all repos — litestore @ bf9644df30eb49e13be0863d9c857e2f8f5a1b11

A minimalist nosql document store.

Fixed "allowed" support in secondary stores and post requests.
h3rald h3rald@h3rald.com
Tue, 12 May 2020 15:22:44 +0200
commit

bf9644df30eb49e13be0863d9c857e2f8f5a1b11

parent

4b6f3bb53591ced8ef6544b8216d81f3ec138354

2 files changed, 5 insertions(+), 4 deletions(-)

jump to
M src/litestorepkg/lib/core.nimsrc/litestorepkg/lib/core.nim

@@ -755,7 +755,6 @@ result.file = file

result.middleware = newStringTable() if config != newJNull(): result.config = config - LOG.debug("Initializing store '$1'" % id) result.setup(true) result.initStore() if not LS.config.hasKey("stores"):
M src/litestorepkg/lib/server.nimsrc/litestorepkg/lib/server.nim

@@ -84,14 +84,16 @@ echo getCurrentExceptionMsg()

writeStackTrace() return resError(Http401, "Unauthorized - Invalid token") -proc isAllowed(resource, id, meth: string): bool = +proc isAllowed(LS: LiteStore, resource, id, meth: string): bool = if LS.config.kind != JObject or not LS.config.hasKey("resources"): return true var reqUri = "/" & resource & "/" & id + var lastItemOffset = 2 if reqUri[^1] == '/': + lastItemOffset = 1 reqUri.removeSuffix({'/'}) let parts = reqUri.split("/") - let ancestors = parts[1..parts.len-2] + let ancestors = parts[1..parts.len-lastItemOffset] var currentPath = "" var currentPaths = "" for p in ancestors:

@@ -113,7 +115,7 @@ if reqUri[^1] == '/':

reqUri.removeSuffix({'/'}) let reqMethod = $req.reqMethod var jwt: JWT - if not isAllowed(info.resource, info.id, reqMethod): + if not LS.isAllowed(info.resource, info.id, reqMethod): return resError(Http405, "Method not allowed: $1" % reqMethod) # Authentication/Authorization if LS.auth != newJNull():