mirror of
https://github.com/fosrl/pangolin.git
synced 2025-08-30 14:39:29 +02:00
fix rendering issues on resource unauthorized
This commit is contained in:
Milo Schwartz
parent
5fb85130ec
commit
ed1efae05f
8 changed files with 58 additions and 20 deletions
|
|
@ -51,7 +51,7 @@ app.prepare().then(() => {
|
|||
externalServer.use(logIncomingMiddleware);
|
||||
externalServer.use(prefix, unauthenticated);
|
||||
externalServer.use(prefix, authenticated);
|
||||
externalServer.use(`${prefix}/ws`, wsRouter);
|
||||
// externalServer.use(`${prefix}/ws`, wsRouter);
|
||||
|
||||
externalServer.use(notFoundMiddleware);
|
||||
|
||||
|
|
@ -68,7 +68,7 @@ app.prepare().then(() => {
|
|||
);
|
||||
});
|
||||
|
||||
handleWSUpgrade(httpServer);
|
||||
// handleWSUpgrade(httpServer);
|
||||
|
||||
externalServer.use(errorHandlerMiddleware);
|
||||
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ import {
|
|||
resourcePassword,
|
||||
resourcePincode,
|
||||
resources,
|
||||
User,
|
||||
userOrgs,
|
||||
} from "@server/db/schema";
|
||||
import { and, eq } from "drizzle-orm";
|
||||
|
|
@ -106,7 +107,7 @@ export async function verifyResourceSession(
|
|||
const { session, user } = await validateSessionToken(sessionToken);
|
||||
if (session && user) {
|
||||
const isAllowed = await isUserAllowedToAccessResource(
|
||||
user.userId,
|
||||
user,
|
||||
resource,
|
||||
);
|
||||
|
||||
|
|
@ -191,15 +192,19 @@ function allowed(res: Response) {
|
|||
}
|
||||
|
||||
async function isUserAllowedToAccessResource(
|
||||
userId: string,
|
||||
user: User,
|
||||
resource: Resource,
|
||||
) {
|
||||
): Promise<boolean> {
|
||||
if (config.flags?.require_email_verification && !user.emailVerified) {
|
||||
return false;
|
||||
}
|
||||
|
||||
const userOrgRole = await db
|
||||
.select()
|
||||
.from(userOrgs)
|
||||
.where(
|
||||
and(
|
||||
eq(userOrgs.userId, userId),
|
||||
eq(userOrgs.userId, user.userId),
|
||||
eq(userOrgs.orgId, resource.orgId),
|
||||
),
|
||||
)
|
||||
|
|
@ -229,7 +234,7 @@ async function isUserAllowedToAccessResource(
|
|||
.from(userResources)
|
||||
.where(
|
||||
and(
|
||||
eq(userResources.userId, userId),
|
||||
eq(userResources.userId, user.userId),
|
||||
eq(userResources.resourceId, resource.resourceId),
|
||||
),
|
||||
)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue