vigdorov/storage-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOT-FIX. Правила на токены

Browse Source
This commit is contained in:
vigdorov
2020-09-07 21:01:18 +03:00
parent 8352024bb5
commit e09b325181
2 changed files with 28 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/store/hookTokens.controller.ts
View File

@ -31,7 +31,7 @@ export class HookTonesController {
await this.authService.checkRequest(request); await this.authService.checkRequest(request);
const api = makeApiHeader(request); const api = makeApiHeader(request);
const {key} = request?.query ?? {}; const {key} = request?.query ?? {};
return await this.storeService.findApiTokens(api, key); return await this.storeService.findApiTokens(api, key, request.headers.authorization);
} }
@Post() @Post()
@ -51,7 +51,7 @@ export class HookTonesController {
await this.authService.checkRequest(request); await this.authService.checkRequest(request);
const api = makeApiHeader(request); const api = makeApiHeader(request);
const {key} = request?.query ?? {}; const {key} = request?.query ?? {};
return await this.storeService.createApiToken(api, key, request?.body); return await this.storeService.createApiToken(api, key, request?.body, request.headers.authorization);
} }
@Delete() @Delete()
@ -70,7 +70,7 @@ export class HookTonesController {
await this.authService.checkRequest(request); await this.authService.checkRequest(request);
const api = makeApiHeader(request); const api = makeApiHeader(request);
const {key, id} = request?.query ?? {}; const {key, id} = request?.query ?? {};
return await this.storeService.deleteApiToken(api, key, id); return await this.storeService.deleteApiToken(api, key, id, request.headers.authorization);
} }
@Options('') @Options('')

29
src/store/store.service.ts
View File

@ -4,6 +4,7 @@ import {InjectConnection} from '@nestjs/mongoose';
import {Store, StoreRequest, StoreSchema, HookToken, HookTokenResponse, HookTokenMap, RightType} from './store.schema'; import {Store, StoreRequest, StoreSchema, HookToken, HookTokenResponse, HookTokenMap, RightType} from './store.schema';
import {DB_TEST_NAME, DB_NAME, COLLECTION_STORE} from 'src/consts'; import {DB_TEST_NAME, DB_NAME, COLLECTION_STORE} from 'src/consts';
import * as jwt from 'jsonwebtoken'; import * as jwt from 'jsonwebtoken';
import {access} from 'fs';
interface Token { interface Token {
login: string; login: string;
@ -203,21 +204,31 @@ export class StoreService {
throw new NotFoundException(`Not found api key "${key}"`); throw new NotFoundException(`Not found api key "${key}"`);
} }
async findApiTokens(api: string, key: string): Promise<HookTokenResponse[]> { async findApiTokens(api: string, key: string, access_token: string): Promise<HookTokenResponse[]> {
const searchStore = await this.storeModel(api).findOne({key}); const searchStore = await this.storeModel(api).findOne({key});
if (!searchStore) { if (searchStore) {
throw new NotFoundException(`Not found api key "${key}"`); const user = await this.loadUserByToken(access_token);
} if (user.is_admin || user.login === searchStore.author) {
return searchStore.hook_tokens?.map(prepareHook); return searchStore.hook_tokens?.map(prepareHook);
} }
return [];
}
throw new NotFoundException(`Not found api key "${key}"`);
}
async createApiToken(api: string, key: string, hook: HookTokenMap): Promise<HookTokenResponse> { async createApiToken(api: string, key: string, hook: HookTokenMap, access_token: string): Promise<HookTokenResponse> {
const searchStore = await this.storeModel(api).findOne({key}); const searchStore = await this.storeModel(api).findOne({key});
if (!searchStore) { if (!searchStore) {
throw new NotFoundException(`Not found api key "${key}"`); throw new NotFoundException(`Not found api key "${key}"`);
} }
const user = await this.loadUserByToken(access_token);
if (!user.is_admin && user.login !== searchStore.author) {
throw new BadRequestException(`You don't have access to "${key}"`);
}
const store = { const store = {
...prepareStore(searchStore), ...prepareStore(searchStore),
hook_tokens: (searchStore.hook_tokens || []).map(baseHook => { hook_tokens: (searchStore.hook_tokens || []).map(baseHook => {
@ -246,13 +257,19 @@ export class StoreService {
return prepareHook(newToken); return prepareHook(newToken);
} }
async deleteApiToken(api: string, key: string, id: string): Promise<HookTokenResponse> { async deleteApiToken(api: string, key: string, id: string, access_token: string): Promise<HookTokenResponse> {
const searchStore = await this.storeModel(api).findOne({key}); const searchStore = await this.storeModel(api).findOne({key});
if (!searchStore) { if (!searchStore) {
throw new NotFoundException(`Not found api key "${key}"`); throw new NotFoundException(`Not found api key "${key}"`);
} }
const user = await this.loadUserByToken(access_token);
if (!user.is_admin && user.login !== searchStore.author) {
throw new BadRequestException(`You don't have access to "${key}"`);
}
const deleteToken = searchStore.hook_tokens?.find(token => token._id.toString() === id); const deleteToken = searchStore.hook_tokens?.find(token => token._id.toString() === id);
if (!deleteToken) { if (!deleteToken) {