Fix api authentication
This commit is contained in:
parent
13abf62368
commit
892cf26628
@ -1,5 +1,5 @@
|
||||
import Controller from "swaf/Controller";
|
||||
import {RequireAuthMiddleware} from "swaf/auth/AuthComponent";
|
||||
import {RequireAuthMiddleware, RequireRequestAuthMiddleware} from "swaf/auth/AuthComponent";
|
||||
import {NextFunction, Request, Response} from "express";
|
||||
import {BadRequestError, ForbiddenHttpError, ServerError} from "swaf/HttpError";
|
||||
import FileModel from "../models/FileModel";
|
||||
@ -54,7 +54,12 @@ export default class FileController extends Controller {
|
||||
);
|
||||
}
|
||||
|
||||
public static async handleFileUpload(slug: string, req: Request, res: Response): Promise<void> {
|
||||
public static async handleFileUpload(
|
||||
slug: string,
|
||||
req: Request,
|
||||
res: Response,
|
||||
requestAuth: boolean = false,
|
||||
): Promise<void> {
|
||||
// Check for file upload
|
||||
if (Object.keys(req.files).indexOf('upload') < 0) {
|
||||
throw new BadRequestError('No file received.', 'You must upload exactly one (1) file.', req.url);
|
||||
@ -68,7 +73,7 @@ export default class FileController extends Controller {
|
||||
if (req.body.ttl !== undefined) ttl = parseInt(req.body.ttl);
|
||||
else if (req.body.expire_after_days !== undefined) ttl = parseInt(req.body.expire_after_days) * 24 * 3600;
|
||||
|
||||
const user = req.as(RequireAuthMiddleware).getUser();
|
||||
const user = (requestAuth ? req.as(RequireRequestAuthMiddleware) : req.as(RequireAuthMiddleware)).getUser();
|
||||
|
||||
const file = FileModel.create({
|
||||
user_id: user.id,
|
||||
@ -97,14 +102,19 @@ export default class FileController extends Controller {
|
||||
});
|
||||
}
|
||||
|
||||
public static async deleteFileRoute(req: Request, res: Response, next: NextFunction): Promise<void> {
|
||||
public static async deleteFileRoute(
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction,
|
||||
requestAuth: boolean = false,
|
||||
): Promise<void> {
|
||||
const slug = req.params.slug;
|
||||
if (!slug) throw new BadRequestError('Cannot delete nothing.', 'Please provide a slug.', req.url);
|
||||
|
||||
const file = await FileModel.getBySlug(req.params.slug);
|
||||
if (!file) return next();
|
||||
|
||||
const user = req.as(RequireAuthMiddleware).getUser();
|
||||
const user = (requestAuth ? req.as(RequireRequestAuthMiddleware) : req.as(RequireAuthMiddleware)).getUser();
|
||||
if (!file.canDelete(user.getOrFail('id'))) throw new ForbiddenHttpError('file', req.url);
|
||||
|
||||
switch (file.storage_type) {
|
||||
|
@ -16,14 +16,14 @@ import {log} from "swaf/Logger";
|
||||
export default class LinkController extends Controller {
|
||||
public routes(): void {
|
||||
this.post('/', this.postFile, 'post-file', RequireRequestAuthMiddleware, FileUploadFormMiddleware);
|
||||
this.delete('/:slug', FileController.deleteFileRoute, 'delete-file', RequireRequestAuthMiddleware);
|
||||
this.delete('/:slug', this.deleteFile, 'delete-file', RequireRequestAuthMiddleware);
|
||||
this.get('/:slug', this.getFile, 'get-file');
|
||||
this.put('/:slug', this.putFile, 'put-file', RequireRequestAuthMiddleware, FileUploadFormMiddleware);
|
||||
|
||||
this.post('/', URLRedirectController.addURL, 'post-url', RequireRequestAuthMiddleware);
|
||||
this.post('/', this.addURL, 'post-url', RequireRequestAuthMiddleware);
|
||||
this.delete('/:slug', this.deleteURL, 'delete-url', RequireRequestAuthMiddleware);
|
||||
this.get('/:slug', this.getURLRedirect, 'get-url');
|
||||
this.put('/:slug', URLRedirectController.addURL, 'put-url', RequireRequestAuthMiddleware);
|
||||
this.put('/:slug', this.addURL, 'put-url', RequireRequestAuthMiddleware);
|
||||
|
||||
this.get(/(.*)/, this.domainFilter);
|
||||
}
|
||||
@ -69,7 +69,7 @@ export default class LinkController extends Controller {
|
||||
protected async postFile(req: Request, res: Response, next: NextFunction): Promise<void> {
|
||||
if (req.body.type !== 'file') return next();
|
||||
|
||||
await FileController.handleFileUpload(req.body.slug || await generateSlug(10), req, res);
|
||||
await FileController.handleFileUpload(req.body.slug || await generateSlug(10), req, res, true);
|
||||
}
|
||||
|
||||
protected async putFile(req: Request, res: Response, next: NextFunction): Promise<void> {
|
||||
@ -77,7 +77,15 @@ export default class LinkController extends Controller {
|
||||
const slug = req.params.slug;
|
||||
if (!slug) throw new BadRequestError('Cannot put without a slug.', 'Either provide a slug or use POST method instead.', req.url);
|
||||
|
||||
await FileController.handleFileUpload(slug, req, res);
|
||||
await FileController.handleFileUpload(slug, req, res, true);
|
||||
}
|
||||
|
||||
protected async deleteFile(req: Request, res: Response, next: NextFunction): Promise<void> {
|
||||
return await FileController.deleteFileRoute(req, res, next, true);
|
||||
}
|
||||
|
||||
protected async addURL(req: Request, res: Response, next: NextFunction): Promise<void> {
|
||||
return await URLRedirectController.addURL(req, res, next, undefined, true);
|
||||
}
|
||||
|
||||
protected async getURLRedirect(req: Request, res: Response, next: NextFunction): Promise<void> {
|
||||
|
@ -1,7 +1,7 @@
|
||||
import Controller from "swaf/Controller";
|
||||
import {NextFunction, Request, Response} from "express";
|
||||
import URLRedirect from "../models/URLRedirect";
|
||||
import {RequireAuthMiddleware} from "swaf/auth/AuthComponent";
|
||||
import {RequireAuthMiddleware, RequireRequestAuthMiddleware} from "swaf/auth/AuthComponent";
|
||||
import generateSlug from "../SlugGenerator";
|
||||
import config from "config";
|
||||
import AuthToken from "../models/AuthToken";
|
||||
@ -47,10 +47,16 @@ export default class URLRedirectController extends Controller {
|
||||
);
|
||||
}
|
||||
|
||||
public static async addURL(req: Request, res: Response, next: NextFunction, slug?: string): Promise<void> {
|
||||
public static async addURL(
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction,
|
||||
slug?: string,
|
||||
requestAuth: boolean = false,
|
||||
): Promise<void> {
|
||||
if (req.body.type !== 'url') return next();
|
||||
|
||||
const user = req.as(RequireAuthMiddleware).getUser();
|
||||
const user = (requestAuth ? req.as(RequireRequestAuthMiddleware) : req.as(RequireAuthMiddleware)).getUser();
|
||||
slug = slug || req.params.slug || req.body.slug || await generateSlug(10);
|
||||
const urlRedirect = URLRedirect.create({
|
||||
user_id: user.id,
|
||||
|
Loading…
Reference in New Issue
Block a user