feature: retrict terminal access to unverified users

CodeNow · Sep 29, 2016 · 6058cfe · 6058cfe
1 parent 577ace9
commit 6058cfe
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 9 deletions.
diff --git a/lib/middleware/harbourmaster.js b/lib/middleware/harbourmaster.js
@@ -89,6 +89,14 @@ var harbourmaster = module.exports = {
     );
   },
 
+  setTermAccess: function (containerKey, allowTerm) {
+    return series(
+      hipacheHosts.create(),
+      hipacheHosts.model.setTermAccess(
+        'container', allowTerm)
+    );
+  },
+
   listDocklets: function (containerKey) {
     return series (
       hipacheHosts.create(),

diff --git a/lib/models/redis/HipacheHosts.js b/lib/models/redis/HipacheHosts.js
@@ -79,6 +79,20 @@ HipacheHosts.prototype.extendContainerLife = function (container, cb) {
   });
 };
 
+HipacheHosts.prototype.setTermAccess = function (container, allowTerm, cb) {
+  var serviceKey = ['frontend:', container.servicesToken, '.', configs.userContentDomain].join('');
+
+  redis.lrange(serviceKey, 0, 0, function(err, reply) {
+    serviceData = JSON.parse(reply[0]);
+    serviceData.allowTerm = allowTerm;
+    var strData = JSON.stringify(serviceData);
+
+    redis.multi()
+    .lset(serviceKey, 0, strData)
+    .exec(cb);
+  });
+};
+
 HipacheHosts.prototype.howMuchLife = function (container, cb) {
   var serviceKey = ['frontend:', container.servicesToken, '.', configs.userContentDomain].join('');
 

diff --git a/lib/rest/containers/index.js b/lib/rest/containers/index.js
@@ -16,6 +16,9 @@ var utils = require('middleware/utils');
 var mw = require('dat-middleware');
 var error = require('error');
 
+var flow = require('middleware-flow');
+var mwIf = flow.mwIf.bind(flow);
+
 var ternary = utils.ternary;
 var unless  = utils.unless;
 var series  = utils.series;
@@ -27,13 +30,6 @@ module.exports = function (baseUrl) {
   app.use(require('rest/containers/files')(path.join(baseUrl, ':containerId')));
   app.use(require('rest/containers/import')(path.join(baseUrl, 'import')));
 
-  var restrictUnverifiedUser =
-    series(
-      utils.unless(me.isVerified,
-        containers.model.unset('servicesToken'),
-        containers.model.unset('webToken') )
-      );
-
   app.post(baseUrl,
     me.isUser,
     query.require('from'),
@@ -56,7 +52,6 @@ module.exports = function (baseUrl) {
         containers.model.set('saved', true))),
     containers.model.save(),
     containers.model.unset('files'), // dont respond files
-    restrictUnverifiedUser,
     containers.respond);
 
   app.get(baseUrl,
@@ -73,7 +68,13 @@ module.exports = function (baseUrl) {
     containers.findById('params.containerId', { files: 0 }),
     containers.checkFound,
     or(me.isOwnerOf('container'), me.isModerator),
-    restrictUnverifiedUser,
+    mwIf(me.isModerator)
+    .then( // allow terminal to verified user
+      harbourmaster.setTermAccess('container', true)
+    )
+    .else( // deny terminal to unverified user
+      harbourmaster.setTermAccess('container', false)
+    ),
     containers.respond);
 
 // TODO: updateContainer needs rework, especially the commit interactions with harbourmaster..