Fix api authentication
This commit is contained in:
parent
13abf62368
commit
892cf26628
@ -1,5 +1,5 @@
|
|||||||
import Controller from "swaf/Controller";
|
import Controller from "swaf/Controller";
|
||||||
import {RequireAuthMiddleware} from "swaf/auth/AuthComponent";
|
import {RequireAuthMiddleware, RequireRequestAuthMiddleware} from "swaf/auth/AuthComponent";
|
||||||
import {NextFunction, Request, Response} from "express";
|
import {NextFunction, Request, Response} from "express";
|
||||||
import {BadRequestError, ForbiddenHttpError, ServerError} from "swaf/HttpError";
|
import {BadRequestError, ForbiddenHttpError, ServerError} from "swaf/HttpError";
|
||||||
import FileModel from "../models/FileModel";
|
import FileModel from "../models/FileModel";
|
||||||
@ -54,7 +54,12 @@ export default class FileController extends Controller {
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static async handleFileUpload(slug: string, req: Request, res: Response): Promise<void> {
|
public static async handleFileUpload(
|
||||||
|
slug: string,
|
||||||
|
req: Request,
|
||||||
|
res: Response,
|
||||||
|
requestAuth: boolean = false,
|
||||||
|
): Promise<void> {
|
||||||
// Check for file upload
|
// Check for file upload
|
||||||
if (Object.keys(req.files).indexOf('upload') < 0) {
|
if (Object.keys(req.files).indexOf('upload') < 0) {
|
||||||
throw new BadRequestError('No file received.', 'You must upload exactly one (1) file.', req.url);
|
throw new BadRequestError('No file received.', 'You must upload exactly one (1) file.', req.url);
|
||||||
@ -68,7 +73,7 @@ export default class FileController extends Controller {
|
|||||||
if (req.body.ttl !== undefined) ttl = parseInt(req.body.ttl);
|
if (req.body.ttl !== undefined) ttl = parseInt(req.body.ttl);
|
||||||
else if (req.body.expire_after_days !== undefined) ttl = parseInt(req.body.expire_after_days) * 24 * 3600;
|
else if (req.body.expire_after_days !== undefined) ttl = parseInt(req.body.expire_after_days) * 24 * 3600;
|
||||||
|
|
||||||
const user = req.as(RequireAuthMiddleware).getUser();
|
const user = (requestAuth ? req.as(RequireRequestAuthMiddleware) : req.as(RequireAuthMiddleware)).getUser();
|
||||||
|
|
||||||
const file = FileModel.create({
|
const file = FileModel.create({
|
||||||
user_id: user.id,
|
user_id: user.id,
|
||||||
@ -97,14 +102,19 @@ export default class FileController extends Controller {
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
public static async deleteFileRoute(req: Request, res: Response, next: NextFunction): Promise<void> {
|
public static async deleteFileRoute(
|
||||||
|
req: Request,
|
||||||
|
res: Response,
|
||||||
|
next: NextFunction,
|
||||||
|
requestAuth: boolean = false,
|
||||||
|
): Promise<void> {
|
||||||
const slug = req.params.slug;
|
const slug = req.params.slug;
|
||||||
if (!slug) throw new BadRequestError('Cannot delete nothing.', 'Please provide a slug.', req.url);
|
if (!slug) throw new BadRequestError('Cannot delete nothing.', 'Please provide a slug.', req.url);
|
||||||
|
|
||||||
const file = await FileModel.getBySlug(req.params.slug);
|
const file = await FileModel.getBySlug(req.params.slug);
|
||||||
if (!file) return next();
|
if (!file) return next();
|
||||||
|
|
||||||
const user = req.as(RequireAuthMiddleware).getUser();
|
const user = (requestAuth ? req.as(RequireRequestAuthMiddleware) : req.as(RequireAuthMiddleware)).getUser();
|
||||||
if (!file.canDelete(user.getOrFail('id'))) throw new ForbiddenHttpError('file', req.url);
|
if (!file.canDelete(user.getOrFail('id'))) throw new ForbiddenHttpError('file', req.url);
|
||||||
|
|
||||||
switch (file.storage_type) {
|
switch (file.storage_type) {
|
||||||
|
@ -16,14 +16,14 @@ import {log} from "swaf/Logger";
|
|||||||
export default class LinkController extends Controller {
|
export default class LinkController extends Controller {
|
||||||
public routes(): void {
|
public routes(): void {
|
||||||
this.post('/', this.postFile, 'post-file', RequireRequestAuthMiddleware, FileUploadFormMiddleware);
|
this.post('/', this.postFile, 'post-file', RequireRequestAuthMiddleware, FileUploadFormMiddleware);
|
||||||
this.delete('/:slug', FileController.deleteFileRoute, 'delete-file', RequireRequestAuthMiddleware);
|
this.delete('/:slug', this.deleteFile, 'delete-file', RequireRequestAuthMiddleware);
|
||||||
this.get('/:slug', this.getFile, 'get-file');
|
this.get('/:slug', this.getFile, 'get-file');
|
||||||
this.put('/:slug', this.putFile, 'put-file', RequireRequestAuthMiddleware, FileUploadFormMiddleware);
|
this.put('/:slug', this.putFile, 'put-file', RequireRequestAuthMiddleware, FileUploadFormMiddleware);
|
||||||
|
|
||||||
