From ae50597ad420bc6a204ad8962e2737e4f220d76c Mon Sep 17 00:00:00 2001
From: Book Pauk <bookpauk@gmail.com>
Date: Sun, 6 Jan 2019 17:36:24 +0700
Subject: [PATCH] =?UTF-8?q?=D0=94=D0=BE=D1=80=D0=B0=D0=B2=D0=B1=D0=BE?=
 =?UTF-8?q?=D1=82=D0=BA=D0=B8=20=D0=BC=D0=B0=D1=80=D1=88=D1=80=D1=83=D1=82?=
 =?UTF-8?q?=D0=B8=D0=B7=D0=B0=D1=86=D0=B8=D0=B8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/config/base.js |  2 +-
 server/index.js       | 52 ++++++++++++++++++++++---------------------
 server/routes.js      | 37 +++++++++++++++++++++---------
 3 files changed, 54 insertions(+), 37 deletions(-)

diff --git a/server/config/base.js b/server/config/base.js
index d40e6c64..b613675c 100644
--- a/server/config/base.js
+++ b/server/config/base.js
@@ -25,7 +25,7 @@ module.exports = {
         },
         {
             name: '2',
-            mode: 'omnireader', //none, normal, site, reader, omnireader
+            mode: 'omnireader',
             ip: '0.0.0.0',
             port: '33081',
         },
diff --git a/server/index.js b/server/index.js
index fc33d2fc..978a817d 100644
--- a/server/index.js
+++ b/server/index.js
@@ -6,7 +6,6 @@ const log = getLog();
 
 const express = require('express');
 const compression = require('compression');
-const app = express();
 
 const SqliteConnectionPool = require('./core/SqliteConnectionPool');
 
@@ -16,33 +15,36 @@ async function main() {
     log('Opening database');
     await connPool.init();
 
-    let devModule = undefined;
-    if (config.branch == 'development') {
-        const devFileName = './dev.js'; //ignored by pkg -50Mb executable size
-        devModule = require(devFileName);
-        devModule.webpackDevMiddleware(app);
-    }
-
-    app.use(compression({ level: 1 }));
-    app.use(express.json());
-    if (devModule)
-        devModule.logQueries(app);
-    app.use(express.static(config.publicDir, { maxAge: '30d' }));
-
-    require('./routes').initRoutes(app, connPool, config);
-
-    if (devModule) {
-        devModule.logErrors(app);
-    } else {
-        app.use(function(err, req, res, next) {// eslint-disable-line no-unused-vars
-            log(LM_ERR, err.stack);
-            res.sendStatus(500);
-        });
-    }
-
     //servers
     for (let server of config.servers) {
         if (server.mode !== 'none') {
+            const app = express();
+            app.serverConfig = server;
+
+            let devModule = undefined;
+            if (config.branch == 'development') {
+                const devFileName = './dev.js'; //ignored by pkg -50Mb executable size
+                devModule = require(devFileName);
+                devModule.webpackDevMiddleware(app);
+            }
+
+            app.use(compression({ level: 1 }));
+            app.use(express.json());
+            if (devModule)
+                devModule.logQueries(app);
+            app.use(express.static(config.publicDir, { maxAge: '30d' }));
+
+            require('./routes').initRoutes(app, connPool, config);
+
+            if (devModule) {
+                devModule.logErrors(app);
+            } else {
+                app.use(function(err, req, res, next) {// eslint-disable-line no-unused-vars
+                    log(LM_ERR, err.stack);
+                    res.sendStatus(500);
+                });
+            }
+
             app.listen(server.port, server.ip, function() {
                 log(`Server-${server.name} is ready on ${server.ip}:${server.port}, mode: ${server.mode}`);
             });
diff --git a/server/routes.js b/server/routes.js
index 30b6115d..f47330b1 100644
--- a/server/routes.js
+++ b/server/routes.js
@@ -3,23 +3,38 @@ const c = require('./controllers');
 function initRoutes(app, connPool, config) {
     const misc = new c.MiscController(connPool, config);
 
+    //access
+    const serverMode = app.serverConfig.mode;
+    const [all, normal, site, reader, omnireader] = // eslint-disable-line no-unused-vars
+        [serverMode, 'normal', 'site', 'reader', 'omnireader'];
+
+    //routes
     const routes = [
-        ['POST', '/api/config', misc, 'getConfig', {}],
+        ['POST', '/api/config', misc.getConfig.bind(misc), [all], {}],
     ];
 
+    //to app
     for (let route of routes) {
-        const [httpMethod, path, controller, handler, options] = route;
+        let [httpMethod, path, controller, access, options] = route;
+        access = new Set(access);
 
-        const callback = async function(req, res) {
-            try {
-                const result = await controller[handler](req, res, options);
+        let callback = () => {};
+        if (access.has(serverMode)) {//allowed
+            callback = async function(req, res) {
+                try {
+                    const result = await controller(req, res, options);
 
-                if (result !== false)
-                    res.send(result);
-            } catch (e) {
-                res.status(500).send({error: e.message});
-            }
-        };
+                    if (result !== false)
+                        res.send(result);
+                } catch (e) {
+                    res.status(500).send({error: e.message});
+                }
+            };
+        } else {//forbidden
+            callback = async function(req, res) {
+                res.status(403);
+            };
+        }
 
         switch (httpMethod) {
             case 'GET' :