Skip to content

Commit

Permalink
add read/write permissions for sandstorm sharing
Browse files Browse the repository at this point in the history
  • Loading branch information
@mnutt
mnutt committed Nov 2, 2015
1 parent 9bd27ee commit f416a04
Show file tree
Hide file tree
Showing 4 changed files with 69 additions and 1 deletion.
1 change: 1 addition & 0 deletions .sandstorm/sandstorm-files.list
View file
Original file line number Diff line number Diff line change
Expand Up @@ -625,6 +625,7 @@ opt/app/server/dav/notify.js
opt/app/server/dav/root-delete.js
opt/app/server/dav/statvfs-shim.js
opt/app/server/index.js
opt/app/server/sandstorm_permissions.js
opt/app/tests
opt/app/tests/.jshintrc
opt/app/tests/helpers
Expand Down
16 changes: 15 additions & 1 deletion .sandstorm/sandstorm-pkgdef.capnp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,12 +93,26 @@ const pkgdef :Spk.PackageDefinition = (
# `spk dev` will write a list of all the files your app uses to this file.
# You should review it later, before shipping your app.

alwaysInclude = ["opt/app/dist"]
alwaysInclude = ["opt/app/dist"],
# Fill this list with more names of files or directories that should be
# included in your package, even if not listed in sandstorm-files.list.
# Use this to force-include stuff that you know you need but which may
# not have been detected as a dependency during `spk dev`. If you list
# a directory here, its entire contents will be included recursively.

bridgeConfig = (
apiPath = "/",
viewInfo = (
permissions = [(name = "view"), (name = "edit")],
roles = [(title = (defaultText = "viewer"),
permissions = [true,false],
verbPhrase = (defaultText = "can view files"),
default = true),
(title = (defaultText = "admin"),
permissions = [true,true],
verbPhrase = (defaultText = "can edit files"))],
)
)
);

const myCommand :Spk.Manifest.Command = (
Expand Down
4 changes: 4 additions & 0 deletions server/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,16 @@ var apiWs = require('./api-ws');
var dav = require('./dav');
var morgan = require('morgan');

var sandstormPermissions = require('./sandstorm_permissions');


module.exports = function(app, options) {
var root = path.resolve(process.env.STORAGE_PATH || (__dirname + "/../data"));

apiWs.serve(options.httpServer);

app.use(sandstormPermissions);

app.use(dav.server(root));
app.use('/status.php', dav.status);
app.use('/ocs/v1.php/cloud/capabilities', dav.capabilities);
Expand Down
49 changes: 49 additions & 0 deletions server/sandstorm_permissions.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
var davReadMethods = {
'GET': true,
'HEAD': true,
'OPTIONS': true,
'PROPFIND': true,
'REPORT': true
};

var webReadMethods = {
'GET': true,
'HEAD': true,
'OPTIONS': true
}

var validate = {
edit: function validateEdit(req) {
return true;
},

view: function validateView(req) {
return webReadMethods[req.method];
},

sync: function validateSync(req) {
return davReadMethods[req.method];
}
};

module.exports = function(req, res, next) {
var permissions = req.headers['x-sandstorm-permissions'];

if(permissions) {
permissions = permissions.split(',');

for(var i = 0; i < permissions.length; i++) {
var permission = permissions[i];
console.log(permission);
console.log(validate[permissions]);

if(validate[permission] && validate[permission](req)) {
return next();
}
}
res.writeHead(403, {});
res.end("Access denied.");
} else {
next();
}
};

0 comments on commit f416a04

Please sign in to comment.