Move some values into configuration.rkt, and check if secured when retrieving the user from its cookie (ignore the cookie in http unless in dev mode).
This commit is contained in:
parent
ab80cf5ef9
commit
a02208ed74
|
@ -0,0 +1,12 @@
|
||||||
|
#lang racket/base
|
||||||
|
|
||||||
|
(provide
|
||||||
|
configuration:notepad:path
|
||||||
|
configuration:notepad:dev?
|
||||||
|
)
|
||||||
|
|
||||||
|
; Notepad configuration
|
||||||
|
; Path
|
||||||
|
(define configuration:notepad:path "./notepad")
|
||||||
|
; Development mode for notepad
|
||||||
|
(define configuration:notepad:dev? #f)
|
8
main.rkt
8
main.rkt
|
@ -18,7 +18,8 @@
|
||||||
"src/pages/flag.rkt"
|
"src/pages/flag.rkt"
|
||||||
"src/pages/road-map.rkt"
|
"src/pages/road-map.rkt"
|
||||||
"src/pages/island.rkt"
|
"src/pages/island.rkt"
|
||||||
"src/pages/notepad.rkt")
|
"src/pages/notepad.rkt"
|
||||||
|
"configuration.rkt")
|
||||||
; Website
|
; Website
|
||||||
(define *website*
|
(define *website*
|
||||||
(website
|
(website
|
||||||
|
@ -83,6 +84,7 @@
|
||||||
("edit" weblet pages:notepad:page-edit)
|
("edit" weblet pages:notepad:page-edit)
|
||||||
("edit/{page}" matching-weblet pages:notepad:page-edit)
|
("edit/{page}" matching-weblet pages:notepad:page-edit)
|
||||||
("delete/{page}" matching-weblet pages:notepad:page-delete)
|
("delete/{page}" matching-weblet pages:notepad:page-delete)
|
||||||
|
("preview" weblet pages:notepad:preview)
|
||||||
)
|
)
|
||||||
("media" symlink "/media/list"
|
("media" symlink "/media/list"
|
||||||
("list" weblet pages:notepad:media-list)
|
("list" weblet pages:notepad:media-list)
|
||||||
|
@ -152,8 +154,8 @@
|
||||||
(make-webcontainer
|
(make-webcontainer
|
||||||
#:static
|
#:static
|
||||||
(make-immutable-hash
|
(make-immutable-hash
|
||||||
'(("" . "./static")
|
`(("" . "./static")
|
||||||
("/media/get" . "./notepad/media")))))
|
("/media/get" . ,(string-append configuration:notepad:path "/media"))))))
|
||||||
(webcontainer-add-website! *webcontainer* *website*)
|
(webcontainer-add-website! *webcontainer* *website*)
|
||||||
(webcontainer-set-404-weblet! *webcontainer* pages:not-found)
|
(webcontainer-set-404-weblet! *webcontainer* pages:not-found)
|
||||||
(display "Starting server...")(newline)
|
(display "Starting server...")(newline)
|
||||||
|
|
|
@ -8,6 +8,7 @@
|
||||||
"../notepad/notepad.rkt"
|
"../notepad/notepad.rkt"
|
||||||
"../notepad/user.rkt"
|
"../notepad/user.rkt"
|
||||||
"../notepad/notes.rkt"
|
"../notepad/notes.rkt"
|
||||||
|
"../../configuration.rkt"
|
||||||
web-server/http/redirect
|
web-server/http/redirect
|
||||||
web-server/http/request-structs
|
web-server/http/request-structs
|
||||||
net/cookies/server
|
net/cookies/server
|
||||||
|
@ -32,12 +33,13 @@
|
||||||
pages:notepad:user-edit
|
pages:notepad:user-edit
|
||||||
)
|
)
|
||||||
|
|
||||||
; Notepad directory
|
|
||||||
(define notepad-dir "notepad")
|
|
||||||
; Dev mode
|
|
||||||
(define dev? #t)
|
|
||||||
; Notepad
|
; Notepad
|
||||||
(define notepad (make-notepad notepad-dir))
|
(define notepad (make-notepad configuration:notepad:path))
|
||||||
|
|
||||||
|
; Secured : either protocol is https or dev mode is active
|
||||||
|
(define (check-secured? param)
|
||||||
|
(or configuration:notepad:dev?
