1
0
mirror of https://github.com/node-red/node-red-nodes.git synced 2023-10-10 13:36:58 +02:00

Fix missing httpAdmin permissions for Pushbullet, twitter what3words and sensehatsim

fixes #244
This commit is contained in:
Dave Conway-Jones 2016-11-06 20:27:21 +00:00
parent a7247e898a
commit 7917ca8dcf
4 changed files with 13 additions and 73 deletions

View File

@ -1,18 +1,3 @@
/**
* Copyright 2016 IBM Corp.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
module.exports = function(RED) { module.exports = function(RED) {
"use strict"; "use strict";
@ -66,8 +51,8 @@ module.exports = function(RED) {
var wsPath = RED.settings.httpNodeRoot || "/"; var wsPath = RED.settings.httpNodeRoot || "/";
wsPath = wsPath + (wsPath.slice(-1) == "/" ? "":"/") + "sensehat-simulator/ws" wsPath = wsPath + (wsPath.slice(-1) == "/" ? "":"/") + "sensehat-simulator/ws"
var storeListener = function(event,listener){ var storeListener = function(event,listener) {
if(event == "error" || event == "upgrade" || event == "listening"){ if (event == "error" || event == "upgrade" || event == "listening") {
wsServerListeners[event] = listener; wsServerListeners[event] = listener;
} }
} }
@ -106,7 +91,7 @@ module.exports = function(RED) {
socket.on('close',function() { socket.on('close',function() {
delete wsConnections[id]; delete wsConnections[id];
}); });
socket.on('message',function(data,flags){ socket.on('message',function(data,flags) {
var m; var m;
var msg; var msg;
if ((m = LF_RE.exec(data)) !== null) { if ((m = LF_RE.exec(data)) !== null) {
@ -335,9 +320,9 @@ module.exports = function(RED) {
} }
} }
x = x0; x = x0;
while(x<=x1) { while (x<=x1) {
y = y0; y = y0;
while(y<=y1) { while (y<=y1) {
expanded.push([x,y,col]); expanded.push([x,y,col]);
y++; y++;
} }
@ -389,7 +374,7 @@ module.exports = function(RED) {
} }
RED.nodes.registerType("rpi-sensehatsim out",SenseHatOutNode); RED.nodes.registerType("rpi-sensehatsim out",SenseHatOutNode);
RED.httpAdmin.get("/sensehat-simulator",function(req,res) { RED.httpAdmin.get("/sensehat-simulator", RED.auth.needsPermission('sensehat-simulator.read'), function(req,res) {
res.sendFile(path.join(__dirname,"public","index.html")); res.sendFile(path.join(__dirname,"public","index.html"));
}); });
} }

View File

@ -1,18 +1,3 @@
/**
* Copyright 2014 IBM Corp.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
module.exports = function(RED) { module.exports = function(RED) {
"use strict"; "use strict";
@ -82,7 +67,7 @@ module.exports = function(RED) {
var querystring = require('querystring'); var querystring = require('querystring');
RED.httpAdmin.get('/what3words/:id', function(req, res) { RED.httpAdmin.get('/what3words/:id', RED.auth.needsPermission('what3words.read'), function(req, res) {
var credentials = RED.nodes.getCredentials(req.params.id); var credentials = RED.nodes.getCredentials(req.params.id);
if (credentials) { if (credentials) {
res.send(JSON.stringify({hasPassword:(credentials.pushkey && credentials.pushkey !== "")})); res.send(JSON.stringify({hasPassword:(credentials.pushkey && credentials.pushkey !== "")}));
@ -91,12 +76,12 @@ module.exports = function(RED) {
} }
}); });
RED.httpAdmin.delete('/what3words/:id', function(req, res) { RED.httpAdmin.delete('/what3words/:id', RED.auth.needsPermission('what3words.write'), function(req, res) {
RED.nodes.deleteCredentials(req.params.id); RED.nodes.deleteCredentials(req.params.id);
res.send(200); res.send(200);
}); });
RED.httpAdmin.post('/what3words/:id', function(req, res) { RED.httpAdmin.post('/what3words/:id', RED.auth.needsPermission('what3words.write'), function(req, res) {
var body = ""; var body = "";
req.on('data', function(chunk) { req.on('data', function(chunk) {
body += chunk; body += chunk;

View File

@ -1,18 +1,3 @@
/**
* Copyright 2013,2016 IBM Corp.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
module.exports = function(RED) { module.exports = function(RED) {
"use strict"; "use strict";
@ -472,7 +457,7 @@ module.exports = function(RED) {
} }
}; };
RED.httpAdmin.get('/pushbullet/:id/migrate', function(req, res) { RED.httpAdmin.get('/pushbullet/:id/migrate', RED.auth.needsPermission('pushbullet.read'), function(req, res) {
var node = RED.nodes.getNode(req.params.id); var node = RED.nodes.getNode(req.params.id);
if (node && node.migrated) { if (node && node.migrated) {
if (req.query.save) { if (req.query.save) {
@ -493,7 +478,7 @@ module.exports = function(RED) {
} }
}); });
RED.httpAdmin.get('/pushbullet/:id/devices', function(req, res) { RED.httpAdmin.get('/pushbullet/:id/devices', RED.auth.needsPermission('pushbullet.read'), function(req, res) {
var config = RED.nodes.getNode(req.params.id); var config = RED.nodes.getNode(req.params.id);
var cred = RED.nodes.getCredentials(req.params.id); var cred = RED.nodes.getCredentials(req.params.id);
var pb; var pb;

View File

@ -1,18 +1,3 @@
/**
* Copyright 2013, 2016 IBM Corp.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
module.exports = function(RED) { module.exports = function(RED) {
"use strict"; "use strict";
@ -411,7 +396,7 @@ module.exports = function(RED) {
"HMAC-SHA1" "HMAC-SHA1"
); );
RED.httpAdmin.get('/twitter-credentials/:id/auth', function(req, res) { RED.httpAdmin.get('/twitter-credentials/:id/auth', RED.auth.needsPermission('twitter.read'), function(req, res) {
var credentials = {}; var credentials = {};
oa.getOAuthRequestToken({ oa.getOAuthRequestToken({
oauth_callback: req.query.callback oauth_callback: req.query.callback
@ -429,7 +414,7 @@ module.exports = function(RED) {
}); });
}); });
RED.httpAdmin.get('/twitter-credentials/:id/auth/callback', function(req, res, next) { RED.httpAdmin.get('/twitter-credentials/:id/auth/callback', RED.auth.needsPermission('twitter.read'), function(req, res, next) {
var credentials = RED.nodes.getCredentials(req.params.id); var credentials = RED.nodes.getCredentials(req.params.id);
credentials.oauth_verifier = req.query.oauth_verifier; credentials.oauth_verifier = req.query.oauth_verifier;