Geoffrey Roberts
93cbc6c770
Changed to resolve intermittent errors where I'd see the following in my logs: ```text ERROR -- : app error: undefined method `wiki_options' for Precious::App:Class (NoMethodError) ERROR -- : /home/gollum/production/releases/20141229-172128/vendor/bundle/ruby/2.0.0/gems/gollum-3.1.1.1anchor4/lib/gollum/editing_auth.rb:10:in `call' ERROR -- : /home/gollum/production/releases/20141229-172128/vendor/bundle/ruby/2.0.0/gems/rack-protection-1.5.3/lib/rack/protection/xss_header.rb:18:in `call' ... ``` I suspect this is the case for Sinatra applications that host instances of Gollum using its `map` feature, as this reflects the production setup we're using it in. Calling @app.settings.wiki_options uses the app instance that gets passed into Precious::EditingAuth, thereby ensuring that we're getting a Gollum instance all the time.
35 lines
933 B
Ruby
35 lines
933 B
Ruby
module Precious
|
|
class EditingAuth < Sinatra::Base
|
|
def initialize(app)
|
|
@app = app
|
|
end
|
|
|
|
def call(env)
|
|
@env = env
|
|
# Blocks all potentially editable pages. Use EditingAuth::whitelist_pages to unblock pages.
|
|
unless (env["REQUEST_METHOD"] == "GET") || @app.settings.wiki_options[:allow_editing]
|
|
return block unless excluded_page?
|
|
end
|
|
@app.call(env)
|
|
end
|
|
|
|
def block
|
|
[403, {'Content-Type' => 'text/html', 'Content-Length' => '9'}, ['Forbidden']]
|
|
end
|
|
|
|
def excluded_page?
|
|
return false if env["REQUEST_PATH"].nil?
|
|
whitelist_pages.any? do |whitelisted_page|
|
|
env["REQUEST_PATH"].include? whitelisted_page
|
|
end
|
|
end
|
|
|
|
private
|
|
# List pages paths as str that you want to whitelist.
|
|
# Pages will be compared with env["REQUEST_PATH"] using String::include? method.
|
|
def whitelist_pages
|
|
return ["/compare/"]
|
|
end
|
|
end
|
|
end
|