Fixed "allowed" support in secondary stores and post requests.
h3rald h3rald@h3rald.com
Tue, 12 May 2020 15:22:44 +0200
2 files changed,
5 insertions(+),
4 deletions(-)
M
src/litestorepkg/lib/core.nim
→
src/litestorepkg/lib/core.nim
@@ -755,7 +755,6 @@ result.file = file
result.middleware = newStringTable() if config != newJNull(): result.config = config - LOG.debug("Initializing store '$1'" % id) result.setup(true) result.initStore() if not LS.config.hasKey("stores"):
M
src/litestorepkg/lib/server.nim
→
src/litestorepkg/lib/server.nim
@@ -84,14 +84,16 @@ echo getCurrentExceptionMsg()
writeStackTrace() return resError(Http401, "Unauthorized - Invalid token") -proc isAllowed(resource, id, meth: string): bool = +proc isAllowed(LS: LiteStore, resource, id, meth: string): bool = if LS.config.kind != JObject or not LS.config.hasKey("resources"): return true var reqUri = "/" & resource & "/" & id + var lastItemOffset = 2 if reqUri[^1] == '/': + lastItemOffset = 1 reqUri.removeSuffix({'/'}) let parts = reqUri.split("/") - let ancestors = parts[1..parts.len-2] + let ancestors = parts[1..parts.len-lastItemOffset] var currentPath = "" var currentPaths = "" for p in ancestors:@@ -113,7 +115,7 @@ if reqUri[^1] == '/':
reqUri.removeSuffix({'/'}) let reqMethod = $req.reqMethod var jwt: JWT - if not isAllowed(info.resource, info.id, reqMethod): + if not LS.isAllowed(info.resource, info.id, reqMethod): return resError(Http405, "Method not allowed: $1" % reqMethod) # Authentication/Authorization if LS.auth != newJNull():