jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

use defines for role names

Browse Source
This commit is contained in:
Girish Ramakrishnan
2016-04-25 10:26:26 -07:00
parent 2d27da89d2
commit 0ef0e010a3
2 changed files with 23 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/clients.js
+16 -2
View File
@@ -8,7 +8,14 @@ exports = module.exports = {
del: del,
getAllWithDetailsByUserId: getAllWithDetailsByUserId,
getClientTokensByUserId: getClientTokensByUserId,
delClientTokensByUserId: delClientTokensByUserId
delClientTokensByUserId: delClientTokensByUserId,
SCOPE_APPS: 'apps',
SCOPE_DEVELOPER: 'developer',
SCOPE_PROFILE: 'profile',
SCOPE_ROOT: 'root',
SCOPE_SETTINGS: 'settings',
SCOPE_USERS: 'users'
};
var assert = require('assert'),
@@ -47,7 +54,14 @@ ClientsError.INVALID_CLIENT = 'Invalid client';
function validateScope(scope) {
assert.strictEqual(typeof scope, 'string');
var VALID_SCOPES = [ 'root', 'profile', 'users', 'apps', 'developer', 'settings' ];
var VALID_SCOPES = [
exports.SCOPE_APPS,
exports.SCOPE_DEVELOPER,
exports.SCOPE_PROFILE,
exports.SCOPE_ROOT,
exports.SCOPE_SETTINGS,
exports.SCOPE_USERS
];
if (scope === '') return new ClientsError(ClientsError.INVALID_SCOPE);
if (scope === '*') return null;
src/server.js
+7 -6
View File
@@ -9,6 +9,7 @@ var assert = require('assert'),
async = require('async'),
auth = require('./auth.js'),
certificates = require('./certificates.js'),
clients = require('./clients.js'),
cloudron = require('./cloudron.js'),
cron = require('./cron.js'),
config = require('./config.js'),
@@ -65,12 +66,12 @@ function initializeExpressSync() {
var multipart = middleware.multipart({ maxFieldsSize: FIELD_LIMIT, limit: FILE_SIZE_LIMIT, timeout: FILE_TIMEOUT });
// scope middleware implicitly also adds bearer token verification
var rootScope = routes.oauth2.scope('root');
var profileScope = routes.oauth2.scope('profile');
var usersScope = routes.oauth2.scope('users');
var appsScope = routes.oauth2.scope('apps');
var developerScope = routes.oauth2.scope('developer');
var settingsScope = routes.oauth2.scope('settings');
var rootScope = routes.oauth2.scope(clients.SCOPE_ROOT);
var profileScope = routes.oauth2.scope(clients.SCOPE_PROFILE);
var usersScope = routes.oauth2.scope(clients.SCOPE_USERS);
var appsScope = routes.oauth2.scope(clients.SCOPE_APPS);
var developerScope = routes.oauth2.scope(clients.SCOPE_DEVELOPER);
var settingsScope = routes.oauth2.scope(clients.SCOPE_SETTINGS);
// csrf protection
var csrf = routes.oauth2.csrf;