|
||||||
|
(eq? 'https (weblet-parameter-protocol param))))
|
||||||
|
|
||||||
; Cookie management
|
; Cookie management
|
||||||
; Cookie key
|
; Cookie key
|
||||||
|
@ -45,13 +47,9 @@
|
||||||
; User from weblet parameter
|
; User from weblet parameter
|
||||||
(define (get-user param)
|
(define (get-user param)
|
||||||
(define cookie (weblet-parameter-cookie-ref param *cookie-key*))
|
(define cookie (weblet-parameter-cookie-ref param *cookie-key*))
|
||||||
(and cookie (get-user-by-usercookie-value (string->bytes/utf-8 cookie))))
|
; Precondition: check-secured? must be #t
|
||||||
|
(and (check-secured? param)
|
||||||
|
cookie (get-user-by-usercookie-value (string->bytes/utf-8 cookie))))
|
||||||
; Secured : either protocol is https or dev mode is active
|
|
||||||
(define (check-secured? param)
|
|
||||||
(or dev?
|
|
||||||
(eq? 'https (weblet-parameter-protocol param))))
|
|
||||||
|
|
||||||
; Error pages
|
; Error pages
|
||||||
; Type to code + title + message
|
; Type to code + title + message
|
||||||
|
@ -103,9 +101,7 @@
|
||||||
#:content
|
#:content
|
||||||
(lambda (param)
|
(lambda (param)
|
||||||
(define connected-usr (get-user param))
|
(define connected-usr (get-user param))
|
||||||
(define secured? (check-secured? param))
|
(define notes (if connected-usr (get-all-notes) (get-public-notes)))
|
||||||
(define can-edit? (and connected-usr secured?))
|
|
||||||
(define notes (if can-edit? (get-all-notes) (get-public-notes)))
|
|
||||||
`(article
|
`(article
|
||||||
,@(if (null? notes)
|
,@(if (null? notes)
|
||||||
'("Pas de notes.")
|
'("Pas de notes.")
|
||||||
|
@ -115,7 +111,7 @@
|
||||||
,(if (note-public? n) "" "🔒︎ ")
|
,(if (note-public? n) "" "🔒︎ ")
|
||||||
,(note-title n))))
|
,(note-title n))))
|
||||||
notes))
|
notes))
|
||||||
,@(if can-edit?
|
,@(if connected-usr
|
||||||
'((hr)
|
'((hr)
|
||||||
(a ((href "/notes/edit")) "Ajouter une note"))
|
(a ((href "/notes/edit")) "Ajouter une note"))
|
||||||
'(""))
|
'(""))
|
||||||
|
@ -127,12 +123,10 @@
|
||||||
; If the page does not exists and user is logged in, redirect to the /notes/edit/xxx page.
|
; If the page does not exists and user is logged in, redirect to the /notes/edit/xxx page.
|
||||||
(define (pages:notepad:page-show param)
|
(define (pages:notepad:page-show param)
|
||||||
(define connected-usr (get-user param))
|
(define connected-usr (get-user param))
|
||||||
(define secured? (check-secured? param))
|
|
||||||
(define can-edit? (and connected-usr secured?))
|
|
||||||
(define page (weblet-parameter-ref param 'page #f))
|
(define page (weblet-parameter-ref param 'page #f))
|
||||||
(define note (get-note-by-name page))
|
(define note (get-note-by-name page))
|
||||||
(cond
|
(cond
|
||||||
( (and note (or (note-public? note) can-edit?))
|
( (and note (or (note-public? note) connected-usr))
|
||||||
( (pages:template
|
( (pages:template
|
||||||
#:title (note-title note)
|
#:title (note-title note)
|
||||||
#:author (note-author note)
|
#:author (note-author note)
|
||||||
|
@ -140,7 +134,7 @@
|
||||||
#:content
|
#:content
|
||||||
`(article
|
`(article
|
||||||
,@(format-note note)
|
,@(format-note note)
|
||||||
,@(if can-edit?
