Fix missing httpAdmin permissions for Pushbullet, twitter what3words and sensehatsim

fixes #244
2016-11-06 20:27:21 +00:00 · 2016-11-06 20:27:21 +00:00 · 7917ca8dcf
parent a7247e898a
commit 7917ca8dcf
4 changed files with 13 additions and 73 deletions
--- a/hardware/sensehatsim/sensehatsim.js
+++ b/hardware/sensehatsim/sensehatsim.js
@ -1,18 +1,3 @@
-/**
- * Copyright 2016 IBM Corp.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- **/

 module.exports = function(RED) {
    "use strict";
@ -66,8 +51,8 @@ module.exports = function(RED) {
                var wsPath = RED.settings.httpNodeRoot || "/";
                wsPath = wsPath + (wsPath.slice(-1) == "/" ? "":"/") + "sensehat-simulator/ws"

-                var storeListener = function(event,listener){
-                    if(event == "error" || event == "upgrade" || event == "listening"){
+                var storeListener = function(event,listener) {
+                    if (event == "error" || event == "upgrade" || event == "listening") {
                        wsServerListeners[event] = listener;
                    }
                }
@ -106,7 +91,7 @@ module.exports = function(RED) {
                    socket.on('close',function() {
                        delete wsConnections[id];
                    });
-                    socket.on('message',function(data,flags){
+                    socket.on('message',function(data,flags) {
                        var m;
                        var msg;
                        if ((m = LF_RE.exec(data)) !== null) {
@ -335,9 +320,9 @@ module.exports = function(RED) {
                                }
                            }
                            x = x0;
-                            while(x<=x1) {
+                            while (x<=x1) {
                                y = y0;
-                                while(y<=y1) {
+                                while (y<=y1) {
                                    expanded.push([x,y,col]);
                                    y++;
                                }
@ -389,7 +374,7 @@ module.exports = function(RED) {
    }
    RED.nodes.registerType("rpi-sensehatsim out",SenseHatOutNode);

-    RED.httpAdmin.get("/sensehat-simulator",function(req,res) {
+    RED.httpAdmin.get("/sensehat-simulator", RED.auth.needsPermission('sensehat-simulator.read'), function(req,res) {
        res.sendFile(path.join(__dirname,"public","index.html"));
    });
 }
--- a/parsers/what3words/what3words.js
+++ b/parsers/what3words/what3words.js
@ -1,18 +1,3 @@
-/**
- * Copyright 2014 IBM Corp.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- **/

 module.exports = function(RED) {
    "use strict";
@ -82,7 +67,7 @@ module.exports = function(RED) {

    var querystring = require('querystring');

-    RED.httpAdmin.get('/what3words/:id', function(req, res) {
+    RED.httpAdmin.get('/what3words/:id', RED.auth.needsPermission('what3words.read'), function(req, res) {
        var credentials = RED.nodes.getCredentials(req.params.id);
        if (credentials) {
            res.send(JSON.stringify({hasPassword:(credentials.pushkey && credentials.pushkey !== "")}));
@ -91,12 +76,12 @@ module.exports = function(RED) {
        }
    });

-    RED.httpAdmin.delete('/what3words/:id', function(req, res) {
+    RED.httpAdmin.delete('/what3words/:id', RED.auth.needsPermission('what3words.write'), function(req, res) {
        RED.nodes.deleteCredentials(req.params.id);
        res.send(200);
    });

-    RED.httpAdmin.post('/what3words/:id', function(req, res) {
+    RED.httpAdmin.post('/what3words/:id', RED.auth.needsPermission('what3words.write'), function(req, res) {
        var body = "";
        req.on('data', function(chunk) {
            body += chunk;
--- a/social/pushbullet/57-pushbullet.js
+++ b/social/pushbullet/57-pushbullet.js
@ -1,18 +1,3 @@
-/**
- * Copyright 2013,2016 IBM Corp.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- **/

 module.exports = function(RED) {
    "use strict";
@ -472,7 +457,7 @@ module.exports = function(RED) {
        }
    };

-    RED.httpAdmin.get('/pushbullet/:id/migrate', function(req, res) {
+    RED.httpAdmin.get('/pushbullet/:id/migrate', RED.auth.needsPermission('pushbullet.read'), function(req, res) {
        var node = RED.nodes.getNode(req.params.id);
        if (node && node.migrated) {
            if (req.query.save) {
@ -493,7 +478,7 @@ module.exports = function(RED) {
        }
    });

-    RED.httpAdmin.get('/pushbullet/:id/devices', function(req, res) {
+    RED.httpAdmin.get('/pushbullet/:id/devices', RED.auth.needsPermission('pushbullet.read'), function(req, res) {
        var config = RED.nodes.getNode(req.params.id);
        var cred = RED.nodes.getCredentials(req.params.id);
        var pb;
--- a/social/twitter/27-twitter.js
+++ b/social/twitter/27-twitter.js
@ -1,18 +1,3 @@
-/**
- * Copyright 2013, 2016 IBM Corp.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- **/

 module.exports = function(RED) {
    "use strict";
@ -411,7 +396,7 @@ module.exports = function(RED) {
        "HMAC-SHA1"
    );

-    RED.httpAdmin.get('/twitter-credentials/:id/auth', function(req, res) {
+    RED.httpAdmin.get('/twitter-credentials/:id/auth', RED.auth.needsPermission('twitter.read'), function(req, res) {
        var credentials = {};
        oa.getOAuthRequestToken({
            oauth_callback: req.query.callback
@ -429,7 +414,7 @@ module.exports = function(RED) {
        });
    });

-    RED.httpAdmin.get('/twitter-credentials/:id/auth/callback', function(req, res, next) {
+    RED.httpAdmin.get('/twitter-credentials/:id/auth/callback', RED.auth.needsPermission('twitter.read'), function(req, res, next) {
        var credentials = RED.nodes.getCredentials(req.params.id);
        credentials.oauth_verifier = req.query.oauth_verifier;