Merge pull request #28 from Wingysam/guest-passwords

Basic Guest Passwords
2022-10-03 11:04:53 -04:00 · 2022-10-03 11:04:53 -04:00 · 0e6420f714
commit 0e6420f714
parent 25c6a5da40 48dce2c5c4
10 changed files with 28 additions and 12 deletions
--- a/config/index.js
+++ b/config/index.js
@ -15,5 +15,6 @@ module.exports = {
  trustProxy: process.env.TRUST_PROXY === 'true' ? true : process.env.TRUST_PROXY || 'loopback',
  bulmaswatch: (process.env.BULMASWATCH || 'default').toLowerCase(),
  pfp: process.env.PFP !== 'false',
-  language: process.env.LANGUAGE?.toLowerCase() || 'en-us'
+  language: process.env.LANGUAGE?.toLowerCase() || 'en-us',
+  guestPassword: process.env.GUEST_PASSWORD
 }
--- a/languages/en-us.js
+++ b/languages/en-us.js
@ -160,6 +160,7 @@ module.exports.strings = {
  WISHLIST_PLEDGE_SUCCESS: 'Successfully pledged for item!',
  WISHLIST_PLEDGE: 'Pledge',
  WISHLIST_PLEDGED: pledgedBy => `Pledged for by ${pledgedBy}`,
+  WISHLIST_PLEDGED_GUEST: 'Pledged for by a guest user',
  WISHLIST_PRICE: 'Price',
  WISHLIST_REFRESH_GUARD: 'Invalid user',
  WISHLIST_REFRESH_NO_URL: 'Item has no URL.',
--- a/middlewares/publicRoute.js
+++ b/middlewares/publicRoute.js
@ -2,7 +2,7 @@ const verifyAuth = require('./verifyAuth')

 const publicMiddleware = () => global._CC.config.wishlist.public
  ? (req, res, next) => {
-      if (!req.user) req.user = { _id: 'Unknown' }
+      if (!req.user) req.user = { _id: '_CCUNKNOWN' }
      next()
    }
  : verifyAuth()
--- a/middlewares/verifyAuth.js
+++ b/middlewares/verifyAuth.js
@ -1,4 +1,6 @@
-const config = require('../config')
+const ROUGHLY_ONE_YEAR_IN_MILLISECONDS = 1000 * 60 * 60 * 24 * 30 * 12
+const COOKIE_NAME = 'christmas_community.guestpassword'
+
 module.exports = options => {
  return (req, res, next) => {
    options = options || {}
@ -9,6 +11,13 @@ module.exports = options => {
      return res.send('auth fail')
    }
    if (authed) return next()
-    res.redirect(options.failureRedirect || config.defaultFailureRedirect)
+    if (_CC.config.guestPassword && (req.query.pw === _CC.config.guestPassword || req.cookies[COOKIE_NAME] === _CC.config.guestPassword)) {
+      req.user = {
+        _id: '_CCUNKNOWN'
+      }
+      res.cookie(COOKIE_NAME, _CC.config.guestPassword, { maxAge: ROUGHLY_ONE_YEAR_IN_MILLISECONDS })
+      return next()
+    }
+    res.redirect(options.failureRedirect || _CC.config.defaultFailureRedirect)
  }
 }
--- a/package.json
+++ b/package.json
@ -22,6 +22,7 @@
    "chalk": "^4.1.2",
    "child-process-promise": "^2.2.1",
    "connect-flash": "^0.1.1",
+    "cookie-parser": "^1.4.6",
    "dompurify": "^2.3.1",
    "dotenv": "^10.0.0",
    "express": "4.17.1",
--- a/routes/index.js
+++ b/routes/index.js
@ -29,6 +29,7 @@ module.exports = ({ db, config }) => {
  const router = express.Router()

  router.use('/', express.static(path.join(__dirname, '../static')))
+  router.use(require('cookie-parser')())

  router.get('/',
    async (req, res, next) => {
--- a/views/includes/navbar.pug
+++ b/views/includes/navbar.pug
@ -21,7 +21,7 @@ nav.navbar.is-fixed-top(role='navigation', aria-label='main navigation',style='b
  .navbar-menu#navBarMenu
    .navbar-start
      if req.isAuthenticated()
-        if req.user._id === 'Unknown'
+        if req.user._id === '_CCUNKNOWN'
          .navbar-item
            a.button.is-primary(href='/login')= lang('NAVBAR_LOGIN')
        else
--- a/views/wishlist.pug
+++ b/views/wishlist.pug
@ -113,7 +113,10 @@ block content
                          .control.inline
                            input.inline.button(type='submit' value=lang('WISHLIST_UNPLEDGE'))
                    if item.pledgedBy && item.pledgedBy !== req.user._id
-                      span.ugc=lang('WISHLIST_PLEDGED', item.pledgedBy)
+                      if item.pledgedBy === '_CCUNKNOWN'
+                        span.ugc=lang('WISHLIST_PLEDGED_GUEST')
+                      else
+                        span.ugc=lang('WISHLIST_PLEDGED', item.pledgedBy)
                td(data-label='Delete Item')
                  form.inline(
                    method='POST',
--- a/views/wishlists.pug
+++ b/views/wishlists.pug
@ -2,7 +2,7 @@ extends layout.pug

 block content
  ul.noStyle.noLeftMargin
-    if req.user._id !== 'Unknown'
+    if req.user._id !== '_CCUNKNOWN'
      li
        a(href=`${_CC.config.base}wishlist/${req.user._id}`)
          .box
--- a/yarn.lock
+++ b/yarn.lock
@ -743,12 +743,12 @@
  "resolved" "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz"
  "version" "1.0.4"

-"cookie-parser@^1.4.3":
-  "integrity" "sha512-f13bPUj/gG/5mDr+xLmSxxDsB9DQiTIfhJS/sqjrmfAWiAN+x2O4i/XguTL9yDZ+/IFDanJ+5x7hC4CXT9Tdzw=="
-  "resolved" "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.5.tgz"
-  "version" "1.4.5"
+"cookie-parser@^1.4.3", "cookie-parser@^1.4.6":
+  "integrity" "sha512-z3IzaNjdwUC2olLIB5/ITd0/setiaFMLYiZJle7xg5Fe9KWAceil7xszYfHHBtDFYLSgJduS2Ty0P1uJdPDJeA=="
+  "resolved" "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.6.tgz"
+  "version" "1.4.6"
  dependencies:
-    "cookie" "0.4.0"
+    "cookie" "0.4.1"
    "cookie-signature" "1.0.6"

 "cookie-signature@1.0.6":