|
,@(if connected-usr
|
||||||
`((hr)
|
`((hr)
|
||||||
(a ((href ,(note-link 'edit page))) "Éditer") " — "
|
(a ((href ,(note-link 'edit page))) "Éditer") " — "
|
||||||
(a ((href ,(note-link 'delete page))) "Supprimer"))
|
(a ((href ,(note-link 'delete page))) "Supprimer"))
|
||||||
|
@ -150,7 +144,7 @@
|
||||||
( note
|
( note
|
||||||
; Note exists, but is private and user cannot edit it => not authorized
|
; Note exists, but is private and user cannot edit it => not authorized
|
||||||
(pages:notepad:error param 'unauthorized))
|
(pages:notepad:error param 'unauthorized))
|
||||||
( can-edit?
|
( connected-usr
|
||||||
; Page does not exists, but user can edit => redirect to page creation
|
; Page does not exists, but user can edit => redirect to page creation
|
||||||
(redirect-to
|
(redirect-to
|
||||||
(note-link 'edit page)
|
(note-link 'edit page)
|
||||||
|
@ -164,13 +158,12 @@
|
||||||
; Post => Save page
|
; Post => Save page
|
||||||
(define (pages:notepad:page-edit param)
|
(define (pages:notepad:page-edit param)
|
||||||
(define connected-usr (get-user param))
|
(define connected-usr (get-user param))
|
||||||
(define secured? (check-secured? param))
|
|
||||||
(define method (weblet-parameter-method param))
|
(define method (weblet-parameter-method param))
|
||||||
(define page (weblet-parameter-ref param 'page #f))
|
(define page (weblet-parameter-ref param 'page #f))
|
||||||
(define note (get-note-by-name page))
|
(define note (get-note-by-name page))
|
||||||
(define err? (equal? "t" (weblet-parameter-ref param 'error #f)))
|
(define err? (equal? "t" (weblet-parameter-ref param 'error #f)))
|
||||||
(cond
|
(cond
|
||||||
( (and connected-usr secured? (eq? method 'get))
|
( (and connected-usr (eq? method 'get))
|
||||||
; User connected, get method : read the page
|
; User connected, get method : read the page
|
||||||
(define title (or (and note (note-title note)) ""))
|
(define title (or (and note (note-title note)) ""))
|
||||||
(define content (or (and note (note-content note)) ""))
|
(define content (or (and note (note-content note)) ""))
|
||||||
|
@ -236,7 +229,7 @@
|
||||||
)
|
)
|
||||||
))
|
))
|
||||||
param))
|
param))
|
||||||
( (and page connected-usr secured? (eq? method 'post))
|
( (and page connected-usr (eq? method 'post))
|
||||||
(define continue? (equal? "t" (weblet-parameter-ref param 'continue #f)))
|
(define continue? (equal? "t" (weblet-parameter-ref param 'continue #f)))
|
||||||
(define page-name (weblet-parameter-ref param 'pagename #f))
|
(define page-name (weblet-parameter-ref param 'pagename #f))
|
||||||
(define new-note-title (weblet-parameter-ref param 'pagetitle #f))
|
(define new-note-title (weblet-parameter-ref param 'pagetitle #f))
|
||||||
|
@ -276,12 +269,11 @@
|
||||||
; Post => remove
|
; Post => remove
|
||||||
(define (pages:notepad:page-delete param)
|
(define (pages:notepad:page-delete param)
|
||||||
(define connected-usr (get-user param))
|
(define connected-usr (get-user param))
|
||||||
(define secured? (check-secured? param))
|
|
||||||
(define method (weblet-parameter-method param))
|
(define method (weblet-parameter-method param))
|
||||||
(define page (weblet-parameter-ref param 'page #f))
|
(define page (weblet-parameter-ref param 'page #f))
|
||||||
(define note (get-note-by-name page))
|
(define note (get-note-by-name page))
|
||||||
(cond
|
(cond
|
||||||
( (and note connected-usr secured? (eq? method 'get))
|
( (and note connected-usr (eq? method 'get))
|
||||||
; Method get => ask for confirmation
|
; Method get => ask for confirmation
|
||||||
( (pages:template
|
( (pages:template
|
||||||
#:title (string-append "Suppression de la page " page)
|
#:title (string-append "Suppression de la page " page)
|
||||||
|
@ -298,7 +290,7 @@
|
||||||
(formmethod "get")(value "Non, garder la page")))
|
(formmethod "get")(value "Non, garder la page")))
|
||||||
)))
|
)))
|
||||||
param))
|
param))
|
||||||
( (and note connected-usr secured? (eq? method 'post))
|
( (and note connected-usr (eq? method 'post))
|
||||||
; Method post => remove
|
; Method post => remove
|
||||||
(remove-note note)
|
(remove-note note)
|
||||||
; Redirect
|
; Redirect
|
||||||
|
@ -321,10 +313,8 @@
|
||||||
#:body
|
#:body
|
||||||
(lambda (param)
|
(lambda (param)
|
||||||
(define connected-usr (get-user param))
|
(define connected-usr (get-user param))
|
||||||
(define secured? (check-secured? param))
|
|
||||||
(define can-edit? (and connected-usr secured?))
