symkat/MeshMage
1
1
Fork 0
mirror of https://github.com/symkat/MeshMage.git synced 2025-02-28 15:54:47 +08:00
Code Issues Projects Releases Packages Wiki Activity

Downloads with authentication now.

Browse source
This commit is contained in:
Kaitlyn Parkhurst 2021-07-11 00:16:27 -07:00
parent 5df89f5057
commit d9c4531637
3 changed files with 31 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
Web/cpanfile
View file

@ -1,5 +1,6 @@
requires 'Minion';
requires 'Mojolicious::Plugin::XslateRenderer';
requires 'Mojolicious::Plugin::RenderFile';
requires 'Mojo::Pg';
requires 'MeshMage::DB';
requires 'Net::Subnet';

2
Web/files/secure_download/README.md Normal file
View file

@ -0,0 +1,2 @@
This directory contains static files for download, but require an
auth token or a logged in user account to access.

28
Web/lib/MeshMage/Web.pm
View file

@ -40,8 +40,10 @@ sub startup ($self) {
# Setup Plugins
$self->plugin( Minion => { Pg => 'postgresql://minion:minion@localhost:5433/minion' } );
$self->plugin( 'RenderFile' );
$self->plugin( 'MeshMage::Web::Plugin::MinionTasks' );
$self->plugin( 'MeshMage::Web::Plugin::Helpers' );
# Standard router.
my $r = $self->routes;
@ -50,6 +52,15 @@ sub startup ($self) {
# user.
my $auth = $r->under( '/' => sub ($c) {
# Hax: by-pass authentication with an X-Auth header.
#
# TODO: Add a bit to the DB so we can make values for
# an X-Auth when users are given the chance to download
# things with keys and such.
if ( $c->req->headers->header('X-Auth') ) {
return 1;
}
# Login via session cookie.
if ( $c->session('uid') ) {
my $person = $c->db->resultset('Person')->find( $c->session('uid') );
@ -76,6 +87,23 @@ sub startup ($self) {
# The /minion stuff is handled here because we needed to place it under $auth.
$self->plugin( 'Minion::Admin' => { route => $auth->under( '/minion' ) } );
# A secure static file area, the user will need to be authenticated.
$auth->get('/secure/#filename')->to( cb => sub ($c) {
my $filepath = sprintf( "%s/secure_download/%s", $c->files_dir, $c->param('filename') );
if ( ! -e $filepath ) {
$c->res->code( 404 );
$c->render( text => "No such file or directory.\n" );
return;
}
$c->render_file(
filepath => $filepath,
filename => $c->param('filename'),
);
});
# Send requests for / to the dashboard.
$auth->get('/')->to(cb => sub ($c) {
$c->redirect_to( $c->url_for('dashboard') )