diff options
Diffstat (limited to 'sandstorm.js')
| -rw-r--r-- | sandstorm.js | 84 |
1 files changed, 59 insertions, 25 deletions
diff --git a/sandstorm.js b/sandstorm.js index c430c3a8..a711a960 100644 --- a/sandstorm.js +++ b/sandstorm.js @@ -21,24 +21,13 @@ if (isSandstorm && Meteor.isServer) { permission: 'public', }; - // This function should probably be handled by `accounts-sandstorm` but - // apparently meteor-core misses an API to handle that cleanly, cf. - // https://github.com/meteor/meteor/blob/ff783e9a12ffa04af6fd163843a563c9f4bbe8c1/packages/accounts-base/accounts_server.js#L1143 - function updateUserAvatar(userId, avatarUrl) { - Users.update(userId, { - $set: { - 'profile.avatarUrl': avatarUrl, - }, - }); - } - function updateUserPermissions(userId, permissions) { const isActive = permissions.indexOf('participate') > -1; const isAdmin = permissions.indexOf('configure') > -1; const permissionDoc = { userId, isActive, isAdmin }; const boardMembers = Boards.findOne(sandstormBoard._id).members; - const memberIndex = _.indexOf(_.pluck(boardMembers, 'userId'), userId); + const memberIndex = _.pluck(boardMembers, 'userId').indexOf(userId); let modifier; if (memberIndex > -1) @@ -59,33 +48,28 @@ if (isSandstorm && Meteor.isServer) { // and the home page was accessible by pressing the back button of the // browser, a server-side redirection solves both of these issues. // - // XXX Maybe sandstorm manifest could provide some kind of "home URL"? + // XXX Maybe the sandstorm http-bridge could provide some kind of "home URL" + // in the manifest? const base = req.headers['x-sandstorm-base-path']; // XXX If this routing scheme changes, this will break. We should generate // the location URL using the router, but at the time of writing, the // it is only accessible on the client. - const path = `/boards/${sandstormBoard._id}/${sandstormBoard.slug}`; + const boardPath = `/b/${sandstormBoard._id}/${sandstormBoard.slug}`; res.writeHead(301, { - Location: base + path, + Location: base + boardPath, }); res.end(); // `accounts-sandstorm` populate the Users collection when new users - // accesses the document, but in case a already known user come back, we + // accesses the document, but in case a already known user comes back, we // need to update his associated document to match the request HTTP headers // informations. const user = Users.findOne({ 'services.sandstorm.id': req.headers['x-sandstorm-user-id'], }); if (user) { - const userId = user._id; - const avatarUrl = req.headers['x-sandstorm-user-picture']; - const permissions = req.headers['x-sandstorm-permissions'].split(',') || []; - - // XXX The user may also change his name, we should handle it. - updateUserAvatar(userId, avatarUrl); - updateUserPermissions(userId, permissions); + updateUserPermissions(user._id, user.permissions); } }); @@ -96,25 +80,75 @@ if (isSandstorm && Meteor.isServer) { // despite the appearances `userId` is null in this block. Users.after.insert((userId, doc) => { if (!Boards.findOne(sandstormBoard._id)) { - Boards.insert(sandstormBoard, {validate: false}); + Boards.insert(sandstormBoard, { validate: false }); Activities.update( { activityTypeId: sandstormBoard._id }, { $set: { userId: doc._id }} ); } + // We rely on username uniqueness for the user mention feature, but + // Sandstorm doesn't enforce this property -- see #352. Our strategy to + // generate unique usernames from the Sandstorm `preferredHandle` is to + // append a number that we increment until we generate a username that no + // one already uses (eg, 'max', 'max1', 'max2'). + function generateUniqueUsername(username, appendNumber) { + return username + String(appendNumber === 0 ? '' : appendNumber); + } + + const username = doc.services.sandstorm.preferredHandle; + let appendNumber = 0; + while (Users.findOne({ + _id: { $ne: doc._id }, + username: generateUniqueUsername(username, appendNumber), + })) { + appendNumber += 1; + } + + Users.update(doc._id, { + $set: { + username: generateUniqueUsername(username, appendNumber), + 'profile.fullname': doc.services.sandstorm.name, + }, + }); + updateUserPermissions(doc._id, doc.services.sandstorm.permissions); }); + + // LibreBoard v0.8 didn’t implement the Sandstorm sharing model and instead + // kept the visibility setting (“public” or “private”) in the UI as does the + // main Meteor application. We need to enforce “public” visibility as the + // sharing is now handled by Sandstorm. + // See https://github.com/wekan/wekan/issues/346 + Migrations.add('enforce-public-visibility-for-sandstorm', () => { + Boards.update('sandstorm', { $set: { permission: 'public' }}); + }); } if (isSandstorm && Meteor.isClient) { + // Since the Sandstorm grain is displayed in an iframe of the Sandstorm shell, + // we need to explicitly expose meta data like the page title or the URL path + // so that they could appear in the browser window. + // See https://docs.sandstorm.io/en/latest/developing/path/ + function updateSandstormMetaData(msg) { + return window.parent.postMessage(msg, '*'); + } + + FlowRouter.triggers.enter([({ path }) => { + updateSandstormMetaData({ setPath: path }); + }]); + + Tracker.autorun(() => { + updateSandstormMetaData({ setTitle: DocHead.getTitle() }); + }); + // XXX Hack. `Meteor.absoluteUrl` doesn't work in Sandstorm, since every // session has a different URL whereas Meteor computes absoluteUrl based on // the ROOT_URL environment variable. So we overwrite this function on a // sandstorm client to return relative paths instead of absolutes. const _absoluteUrl = Meteor.absoluteUrl; const _defaultOptions = Meteor.absoluteUrl.defaultOptions; - Meteor.absoluteUrl = (path, options) => { + Meteor.absoluteUrl = (path, options) => { // eslint-disable-line meteor/core const url = _absoluteUrl(path, options); return url.replace(/^https?:\/\/127\.0\.0\.1:[0-9]{2,5}/, ''); }; |