mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-26 19:53:59 -05:00
Get user from Session instead of hardcoded value
Signed-off-by: Yannick Bungers <git@innay.de>
This commit is contained in:
parent
b2ae4a85c3
commit
28266bca0b
7 changed files with 92 additions and 67 deletions
|
@ -13,10 +13,9 @@ import {
|
||||||
Param,
|
Param,
|
||||||
Post,
|
Post,
|
||||||
Put,
|
Put,
|
||||||
Req,
|
|
||||||
UnauthorizedException,
|
UnauthorizedException,
|
||||||
|
UseGuards,
|
||||||
} from '@nestjs/common';
|
} from '@nestjs/common';
|
||||||
import { Request } from 'express';
|
|
||||||
|
|
||||||
import {
|
import {
|
||||||
AlreadyInDBError,
|
AlreadyInDBError,
|
||||||
|
@ -24,6 +23,7 @@ import {
|
||||||
NotInDBError,
|
NotInDBError,
|
||||||
PrimaryAliasDeletionForbiddenError,
|
PrimaryAliasDeletionForbiddenError,
|
||||||
} from '../../../errors/errors';
|
} from '../../../errors/errors';
|
||||||
|
import { SessionGuard } from '../../../identity/session.guard';
|
||||||
import { ConsoleLoggerService } from '../../../logger/console-logger.service';
|
import { ConsoleLoggerService } from '../../../logger/console-logger.service';
|
||||||
import { AliasCreateDto } from '../../../notes/alias-create.dto';
|
import { AliasCreateDto } from '../../../notes/alias-create.dto';
|
||||||
import { AliasUpdateDto } from '../../../notes/alias-update.dto';
|
import { AliasUpdateDto } from '../../../notes/alias-update.dto';
|
||||||
|
@ -31,8 +31,11 @@ import { AliasDto } from '../../../notes/alias.dto';
|
||||||
import { AliasService } from '../../../notes/alias.service';
|
import { AliasService } from '../../../notes/alias.service';
|
||||||
import { NotesService } from '../../../notes/notes.service';
|
import { NotesService } from '../../../notes/notes.service';
|
||||||
import { PermissionsService } from '../../../permissions/permissions.service';
|
import { PermissionsService } from '../../../permissions/permissions.service';
|
||||||
|
import { User } from '../../../users/user.entity';
|
||||||
import { UsersService } from '../../../users/users.service';
|
import { UsersService } from '../../../users/users.service';
|
||||||
|
import { RequestUser } from '../../utils/request-user.decorator';
|
||||||
|
|
||||||
|
@UseGuards(SessionGuard)
|
||||||
@Controller('alias')
|
@Controller('alias')
|
||||||
export class AliasController {
|
export class AliasController {
|
||||||
constructor(
|
constructor(
|
||||||
|
@ -44,15 +47,12 @@ export class AliasController {
|
||||||
) {
|
) {
|
||||||
this.logger.setContext(AliasController.name);
|
this.logger.setContext(AliasController.name);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Post()
|
@Post()
|
||||||
async addAlias(
|
async addAlias(
|
||||||
@Req() req: Request,
|
@RequestUser() user: User,
|
||||||
@Body() newAliasDto: AliasCreateDto,
|
@Body() newAliasDto: AliasCreateDto,
|
||||||
): Promise<AliasDto> {
|
): Promise<AliasDto> {
|
||||||
try {
|
try {
|
||||||
// ToDo: use actual user here
|
|
||||||
const user = await this.userService.getUserByUsername('hardcoded');
|
|
||||||
const note = await this.noteService.getNoteByIdOrAlias(
|
const note = await this.noteService.getNoteByIdOrAlias(
|
||||||
newAliasDto.noteIdOrAlias,
|
newAliasDto.noteIdOrAlias,
|
||||||
);
|
);
|
||||||
|
@ -77,7 +77,7 @@ export class AliasController {
|
||||||
|
|
||||||
@Put(':alias')
|
@Put(':alias')
|
||||||
async makeAliasPrimary(
|
async makeAliasPrimary(
|
||||||
@Req() req: Request,
|
@RequestUser() user: User,
|
||||||
@Param('alias') alias: string,
|
@Param('alias') alias: string,
|
||||||
@Body() changeAliasDto: AliasUpdateDto,
|
@Body() changeAliasDto: AliasUpdateDto,
|
||||||
): Promise<AliasDto> {
|
): Promise<AliasDto> {
|
||||||
|
@ -87,8 +87,6 @@ export class AliasController {
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
// ToDo: use actual user here
|
|
||||||
const user = await this.userService.getUserByUsername('hardcoded');
|
|
||||||
const note = await this.noteService.getNoteByIdOrAlias(alias);
|
const note = await this.noteService.getNoteByIdOrAlias(alias);
|
||||||
if (!this.permissionsService.isOwner(user, note)) {
|
if (!this.permissionsService.isOwner(user, note)) {
|
||||||
throw new UnauthorizedException('Reading note denied!');
|
throw new UnauthorizedException('Reading note denied!');
|
||||||
|
@ -112,12 +110,10 @@ export class AliasController {
|
||||||
@Delete(':alias')
|
@Delete(':alias')
|
||||||
@HttpCode(204)
|
@HttpCode(204)
|
||||||
async removeAlias(
|
async removeAlias(
|
||||||
@Req() req: Request,
|
@RequestUser() user: User,
|
||||||
@Param('alias') alias: string,
|
@Param('alias') alias: string,
|
||||||
): Promise<void> {
|
): Promise<void> {
|
||||||
try {
|
try {
|
||||||
// ToDo: use actual user here
|
|
||||||
const user = await this.userService.getUserByUsername('hardcoded');
|
|
||||||
const note = await this.noteService.getNoteByIdOrAlias(alias);
|
const note = await this.noteService.getNoteByIdOrAlias(alias);
|
||||||
if (!this.permissionsService.isOwner(user, note)) {
|
if (!this.permissionsService.isOwner(user, note)) {
|
||||||
throw new UnauthorizedException('Reading note denied!');
|
throw new UnauthorizedException('Reading note denied!');
|
||||||
|
|
|
@ -13,6 +13,7 @@ import {
|
||||||
Param,
|
Param,
|
||||||
Post,
|
Post,
|
||||||
Put,
|
Put,
|
||||||
|
UseGuards,
|
||||||
} from '@nestjs/common';
|
} from '@nestjs/common';
|
||||||
import { ApiTags } from '@nestjs/swagger';
|
import { ApiTags } from '@nestjs/swagger';
|
||||||
|
|
||||||
|
@ -21,27 +22,27 @@ import { HistoryEntryImportDto } from '../../../../history/history-entry-import.