this.post('/', URLRedirectController.addURL, 'post-url', RequireRequestAuthMiddleware);
|
this.post('/', this.addURL, 'post-url', RequireRequestAuthMiddleware);
|
||||||
this.delete('/:slug', this.deleteURL, 'delete-url', RequireRequestAuthMiddleware);
|
this.delete('/:slug', this.deleteURL, 'delete-url', RequireRequestAuthMiddleware);
|
||||||
this.get('/:slug', this.getURLRedirect, 'get-url');
|
this.get('/:slug', this.getURLRedirect, 'get-url');
|
||||||
this.put('/:slug', URLRedirectController.addURL, 'put-url', RequireRequestAuthMiddleware);
|
this.put('/:slug', this.addURL, 'put-url', RequireRequestAuthMiddleware);
|
||||||
|
|
||||||
this.get(/(.*)/, this.domainFilter);
|
this.get(/(.*)/, this.domainFilter);
|
||||||
}
|
}
|
||||||
@ -69,7 +69,7 @@ export default class LinkController extends Controller {
|
|||||||
protected async postFile(req: Request, res: Response, next: NextFunction): Promise<void> {
|
protected async postFile(req: Request, res: Response, next: NextFunction): Promise<void> {
|
||||||
if (req.body.type !== 'file') return next();
|
if (req.body.type !== 'file') return next();
|
||||||
|
|
||||||
await FileController.handleFileUpload(req.body.slug || await generateSlug(10), req, res);
|
await FileController.handleFileUpload(req.body.slug || await generateSlug(10), req, res, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
protected async putFile(req: Request, res: Response, next: NextFunction): Promise<void> {
|
protected async putFile(req: Request, res: Response, next: NextFunction): Promise<void> {
|
||||||
@ -77,7 +77,15 @@ export default class LinkController extends Controller {
|
|||||||
const slug = req.params.slug;
|
const slug = req.params.slug;
|
||||||
if (!slug) throw new BadRequestError('Cannot put without a slug.', 'Either provide a slug or use POST method instead.', req.url);
|
if (!slug) throw new BadRequestError('Cannot put without a slug.', 'Either provide a slug or use POST method instead.', req.url);
|
||||||
|
|
||||||
await FileController.handleFileUpload(slug, req, res);
|
await FileController.handleFileUpload(slug, req, res, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
protected async deleteFile(req: Request, res: Response, next: NextFunction): Promise<void> {
|
||||||
|
return await FileController.deleteFileRoute(req, res, next, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
protected async addURL(req: Request, res: Response, next: NextFunction): Promise<void> {
|
||||||
|
return await URLRedirectController.addURL(req, res, next, undefined, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
protected async getURLRedirect(req: Request, res: Response, next: NextFunction): Promise<void> {
|
protected async getURLRedirect(req: Request, res: Response, next: NextFunction): Promise<void> {
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
import Controller from "swaf/Controller";
|
import Controller from "swaf/Controller";
|
||||||
import {NextFunction, Request, Response} from "express";
|
import {NextFunction, Request, Response} from "express";
|
||||||
import URLRedirect from "../models/URLRedirect";
|
import URLRedirect from "../models/URLRedirect";
|
||||||
import {RequireAuthMiddleware} from "swaf/auth/AuthComponent";
|
import {RequireAuthMiddleware, RequireRequestAuthMiddleware} from "swaf/auth/AuthComponent";
|
||||||
import generateSlug from "../SlugGenerator";
|
import generateSlug from "../SlugGenerator";
|
||||||
import config from "config";
|
import config from "config";
|
||||||
import AuthToken from "../models/AuthToken";
|
import AuthToken from "../models/AuthToken";
|
||||||
@ -47,10 +47,16 @@ export default class URLRedirectController extends Controller {
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static async addURL(req: Request, res: Response, next: NextFunction, slug?: string): Promise<void> {
|
public static async addURL(
|
||||||
|
req: Request,
|
||||||
|
res: Response,
|
||||||
|
next: NextFunction,
|
||||||
|
slug?: string,
|
||||||
|
requestAuth: boolean = false,
|
||||||
|
): Promise<void> {
|
||||||
if (req.body.type !== 'url') return next();
|
if (req.body.type !== 'url') return next();
|
||||||
|
|
||||||
const user = req.as(RequireAuthMiddleware).getUser();
|
const user = (requestAuth ? req.as(RequireRequestAuthMiddleware) : req.as(RequireAuthMiddleware)).getUser();
|
||||||
slug = slug || req.params.slug || req.body.slug || await generateSlug(10);
|
slug = slug || req.params.slug || req.body.slug || await generateSlug(10);
|
||||||
const urlRedirect = URLRedirect.create({
|
const urlRedirect = URLRedirect.create({
|
||||||
user_id: user.id,
|
user_id: user.id,
|
||||||
|
Loading…
Reference in New Issue
Block a user