From 6087f3c8cdb2c50fa0105f0d82e4d6512dd22c3f Mon Sep 17 00:00:00 2001 From: Baris Usakli Date: Tue, 25 Jul 2017 12:54:23 -0400 Subject: [PATCH 1/3] test router fix --- src/plugins.js | 6 +++--- src/routes/index.js | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/plugins.js b/src/plugins.js index 9dbc5d04b9..57665cbe90 100644 --- a/src/plugins.js +++ b/src/plugins.js @@ -117,10 +117,10 @@ Plugins.reload = function (callback) { Plugins.reloadRoutes = function (callback) { var router = express.Router(); - var ensureLoggedIn = require('connect-ensure-login'); + // var ensureLoggedIn = require('connect-ensure-login'); - router.all('(/api/admin|/api/admin/*?)', middleware.isAdmin); - router.all('(/admin|/admin/*?)', ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login?local=1'), middleware.applyCSRF, middleware.isAdmin); + // router.all('(/api/admin|/api/admin/*?)', middleware.isAdmin); + // router.all('(/admin|/admin/*?)', ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login?local=1'), middleware.applyCSRF, middleware.isAdmin); router.hotswapId = 'plugins'; router.render = function () { diff --git a/src/routes/index.js b/src/routes/index.js index 9c933a63ca..f88ccb0f27 100644 --- a/src/routes/index.js +++ b/src/routes/index.js @@ -118,8 +118,8 @@ module.exports = function (app, middleware, hotswapIds, callback) { app.all(relativePath + '(/api/admin|/api/admin/*?)', middleware.isAdmin); app.all(relativePath + '(/admin|/admin/*?)', ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login?local=1'), middleware.applyCSRF, middleware.isAdmin); - router.all('(/api/admin|/api/admin/*?)', middleware.isAdmin); - router.all('(/admin|/admin/*?)', ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login?local=1'), middleware.applyCSRF, middleware.isAdmin); + // router.all('(/api/admin|/api/admin/*?)', middleware.isAdmin); + // router.all('(/admin|/admin/*?)', ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login?local=1'), middleware.applyCSRF, middleware.isAdmin); adminRoutes(router, middleware, controllers); metaRoutes(router, middleware, controllers); @@ -138,7 +138,7 @@ module.exports = function (app, middleware, hotswapIds, callback) { groupRoutes(router, middleware, controllers); for (x = 0; x < routers.length; x += 1) { - app.use(relativePath, routers[x]); + app.use(relativePath ? relativePath : '/', routers[x]); } if (process.env.NODE_ENV === 'development') { From c9c27b86c4d4e41a7fd2543a98db187f0cc38b6d Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Tue, 25 Jul 2017 13:50:37 -0400 Subject: [PATCH 2/3] added back logic to strip leading slashes, but after the fix to app.all --- src/middleware/index.js | 9 +++++++++ src/routes/index.js | 12 +++++------- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/src/middleware/index.js b/src/middleware/index.js index 2b39184b86..8b84fbae1b 100644 --- a/src/middleware/index.js +++ b/src/middleware/index.js @@ -34,6 +34,15 @@ require('./maintenance')(middleware); require('./user')(middleware); require('./headers')(middleware); +middleware.stripLeadingSlashes = function (req, res, next) { + var target = req.originalUrl.replace(nconf.get('relative_path'), ''); + if (target.startsWith('//')) { + res.redirect(nconf.get('relative_path') + target.replace(/^\/+/, '/')); + } else { + next(); + } +}; + middleware.pageView = function (req, res, next) { analytics.pageView({ ip: req.ip, diff --git a/src/routes/index.js b/src/routes/index.js index f88ccb0f27..5139dda53f 100644 --- a/src/routes/index.js +++ b/src/routes/index.js @@ -113,13 +113,11 @@ module.exports = function (app, middleware, hotswapIds, callback) { pluginRouter.hotswapId = 'plugins'; authRouter.hotswapId = 'auth'; - app.all(relativePath + '(/api|/api/*?)', middleware.prepareAPI); + app.all(relativePath + '(/+api|/+api/*?)', middleware.prepareAPI); + app.all(relativePath + '(/+api/admin|/+api/admin/*?)', middleware.isAdmin); + app.all(relativePath + '(/+admin|/+admin/*?)', ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login?local=1'), middleware.applyCSRF, middleware.isAdmin); - app.all(relativePath + '(/api/admin|/api/admin/*?)', middleware.isAdmin); - app.all(relativePath + '(/admin|/admin/*?)', ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login?local=1'), middleware.applyCSRF, middleware.isAdmin); - - // router.all('(/api/admin|/api/admin/*?)', middleware.isAdmin); - // router.all('(/admin|/admin/*?)', ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login?local=1'), middleware.applyCSRF, middleware.isAdmin); + app.use(middleware.stripLeadingSlashes); adminRoutes(router, middleware, controllers); metaRoutes(router, middleware, controllers); @@ -138,7 +136,7 @@ module.exports = function (app, middleware, hotswapIds, callback) { groupRoutes(router, middleware, controllers); for (x = 0; x < routers.length; x += 1) { - app.use(relativePath ? relativePath : '/', routers[x]); + app.use(relativePath || '/', routers[x]); } if (process.env.NODE_ENV === 'development') { From f59f48c6e1f8262ddc66f4ad09ed19461156be9e Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Tue, 25 Jul 2017 14:11:54 -0400 Subject: [PATCH 3/3] use setImmediate --- src/middleware/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/middleware/index.js b/src/middleware/index.js index 8b84fbae1b..720fa50771 100644 --- a/src/middleware/index.js +++ b/src/middleware/index.js @@ -39,7 +39,7 @@ middleware.stripLeadingSlashes = function (req, res, next) { if (target.startsWith('//')) { res.redirect(nconf.get('relative_path') + target.replace(/^\/+/, '/')); } else { - next(); + setImmediate(next); } };