|
|
||||||
(define content (weblet-parameter-ref param 'pagecontent #f))
|
(define content (weblet-parameter-ref param 'pagecontent #f))
|
||||||
(if (and can-edit? content)
|
(if (and connected-usr content)
|
||||||
`(article
|
`(article
|
||||||
,@(format-note-content content))
|
,@(format-note-content content))
|
||||||
""))))
|
""))))
|
||||||
|
@ -353,8 +343,6 @@
|
||||||
#:content
|
#:content
|
||||||
(lambda (param)
|
(lambda (param)
|
||||||
(define connected-usr (get-user param))
|
(define connected-usr (get-user param))
|
||||||
(define secured? (check-secured? param))
|
|
||||||
(define can-edit? (and connected-usr secured?))
|
|
||||||
(define files (notepad-list-media notepad))
|
(define files (notepad-list-media notepad))
|
||||||
`(article
|
`(article
|
||||||
,@(if (null? files)
|
,@(if (null? files)
|
||||||
|
@ -363,7 +351,7 @@
|
||||||
(lambda (x)
|
(lambda (x)
|
||||||
`(div (a ((href ,(media-link 'show x))) ,x)))
|
`(div (a ((href ,(media-link 'show x))) ,x)))
|
||||||
files))
|
files))
|
||||||
,@(if can-edit?
|
,@(if connected-usr
|
||||||
'((hr)
|
'((hr)
|
||||||
(a ((href "/media/new")) "Ajouter un fichier"))
|
(a ((href "/media/new")) "Ajouter un fichier"))
|
||||||
'(""))
|
'(""))
|
||||||
|
@ -374,8 +362,6 @@
|
||||||
; Show a given media of the notepad.
|
; Show a given media of the notepad.
|
||||||
(define (pages:notepad:media-show param)
|
(define (pages:notepad:media-show param)
|
||||||
(define connected-usr (get-user param))
|
(define connected-usr (get-user param))
|
||||||
(define secured? (check-secured? param))
|
|
||||||
(define can-edit? (and connected-usr secured?))
|
|
||||||
(define media (weblet-parameter-ref param 'media #f))
|
(define media (weblet-parameter-ref param 'media #f))
|
||||||
(define direct-link (media-link 'get media))
|
(define direct-link (media-link 'get media))
|
||||||
(cond
|
(cond
|
||||||
|
@ -391,7 +377,7 @@
|
||||||
( else
|
( else
|
||||||
'()))
|
'()))
|
||||||
(a ((href ,direct-link)) "Lien vers le fichier")
|
(a ((href ,direct-link)) "Lien vers le fichier")
|
||||||
,@(if can-edit?
