CMU-17313Q · aadityanairaaq · Sep 3, 2024 · Sep 3, 2024 · Sep 5, 2024 · Sep 5, 2024
diff --git a/src/middleware/admin.js b/src/middleware/admin.js
@@ -1,8 +1,6 @@
 'use strict';
 
-
 const nconf = require('nconf');
-
 const user = require('../user');
 const meta = require('../meta');
 const plugins = require('../plugins');
@@ -19,53 +17,85 @@ const middleware = module.exports;
 middleware.buildHeader = helpers.try(async (req, res, next) => {
 	res.locals.renderAdminHeader = true;
 	if (req.method === 'GET') {
+		console.log('>>Overall Check........');
 		await require('./index').applyCSRFasync(req, res);
 	}
-
+	console.log('>>Load Check........');
 	res.locals.config = await controllers.admin.loadConfig(req);
 	next();
 });
 
 middleware.checkPrivileges = helpers.try(async (req, res, next) => {
-	// Kick out guests, obviously
-	if (req.uid <= 0) {
-		return controllers.helpers.notAllowed(req, res);
+	if (isGuest(req, res)) {
+		console.log('>>Guest Check Ran........');
+		return;
 	}
 
-	// Otherwise, check for privilege based on page (if not in mapping, deny access)
 	const path = req.path.replace(/^(\/api)?(\/v3)?\/admin\/?/g, '');
-	if (path) {
-		const privilege = privileges.admin.resolve(path);
-		if (!await privileges.admin.can(privilege, req.uid)) {
-			return controllers.helpers.notAllowed(req, res);
-		}
-	} else {
-		// If accessing /admin, check for any valid admin privs
-		const privilegeSet = await privileges.admin.get(req.uid);
-		if (!Object.values(privilegeSet).some(Boolean)) {
-			return controllers.helpers.notAllowed(req, res);
-		}
+	if (!(await hasPrivilegeForPath(req, path))) {
+		console.log('>>Prev Check Ran........');
+		return controllers.helpers.notAllowed(req, res);
 	}
 
-	// If user does not have password
-	const hasPassword = await user.hasPassword(req.uid);
-	if (!hasPassword) {
+	if (!await userHasPassword(req)) {
+		console.log('>>Check passwork Ran........');
 		return next();
 	}
 
-	// Reject if they need to re-login (due to ACP timeout), otherwise extend logout timer
-	const loginTime = req.session.meta ? req.session.meta.datetime : 0;
-	const adminReloginDuration = meta.config.adminReloginDuration * 60000;
-	const disabled = meta.config.adminReloginDuration === 0;
-	if (disabled || (loginTime && parseInt(loginTime, 10) > Date.now() - adminReloginDuration)) {
-		const timeLeft = parseInt(loginTime, 10) - (Date.now() - adminReloginDuration);
-		if (req.session.meta && timeLeft < Math.min(60000, adminReloginDuration)) {
-			req.session.meta.datetime += Math.min(60000, adminReloginDuration);
-		}
-
+	if (shouldRelogin(req)) {
+		console.log('>>relogin Ran........');
+		await handleRelogin(req, res);
+	} else {
+		console.log('>>relogin Ran........');
+		extendLogoutTimer(req);
 		return next();
 	}
+});
+
+// check if the user is a guest
+function isGuest(req, res) {
+	if (req.uid <= 0) {
+		console.log('>>Instance Ran........');
+		controllers.helpers.notAllowed(req, res);
+		return true;
+	}
+	console.log('>>Guest Check Ran........');
+	return false;
+}
 
+// check if the user has the necessary privilege for the requested path
+// code creation assisted
+async function hasPrivilegeForPath(req, path) {
+	if (path) {
+		console.log('>>PrevPath Check........');
+		const privilege = privileges.admin.resolve(path);
+		return await privileges.admin.can(privilege, req.uid);
+	}
+	console.log('>>No Prev Check........');
+	const privilegeSet = await privileges.admin.get(req.uid);
+	return Object.values(privilegeSet).some(Boolean);
+}
+
+// check if the user has password
+async function userHasPassword(req) {
+	console.log('>>Pass Check Ran........');
+	return await user.hasPassword(req.uid);
+}
+
+// determine if the user needs to relogin or not
+// code creation assisted
+function shouldRelogin(req) {
+	console.log('>>Relog Check Ran........');
+	const loginTime = req.session.meta ? req.session.meta.datetime : 0;
+	const adminReloginDuration = meta.config.adminReloginDuration * 60000;
+	return !(meta.config.adminReloginDuration === 0 ||
+	(loginTime && parseInt(loginTime, 10) > Date.now() - adminReloginDuration));
+}
+
+// handle relogin if necessary
+// code creation assisted
+async function handleRelogin(req, res) {
+	console.log('>>HandleReLogin Ran........');
 	let returnTo = req.path;
 	if (nconf.get('relative_path')) {
 		returnTo = req.path.replace(new RegExp(`^${nconf.get('relative_path')}`), '');
@@ -76,13 +106,24 @@ middleware.checkPrivileges = helpers.try(async (req, res, next) => {
 	req.session.forceLogin = 1;
 
 	await plugins.hooks.fire('response:auth.relogin', { req, res });
-	if (res.headersSent) {
-		return;
+	console.log('>>Instance Ran........');
+	if (!res.headersSent) {
+		if (res.locals.isAPI) {
+			controllers.helpers.formatApiResponse(401, res);
+		} else {
+			res.redirect(`${nconf.get('relative_path')}/login?local=1`);
+		}
 	}
+}
 
-	if (res.locals.isAPI) {
-		controllers.helpers.formatApiResponse(401, res);
-	} else {
-		res.redirect(`${nconf.get('relative_path')}/login?local=1`);
+// extend the user's logout timer
+// code creation assisted
+function extendLogoutTimer(req) {
+	console.log('>>Extend Ran........');
+	const loginTime = req.session.meta ? req.session.meta.datetime : 0;
+	const adminReloginDuration = meta.config.adminReloginDuration * 60000;
+	const timeLeft = parseInt(loginTime, 10) - (Date.now() - adminReloginDuration);
+	if (req.session.meta && timeLeft < Math.min(60000, adminReloginDuration)) {
+		req.session.meta.datetime += Math.min(60000, adminReloginDuration);
 	}
-});
+}