|
@ -152,8 +154,8 @@
|
|||
(make-webcontainer
|
||||
#:static
|
||||
(make-immutable-hash
|
||||
'(("" . "./static")
|
||||
("/media/get" . "./notepad/media")))))
|
||||
`(("" . "./static")
|
||||
("/media/get" . ,(string-append configuration:notepad:path "/media"))))))
|
||||
(webcontainer-add-website! *webcontainer* *website*)
|
||||
(webcontainer-set-404-weblet! *webcontainer* pages:not-found)
|
||||
(display "Starting server...")(newline)
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
"../notepad/notepad.rkt"
|
||||
"../notepad/user.rkt"
|
||||
"../notepad/notes.rkt"
|
||||
"../../configuration.rkt"
|
||||
web-server/http/redirect
|
||||
web-server/http/request-structs
|
||||
net/cookies/server
|
||||
|
@ -32,12 +33,13 @@
|
|||
pages:notepad:user-edit
|
||||
)
|
||||
|
||||
; Notepad directory
|
||||
(define notepad-dir "notepad")
|
||||
; Dev mode
|
||||
(define dev? #t)
|
||||
; Notepad
|
||||
(define notepad (make-notepad notepad-dir))
|
||||
(define notepad (make-notepad configuration:notepad:path))
|
||||
|
||||
; Secured : either protocol is https or dev mode is active
|
||||
(define (check-secured? param)
|
||||
(or configuration:notepad:dev?
|
||||
(eq? 'https (weblet-parameter-protocol param))))
|
||||
|
||||
; Cookie management
|
||||
; Cookie key
|
||||
|
@ -45,13 +47,9 @@
|
|||
; User from weblet parameter
|
||||
(define (get-user param)
|
||||
(define cookie (weblet-parameter-cookie-ref param *cookie-key*))
|
||||
(and cookie (get-user-by-usercookie-value (string->bytes/utf-8 cookie))))
|
||||
|
||||
|
||||
; Secured : either protocol is https or dev mode is active
|
||||
(define (check-secured? param)
|
||||
(or dev?
|
||||
(eq? 'https (weblet-parameter-protocol param))))
|
||||
; Precondition: check-secured? must be #t
|
||||
(and (check-secured? param)
|
||||
cookie (get-user-by-usercookie-value (string->bytes/utf-8 cookie))))
|
||||
|
||||
; Error pages
|
||||
; Type to code + title + message
|
||||
|
@ -103,9 +101,7 @@
|
|||
#:content
|
||||
(lambda (param)
|
||||
(define connected-usr (get-user param))
|
||||
(define secured? (check-secured? param))
|
||||
(define can-edit? (and connected-usr secured?))
|
||||
(define notes (if can-edit? (get-all-notes) (get-public-notes)))
|
||||
(define notes (if connected-usr (get-all-notes) (get-public-notes)))
|
||||
`(article
|
||||
,@(if (null? notes)
|
||||
'("Pas de notes.")
|
||||
|
@ -115,7 +111,7 @@
|
|||
,(if (note-public? n) "" "🔒︎ ")
|
||||
,(note-title n))))
|
||||
notes))
|
||||
,@(if can-edit?
|
||||
,@(if connected-usr
|
||||
'((hr)
|
||||
(a ((href "/notes/edit")) "Ajouter une note"))
|
||||
'(""))
|
||||
|
@ -127,12 +123,10 @@
|
|||
; If the page does not exists and user is logged in, redirect to the /notes/edit/xxx page.
|
||||
(define (pages:notepad:page-show param)
|
||||
(define connected-usr (get-user param))
|
||||
(define secured? (check-secured? param))
|
||||
(define can-edit? (and connected-usr secured?))
|
||||
(define page (weblet-parameter-ref param 'page #f))
|
||||
(define note (get-note-by-name page))
|
||||
(cond
|
||||
( (and note (or (note-public? note) can-edit?))
|
||||
( (and note (or (note-public? note) connected-usr))
|
||||
( (pages:template
|
||||
#:title (note-title note)
|
||||
#:author (note-author note)
|
||||
|
@ -140,7 +134,7 @@
|
|||
#:content
|
||||
`(article
|
||||
,@(format-note note)
|
||||
,@(if can-edit?
|
||||
,@(if connected-usr
|
||||
`((hr)
|
||||
(a ((href ,(note-link 'edit page))) "Éditer") " — "
|
||||
(a ((href ,(note-link 'delete page))) "Supprimer"))
|
||||
|
@ -150,7 +144,7 @@
|
|||
( note
|
||||
; Note exists, but is private and user cannot edit it => not authorized
|
||||
(pages:notepad:error param 'unauthorized))
|
||||
( can-edit?