|
,@(if connected-usr
|
||||||
`((hr)
|
`((hr)
|
||||||
(a ((href ,(media-link 'edit media))) "Éditer") " — "
|
(a ((href ,(media-link 'edit media))) "Éditer") " — "
|
||||||
(a ((href ,(media-link 'delete media))) "Supprimer"))
|
(a ((href ,(media-link 'delete media))) "Supprimer"))
|
||||||
|
@ -411,11 +397,10 @@
|
||||||
; Post => Process the upload, and show the media
|
; Post => Process the upload, and show the media
|
||||||
(define (pages:notepad:media-new param)
|
(define (pages:notepad:media-new param)
|
||||||
(define connected-usr (get-user param))
|
(define connected-usr (get-user param))
|
||||||
(define secured? (check-secured? param))
|
|
||||||
(define method (weblet-parameter-method param))
|
(define method (weblet-parameter-method param))
|
||||||
(define failed? (equal? "t" (weblet-parameter-ref param 'error #f)))
|
(define failed? (equal? "t" (weblet-parameter-ref param 'error #f)))
|
||||||
(cond
|
(cond
|
||||||
( (and connected-usr secured? (eq? method 'get))
|
( (and connected-usr (eq? method 'get))
|
||||||
; User connected, get method : new media form
|
; User connected, get method : new media form
|
||||||
( (pages:template
|
( (pages:template
|
||||||
#:title "Ajouter un fichier"
|
#:title "Ajouter un fichier"
|
||||||
|
@ -435,7 +420,7 @@
|
||||||
(value "Ajouter le fichier")))
|
(value "Ajouter le fichier")))
|
||||||
)))
|
)))
|
||||||
param))
|
param))
|
||||||
( (and connected-usr secured? (eq? method 'post))
|
( (and connected-usr (eq? method 'post))
|
||||||
(define filename (weblet-parameter-ref param 'filename #f))
|
(define filename (weblet-parameter-ref param 'filename #f))
|
||||||
(define in (and filename (weblet-parameter-file-port-ref param 'filename)))
|
(define in (and filename (weblet-parameter-file-port-ref param 'filename)))
|
||||||
; Save file
|
; Save file
|
||||||
|
@ -461,13 +446,12 @@
|
||||||
; Post => Process the upload, and show the media
|
; Post => Process the upload, and show the media
|
||||||
(define (pages:notepad:media-edit param)
|
(define (pages:notepad:media-edit param)
|
||||||
(define connected-usr (get-user param))
|
(define connected-usr (get-user param))
|
||||||
(define secured? (check-secured? param))
|
|
||||||
(define method (weblet-parameter-method param))
|
(define method (weblet-parameter-method param))
|
||||||
(define media (weblet-parameter-ref param 'media #f))
|
(define media (weblet-parameter-ref param 'media #f))
|
||||||
(define has-media? (notepad-has-media? notepad media))
|
(define has-media? (notepad-has-media? notepad media))
|
||||||
(define failed? (equal? "t" (weblet-parameter-ref param 'error #f)))
|
(define failed? (equal? "t" (weblet-parameter-ref param 'error #f)))
|
||||||
(cond
|
(cond
|
||||||
( (and has-media? connected-usr secured? (eq? method 'get))
|
( (and has-media? connected-usr (eq? method 'get))
|
||||||
; User connected, get method : edit media form
|
; User connected, get method : edit media form
|
||||||
( (pages:template
|
( (pages:template
|
||||||
#:title "Éditer un fichier"
|
#:title "Éditer un fichier"
|
||||||
|
@ -486,7 +470,7 @@
|
||||||
(value "Renommer le fichier")))
|
(value "Renommer le fichier")))
|
||||||
)))
|
)))
|
||||||
param))
|
param))
|
||||||
( (and has-media? connected-usr secured? (eq? method 'post))
|
( (and has-media? connected-usr (eq? method 'post))
|
||||||
(define filename (weblet-parameter-ref param 'filename #f))
|
(define filename (weblet-parameter-ref param 'filename #f))
|
||||||
(cond
|
(cond
|
||||||
( (and filename (not (equal? filename "")) (not (equal? filename media)))
|
( (and filename (not (equal? filename "")) (not (equal? filename media)))
|
||||||
|
@ -514,12 +498,11 @@
|
||||||
; Post => remove
|
; Post => remove
|
||||||
(define (pages:notepad:media-delete param)
|
(define (pages:notepad:media-delete param)
|
||||||
(define connected-usr (get-user param))
|
(define connected-usr (get-user param))
|
||||||
(define secured? (check-secured? param))
