sasjs/server
1
0
Fork 0
mirror of https://github.com/sasjs/server.git synced 2025-12-11 19:44:35 +00:00
Code Issues Projects Releases Wiki Activity

fix: add authorize middleware for appStreams

Browse Source
This commit is contained in:
Sabir Hassan
2022-07-04 17:14:17 +05:00
parent 4c35e04802
commit e54a09db19
2 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
api/src/middlewares/authorize.ts
View File

@@ -5,7 +5,7 @@ import { PermissionSetting } from '../controllers/permission'
export const authorize: RequestHandler = async (req, res, next) => { export const authorize: RequestHandler = async (req, res, next) => {
let permission let permission
const user = req.user const user = req.user || req.session.user
if (user) { if (user) {
// no need to check for permissions when user is admin // no need to check for permissions when user is admin
if (user.isAdmin) return next() if (user.isAdmin) return next()
@@ -13,7 +13,7 @@ export const authorize: RequestHandler = async (req, res, next) => {
const dbUser = await User.findOne({ id: user.userId }) const dbUser = await User.findOne({ id: user.userId })
if (!dbUser) return res.sendStatus(401) if (!dbUser) return res.sendStatus(401)
const uri = req.baseUrl + req.route.path const uri = req.baseUrl + req.path
// find permission w.r.t user // find permission w.r.t user
permission = await Permission.findOne({ uri, user: dbUser._id }) permission = await Permission.findOne({ uri, user: dbUser._id })

5
api/src/routes/appStream/index.ts
View File

@@ -1,5 +1,6 @@
import path from 'path' import path from 'path'
import express, { Request } from 'express' import express, { Request } from 'express'
import { authorize } from '../../middlewares/authorize'
import { folderExists } from '@sasjs/utils' import { folderExists } from '@sasjs/utils'
import { addEntryToAppStreamConfig, getFilesFolder } from '../../utils' import { addEntryToAppStreamConfig, getFilesFolder } from '../../utils'
@@ -9,7 +10,7 @@ const appStreams: { [key: string]: string } = {}
const router = express.Router() const router = express.Router()
router.get('/', async (req, res) => { router.get('/', authorize, async (req, res) => {
const content = appStreamHtml(process.appStreamConfig) const content = appStreamHtml(process.appStreamConfig)
res.cookie('XSRF-TOKEN', req.csrfToken()) res.cookie('XSRF-TOKEN', req.csrfToken())
@@ -66,7 +67,7 @@ export const publishAppStream = async (
return {} return {}
} }
router.get(`/*`, function (req: Request, res, next) { router.get(`/*`, authorize, function (req: Request, res, next) {
const reqPath = req.path.replace(/^\//, '') const reqPath = req.path.replace(/^\//, '')
// Redirecting to url with trailing slash for appStream base URL only // Redirecting to url with trailing slash for appStream base URL only