mirror/fosrl.pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2025-07-23 12:15:36 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

add user checks in routes

Browse source
This commit is contained in:
miloschwartz 2025-05-02 10:44:50 -04:00
parent f8e0219b49
commit a9f0b9aa38
No known key found for this signature in database
21 changed files with 302 additions and 133 deletions
Download patch file Download diff file Expand all files Collapse all files

9
server/routers/resource/createResource.ts
View file

@ -39,6 +39,7 @@ const createHttpResourceSchema = z
isBaseDomain: z.boolean().optional(),
siteId: z.number(),
http: z.boolean(),
protocol: z.string(),
domainId: z.string()
})
.strict()
@ -129,7 +130,7 @@ export async function createResource(
const { siteId, orgId } = parsedParams.data;
if (!req.userOrgRoleId) {
if (req.user && !req.userOrgRoleId) {
return next(
createHttpError(HttpCode.FORBIDDEN, "User does not have a role")
);
@ -202,7 +203,7 @@ async function createHttpResource(
);
}
const { name, subdomain, isBaseDomain, http, domainId } =
const { name, subdomain, isBaseDomain, http, protocol, domainId } =
parsedBody.data;
const [orgDomain] = await db
@ -261,7 +262,7 @@ async function createHttpResource(
name,
subdomain,
http,
protocol: "tcp",
protocol,
ssl: true,
isBaseDomain
})
@ -284,7 +285,7 @@ async function createHttpResource(
resourceId: newResource[0].resourceId
});
if (req.userOrgRoleId != adminRole[0].roleId) {
if (req.user && req.userOrgRoleId != adminRole[0].roleId) {
// make sure the user can access the resource
await trx.insert(userResources).values({
userId: req.user?.userId!,