|
|
||||||
(define method (weblet-parameter-method param))
|
(define method (weblet-parameter-method param))
|
||||||
(define media (weblet-parameter-ref param 'media #f))
|
(define media (weblet-parameter-ref param 'media #f))
|
||||||
(define has-media? (notepad-has-media? notepad media))
|
(define has-media? (notepad-has-media? notepad media))
|
||||||
(cond
|
(cond
|
||||||
( (and has-media? connected-usr secured? (eq? method 'get))
|
( (and has-media? connected-usr (eq? method 'get))
|
||||||
; Method get => ask for confirmation
|
; Method get => ask for confirmation
|
||||||
( (pages:template
|
( (pages:template
|
||||||
#:title (string-append "Suppression du fichier " media)
|
#:title (string-append "Suppression du fichier " media)
|
||||||
|
@ -536,7 +519,7 @@
|
||||||
(formmethod "get")(value "Non, garder le fichier")))
|
(formmethod "get")(value "Non, garder le fichier")))
|
||||||
)))
|
)))
|
||||||
param))
|
param))
|
||||||
( (and has-media? connected-usr secured? (eq? method 'post))
|
( (and has-media? connected-usr (eq? method 'post))
|
||||||
; Method post => remove
|
; Method post => remove
|
||||||
(notepad-delete-media notepad media)
|
(notepad-delete-media notepad media)
|
||||||
(redirect-to
|
(redirect-to
|
||||||
|
@ -587,7 +570,6 @@
|
||||||
(define usr (get-user-by-name (weblet-parameter-ref param 'name #f)))
|
(define usr (get-user-by-name (weblet-parameter-ref param 'name #f)))
|
||||||
(define connected-usr (get-user param))
|
(define connected-usr (get-user param))
|
||||||
(define edition-possible? (same-user? usr connected-usr))
|
(define edition-possible? (same-user? usr connected-usr))
|
||||||
(define secured? (check-secured? param))
|
|
||||||
(cond
|
(cond
|
||||||
(usr
|
(usr
|
||||||
(make-immutable-hash
|
(make-immutable-hash
|
||||||
|
@ -610,10 +592,10 @@
|
||||||
))
|
))
|
||||||
(hr)
|
(hr)
|
||||||
,(cond
|
,(cond
|
||||||
( (and secured? (not connected-usr))
|
( (and (check-secured? param) (not connected-usr))
|
||||||
`(p (a ((href ,(user-link 'login (user-name usr))))
|
`(p (a ((href ,(user-link 'login (user-name usr))))
|
||||||
"Se connecter en tant que " ,(user-pseudo usr))))
|
"Se connecter en tant que " ,(user-pseudo usr))))
|
||||||
( (and secured? edition-possible?)
|
( edition-possible?
|
||||||
`(p (a ((href ,(string-append "/user/logout")))
|
`(p (a ((href ,(string-append "/user/logout")))
|
||||||
"Se déconnecter")))
|
"Se déconnecter")))
|
||||||
( #t
|
( #t
|
||||||
|
@ -698,7 +680,7 @@
|
||||||
#:expires (seconds->date (usercookie-expires usercookie))
|
#:expires (seconds->date (usercookie-expires usercookie))
|
||||||
#:domain (weblet-parameter-host param)
|
#:domain (weblet-parameter-host param)
|
||||||
#:path "/"
|
#:path "/"
|
||||||
#:secure? (not dev?)
|
#:secure? (not configuration:notepad:dev?)
|
||||||
#:http-only? #t))))
|
#:http-only? #t))))
|
||||||
))
|
))
|
||||||
( usr
|
( usr
|
||||||
|
@ -716,11 +698,9 @@
|
||||||
(define usr (get-user-by-name (weblet-parameter-ref param 'name #f)))
|
(define usr (get-user-by-name (weblet-parameter-ref param 'name #f)))
|
||||||
(define connected-usr (get-user param))
|
(define connected-usr (get-user param))
|
||||||
(define edition-possible? (same-user? usr connected-usr))
|
(define edition-possible? (same-user? usr connected-usr))
|
||||||
(define secured? (check-secured? param))
|
|
||||||
(define method (weblet-parameter-method param))
|
(define method (weblet-parameter-method param))
|
||||||
(cond
|
(cond
|
||||||
( (and edition-possible?
|
( (and edition-possible?
|
||||||
secured?
|
|
||||||
(eq? method 'post))
|
(eq? method 'post))
|
||||||
(define pseudo (weblet-parameter-ref param 'pseudo (user-pseudo usr)))
|
(define pseudo (weblet-parameter-ref param 'pseudo (user-pseudo usr)))
|
||||||
(define about (weblet-parameter-ref param 'about (user-about usr)))
|
(define about (weblet-parameter-ref param 'about (user-about usr)))
|
||||||
|
|
Loading…
Reference in New Issue