Added 'restrictions' list in config to limit album access

Signed-off-by: James Ketrenos <james_git@ketrenos.com>
2018-09-20 21:04:15 -07:00 · 2018-09-20 21:04:15 -07:00 · 979c2387e1
commit 979c2387e1
parent e9fd50a054
2 changed files with 15 additions and 1 deletions
--- a/server/app.js
+++ b/server/app.js
@ -90,6 +90,21 @@ app.use(basePath, function(req, res, next) {
  if (!req.session || !req.session.user || !req.session.user.username) {
    return res.status(401).send("Unauthorized");
  }    
+
+  if (config.has("restrictions")) {
+    let allowed = config.get("restrictions");
+    if (!Array.isArray(allowed)) {
+      allowed = [ allowed ];
+    }
+    for (let i = 0; i < allowed.length; i++) {
+      if (allowed[i] == req.session.user.username) {
+        return next();
+      }
+    }
+    console.log("Unauthorized (logged in) access by user: " + req.session.user.username);
+    return res.status(401).send("Unauthorized");
+  }
+
  return next();
 });    

--- a/server/scanner.js
+++ b/server/scanner.js
@ -194,7 +194,6 @@ const mkdir = function (_path) {
      }

      return new Promise(function (resolve, reject) {
-        console.log("mkdir " + path);
        fs.mkdir(path, function (error) {
          if (error) {
            return reject(error);