From 27eaa5add5ddfc97053afe41fb44c1116c36addb Mon Sep 17 00:00:00 2001
From: Fabian Jakobs <fabian@c9.io>
Date: Mon, 12 Oct 2015 12:22:25 +0000
Subject: [PATCH 1/5] implement new user content auth for preview

---
 plugins/c9.preview/preview.handler.js | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/plugins/c9.preview/preview.handler.js b/plugins/c9.preview/preview.handler.js
index d59b24bd..3bf1f351 100644
--- a/plugins/c9.preview/preview.handler.js
+++ b/plugins/c9.preview/preview.handler.js
@@ -39,7 +39,13 @@ define(function(require, exports, module) {
                     session.ws = {};
     
                 req.projectSession = session.ws[ws];
-                if (!req.projectSession || !req.projectSession.expires || req.projectSession.expires <= Date.now()) {
+                
+                if (
+                    !req.projectSession || 
+                    !req.projectSession.expires || 
+                    req.projectSession.expires <= Date.now() ||
+                    req.projectSession.uid != req.user.id
+                ) {
                     req.projectSession = session.ws[ws] = {
                         expires: Date.now() + 10000
                     };
@@ -77,6 +83,7 @@ define(function(require, exports, module) {
                         }
                         req.projectSession.role = role;
                         req.projectSession.pid = project.id;
+                        req.projectSession.uid = req.user.id;
                         
                         var type = project.scm;
                         req.projectSession.type = type;
@@ -137,8 +144,8 @@ define(function(require, exports, module) {
                 
                 var path = req.params.path;
                 var url = req.proxyUrl + path;
-                if (req.session.token)
-                    url += "?access_token=" + encodeURIComponent(req.session.token.id || req.session.token);
+                if (req.user.code)
+                    url += "?access_token=" + encodeURIComponent(req.user.code);
 
                 var parsedUrl = parseUrl(url);
                 var httpModule = parsedUrl.protocol == "https:" ? https : http;

From cf02d0a1b8989a733521268f879f733da79688a4 Mon Sep 17 00:00:00 2001
From: Fabian Jakobs <fabian@c9.io>
Date: Tue, 13 Oct 2015 11:55:31 +0000
Subject: [PATCH 2/5] add user-content to server.js

---
 server.js | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/server.js b/server.js
index 2711230c..3c8463e9 100755
--- a/server.js
+++ b/server.js
@@ -23,14 +23,12 @@ var DEFAULT_CONFIG = "s";
 var DEFAULT_SETTINGS = getDefaultSettings();
 
 var shortcuts = {
-    "dev"  : ["ide", "preview", "vfs", "api", "sapi", "proxy", "redis", "profile", "oldclient", "homepage", "apps-proxy", "-s", "devel"],
-    "odev" : ["ide", "preview", "vfs", "api", "proxy", "oldclient", "homepage", "apps-proxy", "profile", "worker", "-s", "onlinedev"],
-    "bill" : ["ide", "preview", "vfs", "api", "proxy", "oldclient", "homepage", "apps-proxy", "profile", "-s", "billing"],
-    "beta" : ["ide", "preview", "vfs", "proxy", "-s", "beta"],
-    "ci"   : ["ide", "preview", "vfs", "proxy", "-s", "ci"],
+    "dev"  : ["ide", "preview", "user-content", "vfs", "api", "sapi", "proxy", "redis", "profile", "oldclient", "homepage", "apps-proxy", "-s", "devel"],
+    "odev" : ["ide", "preview", "user-content", "vfs", "api", "proxy", "oldclient", "homepage", "apps-proxy", "profile", "worker", "-s", "onlinedev"],
+    "beta" : ["ide", "preview", "user-content", "vfs", "proxy", "-s", "beta"],
     "s"    : ["standalone", "-s", "standalone"]
 };
-var delayLoadConfigs = ["preview", "api", "oldclient", "apps-proxy", "worker"];
+var delayLoadConfigs = ["preview", "user-content", "api", "oldclient", "apps-proxy", "worker"];
 
 module.exports = main;
 

From 95012eb90a9d7df1005722f093a64af5b7465729 Mon Sep 17 00:00:00 2001
From: Fabian Jakobs <fabian@c9.io>
Date: Tue, 13 Oct 2015 11:56:55 +0000
Subject: [PATCH 3/5] add to makefile

---
 node_modules/c9/object.js | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 node_modules/c9/object.js

diff --git a/node_modules/c9/object.js b/node_modules/c9/object.js
new file mode 100644
index 00000000..875dc338
--- /dev/null
+++ b/node_modules/c9/object.js
@@ -0,0 +1,9 @@
+/*
+ * Swap keys and values of an object
+ */
+exports.invert = function(obj) {
+    return Object.keys(obj).reduce(function(res, key) {
+        res[obj[key]] = key;
+        return res;
+    }, {});
+};
\ No newline at end of file

From 8224fb8c661aa63bb6602b9ef79903b81e8aed08 Mon Sep 17 00:00:00 2001
From: Fabian Jakobs <fabian@c9.io>
Date: Wed, 14 Oct 2015 13:31:30 +0000
Subject: [PATCH 4/5] add user content moved page

---
 node_modules/c9/urls.js | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/node_modules/c9/urls.js b/node_modules/c9/urls.js
index a1b000af..8f5fc472 100644
--- a/node_modules/c9/urls.js
+++ b/node_modules/c9/urls.js
@@ -22,6 +22,14 @@ function main(options, imports, register) {
     });
 }
 
+plugin.getHost = function(req) {
+    return (req.headers && req.headers.host
+        || req.host
+        || req.url && req.url.replace(/^https?:\/\/([^/]*).*/, "$1")
+        || req
+    );
+};
+
 /**
  * Get a desired base URL, given some context.
  * 
@@ -30,10 +38,8 @@ function main(options, imports, register) {
  * @param {String} targetBaseUrlPattern   The target URL pattern, e.g. https://$DOMAIN
  */
 plugin.getBaseUrl = function(req, sourceBaseUrlPattern, targetBaseUrlPattern) {
-    var sourceHost = req.headers && req.headers.host
-        || req.host
-        || req.url && req.url.replace(/^https?:\/\/([^/]*).*/, "$1")
-        || req;
+    var sourceHost = plugin.getHost(req);
+    
     if (typeof sourceHost !== "string")
         throw new Error("Not a valid request object: " + req);
     if (!sourceBaseUrlPattern)

From b0e10d15b5c5dba7927be2bf5f180183bfdcf79f Mon Sep 17 00:00:00 2001
From: Fabian Jakobs <fabian@c9.io>
Date: Wed, 14 Oct 2015 14:53:53 +0000
Subject: [PATCH 5/5] secure redirect

---
 node_modules/c9/string.js | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/node_modules/c9/string.js b/node_modules/c9/string.js
index 5e3714ce..2a28f65c 100644
--- a/node_modules/c9/string.js
+++ b/node_modules/c9/string.js
@@ -43,5 +43,14 @@ exports.repeat = function(str, times) {
 exports.count = function(str, substr){
     return str.split(substr).length - 1;
 };
+
+exports.endsWith = function(subjectString, searchString, position) {
+    if (typeof position !== 'number' || !isFinite(position) || Math.floor(position) !== position || position > subjectString.length) {
+        position = subjectString.length;
+    }
+    position -= searchString.length;
+    var lastIndex = subjectString.indexOf(searchString, position);
+    return lastIndex !== -1 && lastIndex === position;
+};
  
 });
\ No newline at end of file