From 09b2a3bba89c0df34ce86168a446debc08d55eaf Mon Sep 17 00:00:00 2001
From: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Date: Fri, 8 Oct 2021 13:24:04 -0700
Subject: [PATCH] Added unknownUserRootRedirect option, #3172

---
 meshcentral-config-schema.json |  1 +
 meshctrl.js                    |  2 +-
 webserver.js                   | 14 ++++++++++----
 3 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/meshcentral-config-schema.json b/meshcentral-config-schema.json
index 0764f823..8cd4994d 100644
--- a/meshcentral-config-schema.json
+++ b/meshcentral-config-schema.json
@@ -282,6 +282,7 @@
           "titlePicture": { "type": "string", "default": null, "description": "Web site .png logo file that is 450x66 in size placed in meshcentral-data that is used on the top of many pages." },
           "loginPicture": { "type": "string", "default": null, "description": "Web site .png logo file placed in meshcentral-data that used on the login page when sitestyle is 2." },
           "rootRedirect": { "type": "string", "default": null, "description": "Redirects HTTP root requests to this URL. When in use, direct users to /login to see the normal login page." },
+          "unknownUserRootRedirect": { "type": "string", "default": null, "description": "Redirects HTTP root requests to this URL only where user is not already logged in. When in use, direct users to /login to see the normal login page." },
           "userQuota": { "type": "integer" },
           "meshQuota": { "type": "integer" },
           "loginKey": { "type": [ "string", "array" ], "items": { "type": "string" }, "default": null, "description": "Requires that users add the value ?key=xxx in the URL in order to see the web site." },
diff --git a/meshctrl.js b/meshctrl.js
index 187876e4..6dbf32c8 100644
--- a/meshctrl.js
+++ b/meshctrl.js
@@ -837,7 +837,7 @@ if (args['_'].length == 0) {
                         var localISOTime = (new Date(Date.now() - tzoffset)).toISOString().slice(0, -5);
                         console.log("List sharing links for a specified device, Example usages:\r\n");
                         console.log(winRemoveSingleQuotes("  MeshCtrl DeviceSharing --id 'deviceid'"));
-                        console.log(winRemoveSingleQuotes("  MeshCtrl DeviceSharing --id 'deviceid' --remote abcdef"));
+                        console.log(winRemoveSingleQuotes("  MeshCtrl DeviceSharing --id 'deviceid' --remove abcdef"));
                         console.log(winRemoveSingleQuotes("  MeshCtrl DeviceSharing --id 'deviceid' --add Guest --start " + localISOTime + " --duration 30"));
                         console.log(winRemoveSingleQuotes("  MeshCtrl DeviceSharing --id 'deviceid' --add Guest --type terminal --consent prompt"));
                         console.log("\r\nRequired arguments:\r\n");
diff --git a/webserver.js b/webserver.js
index fe650411..3bd5f217 100644
--- a/webserver.js
+++ b/webserver.js
@@ -2435,6 +2435,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
             return;
         }
 
+        // If set and there is no user logged in, redirect the root page. Make sure not to redirect if /login is used
+        if ((typeof domain.unknownuserrootredirect == 'string') && ((req.session == null) || (req.session.userid == null))) {
+            var q = require('url').parse(req.url, true);
+            if (!q.pathname.endsWith('/login')) { res.redirect(domain.unknownuserrootredirect + getQueryPortion(req)); return; }
+        }
+        
         if ((domain.sspi != null) && ((req.query.login == null) || (obj.parent.loginCookieEncryptionKey == null))) {
             // Login using SSPI
             domain.sspi.authenticate(req, res, function (err) {
@@ -5642,13 +5648,13 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
             if ((parent.config.domains[i].dns != null) || (parent.config.domains[i].share != null)) { continue; } // This is a subdomain with a DNS name, no added HTTP bindings needed.
             var domain = parent.config.domains[i];
             var url = domain.url;
-            if (domain.rootredirect == null) {
+            if (typeof domain.rootredirect == 'string') {
+                // Root page redirects the user to a different URL
+                obj.app.get(url, handleRootRedirect);
+            } else {
                 // Present the login page as the root page
                 obj.app.get(url, handleRootRequest);
                 obj.app.post(url, handleRootPostRequest);
-            } else {
-                // Root page redirects the user to a different URL
-                obj.app.get(url, handleRootRedirect);
             }
             obj.app.get(url + 'refresh.ashx', function (req, res) { res.sendStatus(200); });
             if ((domain.myserver !== false) && ((domain.myserver == null) || (domain.myserver.backup === true))) { obj.app.get(url + 'backup.zip', handleBackupRequest); }