clientManager: don't write user configs outside of lounge's users dir

This commit is contained in:
William Boman 2016-04-02 23:19:57 +02:00
parent 7cf09b70ef
commit 5e38060567

View File

@ -3,6 +3,7 @@ var fs = require("fs");
var Client = require("./client"); var Client = require("./client");
var mkdirp = require("mkdirp"); var mkdirp = require("mkdirp");
var Helper = require("./helper"); var Helper = require("./helper");
var path = require("path");
module.exports = ClientManager; module.exports = ClientManager;
@ -67,19 +68,25 @@ ClientManager.prototype.addUser = function(name, password) {
return false; return false;
} }
try { try {
var path = Helper.HOME + "/users"; var usersPath = path.join(Helper.HOME, "users");
mkdirp.sync(usersPath);
if (path.basename(name) !== name) {
throw new Error(name + " is an invalid username.");
}
var user = { var user = {
user: name, user: name,
password: password || "", password: password || "",
log: false, log: false,
networks: [] networks: []
}; };
mkdirp.sync(path);
fs.writeFileSync( fs.writeFileSync(
path + "/" + name + ".json", path.join(usersPath, name + ".json"),
JSON.stringify(user, null, " ") JSON.stringify(user, null, " ")
); );
} catch (e) { } catch (e) {
log.error("Failed to add user " + name, e);
throw e; throw e;
} }
return true; return true;