|
||||
( connected-usr
|
||||
; Page does not exists, but user can edit => redirect to page creation
|
||||
(redirect-to
|
||||
(note-link 'edit page)
|
||||
|
@ -164,13 +158,12 @@
|
|||
; Post => Save page
|
||||
(define (pages:notepad:page-edit param)
|
||||
(define connected-usr (get-user param))
|
||||
(define secured? (check-secured? param))
|
||||
(define method (weblet-parameter-method param))
|
||||
(define page (weblet-parameter-ref param 'page #f))
|
||||
(define note (get-note-by-name page))
|
||||
(define err? (equal? "t" (weblet-parameter-ref param 'error #f)))
|
||||
(cond
|
||||
( (and connected-usr secured? (eq? method 'get))
|
||||
( (and connected-usr (eq? method 'get))
|
||||
; User connected, get method : read the page
|
||||
(define title (or (and note (note-title note)) ""))
|
||||
(define content (or (and note (note-content note)) ""))
|
||||
|
@ -236,7 +229,7 @@
|
|||
)
|
||||
))
|
||||
param))
|
||||
( (and page connected-usr secured? (eq? method 'post))
|
||||
( (and page connected-usr (eq? method 'post))
|
||||
(define continue? (equal? "t" (weblet-parameter-ref param 'continue #f)))
|
||||
(define page-name (weblet-parameter-ref param 'pagename #f))
|
||||
(define new-note-title (weblet-parameter-ref param 'pagetitle #f))
|
||||
|
@ -276,12 +269,11 @@
|
|||
; Post => remove
|
||||
(define (pages:notepad:page-delete param)
|
||||
(define connected-usr (get-user param))
|
||||
(define secured? (check-secured? param))
|
||||
(define method (weblet-parameter-method param))
|
||||
(define page (weblet-parameter-ref param 'page #f))
|
||||
(define note (get-note-by-name page))
|
||||
(cond
|
||||
( (and note connected-usr secured? (eq? method 'get))
|
||||
( (and note connected-usr (eq? method 'get))
|
||||
; Method get => ask for confirmation
|
||||
( (pages:template
|
||||
#:title (string-append "Suppression de la page " page)
|
||||
|
@ -298,7 +290,7 @@
|
|||
(formmethod "get")(value "Non, garder la page")))
|
||||
)))
|
||||
param))
|
||||
( (and note connected-usr secured? (eq? method 'post))
|
||||
( (and note connected-usr (eq? method 'post))
|
||||
; Method post => remove
|
||||
(remove-note note)
|
||||
; Redirect
|
||||
|
@ -321,10 +313,8 @@
|
|||
#:body
|
||||
(lambda (param)
|
||||
(define connected-usr (get-user param))
|
||||
(define secured? (check-secured? param))
|
||||
(define can-edit? (and connected-usr secured?))
|
||||
(define content (weblet-parameter-ref param 'pagecontent #f))
|
||||
(if (and can-edit? content)
|
||||
(if (and connected-usr content)
|
||||
`(article
|
||||
,@(format-note-content content))
|
||||
""))))
|
||||
|
@ -353,8 +343,6 @@
|
|||
#:content
|
||||
(lambda (param)
|
||||
(define connected-usr (get-user param))
|
||||
(define secured? (check-secured? param))
|
||||
(define can-edit? (and connected-usr secured?))
|
||||
(define files (notepad-list-media notepad))
|
||||
`(article
|
||||
,@(if (null? files)
|
||||
|
@ -363,7 +351,7 @@
|
|||
(lambda (x)
|
||||
`(div (a ((href ,(media-link 'show x))) ,x)))
|
||||
files))
|
||||
,@(if can-edit?
|
||||
,@(if connected-usr
|
||||
'((hr)
|
||||
(a ((href "/media/new")) "Ajouter un fichier"))
|
||||
'(""))
|
||||
|
@ -374,8 +362,6 @@
|
|||
; Show a given media of the notepad.
|
||||
(define (pages:notepad:media-show param)
|
||||
(define connected-usr (get-user param))
|
||||
(define secured? (check-secured? param))
|
||||
(define can-edit? (and connected-usr secured?))
|
||||
(define media (weblet-parameter-ref param 'media #f))
|
||||
(define direct-link (media-link 'get media))
|
||||
(cond
|
||||
|
@ -391,7 +377,7 @@
|
|||
( else
|
||||
'()))
|
||||
(a ((href ,direct-link)) "Lien vers le fichier")
|
||||
,@(if can-edit?
|
||||
,@(if connected-usr
|
||||
`((hr)
|
||||
(a ((href ,(media-link 'edit media))) "Éditer") " — "
|
||||
(a ((href ,(media-link 'delete media))) "Supprimer"))
|
||||
|
@ -411,11 +397,10 @@
|
|||
; Post => Process the upload, and show the media
|
||||
(define (pages:notepad:media-new param)
|
||||
(define connected-usr (get-user param))
|
||||
(define secured? (check-secured? param))
|
||||
(define method (weblet-parameter-method param))
|
||||
(define failed? (equal? "t" (weblet-parameter-ref param 'error #f)))
|
||||
(cond
|
||||
( (and connected-usr secured? (eq? method 'get))
|
||||
( (and connected-usr (eq? method 'get))
|
||||
; User connected, get method : new media form
|
||||
( (pages:template
|
||||
#:title "Ajouter un fichier"
|
||||
|
@ -435,7 +420,7 @@
|
|||
(value "Ajouter le fichier")))
|
||||
)))
|
||||
param))
|
||||
( (and connected-usr secured? (eq? method 'post))
|
||||
( (and connected-usr (eq? method 'post))
|
||||
(define filename (weblet-parameter-ref param 'filename #f))
|
||||
(define in (and filename (weblet-parameter-file-port-ref param 'filename)))
|
||||
; Save file
|
||||
|
@ -461,13 +446,12 @@
|
|||
; Post => Process the upload, and show the media
|
||||
(define (pages:notepad:media-edit param)
|
||||
(define connected-usr (get-user param))
|
||||
(define secured? (check-secured? param))
|
||||
(define method (weblet-parameter-method param))
|
||||
(define media (weblet-parameter-ref param 'media #f))
|
||||
(define has-media? (notepad-has-media? notepad media))
|
||||
(define failed? (equal? "t" (weblet-parameter-ref param 'error #f)))
|
||||
(cond
|
||||
( (and has-media? connected-usr secured? (eq? method 'get))
|
||||
( (and has-media? connected-usr (eq? method 'get))
|
||||
; User connected, get method : edit media form
|
||||
( (pages:template
|
||||
#:title "Éditer un fichier"
|
||||
|
@ -486,7 +470,7 @@
|
|||
(value "Renommer le fichier")))
|
||||
)))
|
||||
param))
|
||||
( (and has-media? connected-usr secured? (eq? method 'post))
|
||||
( (and has-media? connected-usr (eq? method 'post))
|
||||
(define filename (weblet-parameter-ref param 'filename #f))
|
||||
(cond
|
||||
( (and filename (not (equal? filename "")) (not (equal? filename media)))
|
||||
|
@ -514,12 +498,11 @@
|
|||
; Post => remove
|
||||
(define (pages:notepad:media-delete param)
|
||||
(define connected-usr (get-user param))
|
||||
(define secured? (check-secured? param))
|
||||
(define method (weblet-parameter-method param))
|
||||
(define media (weblet-parameter-ref param 'media #f))
|
||||
(define has-media? (notepad-has-media? notepad media))
|
||||
(cond
|
||||
( (and has-media? connected-usr secured? (eq? method 'get))
|
||||
( (and has-media? connected-usr (eq? method 'get))
|
||||
; Method get => ask for confirmation
|
||||
( (pages:template
|
||||
#:title (string-append "Suppression du fichier " media)
|
||||
|
@ -536,7 +519,7 @@
|
|||
(formmethod "get")(value "Non, garder le fichier")))
|
||||
)))
|
||||
param))
|
||||
( (and has-media? connected-usr secured? (eq? method 'post))
|
||||
( (and has-media? connected-usr (eq? method 'post))
|
||||
; Method post => remove
|
||||
(notepad-delete-media notepad media)
|
||||
(redirect-to
|
||||
|
@ -587,7 +570,6 @@
|
|||
(define usr (get-user-by-name (weblet-parameter-ref param 'name #f)))
|
||||
(define connected-usr (get-user param))
|
||||
(define edition-possible? (same-user? usr connected-usr))
|
||||
(define secured? (check-secured? param))
|
||||
(cond
|
||||
(usr
|
||||
(make-immutable-hash
|
||||
|
@ -610,10 +592,10 @@
|
|||
))
|
||||
(hr)
|
||||
,(cond
|
||||
( (and secured? (not connected-usr))
|
||||
( (and (check-secured? param) (not connected-usr))
|
||||
`(p (a ((href ,(user-link 'login (user-name usr))))
|
||||
"Se connecter en tant que " ,(user-pseudo usr))))
|
||||
( (and secured? edition-possible?)
|
||||
( edition-possible?
|
||||
`(p (a ((href ,(string-append "/user/logout")))
|
||||
"Se déconnecter")))
|
||||
( #t
|
||||
|
@ -698,7 +680,7 @@
|
|||
#:expires (seconds->date (usercookie-expires usercookie))
|
||||
#:domain (weblet-parameter-host param)
|
||||
#:path "/"
|
||||
#:secure? (not dev?)
|
||||
#:secure? (not configuration:notepad:dev?)
|
||||
#:http-only? #t))))
|
||||
))
|
||||
( usr
|
||||
|
@ -716,11 +698,9 @@
|
|||
(define usr (get-user-by-name (weblet-parameter-ref param 'name #f)))
|
||||
(define connected-usr (get-user param))
|
||||
(define edition-possible? (same-user? usr connected-usr))
|
||||
(define secured? (check-secured? param))
|
||||
(define method (weblet-parameter-method param))
|
||||
(cond
|
||||
( (and edition-possible?
|
||||
secured?
|
||||
(eq? method 'post))
|
||||
(define pseudo (weblet-parameter-ref param 'pseudo (user-pseudo usr)))
|
||||
(define about (weblet-parameter-ref param 'about (user-about usr)))
|
||||
|
|
Loading…
Reference in New Issue