|
||||||
import { HistoryEntryUpdateDto } from '../../../../history/history-entry-update.dto';
|
import { HistoryEntryUpdateDto } from '../../../../history/history-entry-update.dto';
|
||||||
import { HistoryEntryDto } from '../../../../history/history-entry.dto';
|
import { HistoryEntryDto } from '../../../../history/history-entry.dto';
|
||||||
import { HistoryService } from '../../../../history/history.service';
|
import { HistoryService } from '../../../../history/history.service';
|
||||||
|
import { SessionGuard } from '../../../../identity/session.guard';
|
||||||
import { ConsoleLoggerService } from '../../../../logger/console-logger.service';
|
import { ConsoleLoggerService } from '../../../../logger/console-logger.service';
|
||||||
import { GetNotePipe } from '../../../../notes/get-note.pipe';
|
import { GetNotePipe } from '../../../../notes/get-note.pipe';
|
||||||
import { Note } from '../../../../notes/note.entity';
|
import { Note } from '../../../../notes/note.entity';
|
||||||
import { UsersService } from '../../../../users/users.service';
|
import { User } from '../../../../users/user.entity';
|
||||||
|
import { RequestUser } from '../../../utils/request-user.decorator';
|
||||||
|
|
||||||
|
@UseGuards(SessionGuard)
|
||||||
@ApiTags('history')
|
@ApiTags('history')
|
||||||
@Controller('/me/history')
|
@Controller('/me/history')
|
||||||
export class HistoryController {
|
export class HistoryController {
|
||||||
constructor(
|
constructor(
|
||||||
private readonly logger: ConsoleLoggerService,
|
private readonly logger: ConsoleLoggerService,
|
||||||
private historyService: HistoryService,
|
private historyService: HistoryService,
|
||||||
private userService: UsersService,
|
|
||||||
) {
|
) {
|
||||||
this.logger.setContext(HistoryController.name);
|
this.logger.setContext(HistoryController.name);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Get()
|
@Get()
|
||||||
async getHistory(): Promise<HistoryEntryDto[]> {
|
async getHistory(@RequestUser() user: User): Promise<HistoryEntryDto[]> {
|
||||||
// ToDo: use actual user here
|
|
||||||
try {
|
try {
|
||||||
const user = await this.userService.getUserByUsername('hardcoded');
|
|
||||||
const foundEntries = await this.historyService.getEntriesByUser(user);
|
const foundEntries = await this.historyService.getEntriesByUser(user);
|
||||||
return foundEntries.map((entry) =>
|
return foundEntries.map((entry) =>
|
||||||
this.historyService.toHistoryEntryDto(entry),
|
this.historyService.toHistoryEntryDto(entry),
|
||||||
|
@ -56,11 +57,10 @@ export class HistoryController {
|
||||||
|
|
||||||
@Post()
|
@Post()
|
||||||
async setHistory(
|
async setHistory(
|
||||||
|
@RequestUser() user: User,
|
||||||
@Body('history') history: HistoryEntryImportDto[],
|
@Body('history') history: HistoryEntryImportDto[],
|
||||||
): Promise<void> {
|
): Promise<void> {
|
||||||
try {
|
try {
|
||||||
// ToDo: use actual user here
|
|
||||||
const user = await this.userService.getUserByUsername('hardcoded');
|
|
||||||
await this.historyService.setHistory(user, history);
|
await this.historyService.setHistory(user, history);
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
if (e instanceof NotInDBError || e instanceof ForbiddenIdError) {
|
if (e instanceof NotInDBError || e instanceof ForbiddenIdError) {
|
||||||
|
@ -71,10 +71,8 @@ export class HistoryController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Delete()
|
@Delete()
|
||||||
async deleteHistory(): Promise<void> {
|
async deleteHistory(@RequestUser() user: User): Promise<void> {
|
||||||
try {
|
try {
|
||||||
// ToDo: use actual user here
|
|
||||||
const user = await this.userService.getUserByUsername('hardcoded');
|
|
||||||
await this.historyService.deleteHistory(user);
|
await this.historyService.deleteHistory(user);
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
if (e instanceof NotInDBError) {
|
if (e instanceof NotInDBError) {
|
||||||
|
@ -87,11 +85,10 @@ export class HistoryController {
|
||||||
@Put(':note')
|
@Put(':note')
|
||||||
async updateHistoryEntry(
|
async updateHistoryEntry(
|
||||||
@Param('note', GetNotePipe) note: Note,
|
@Param('note', GetNotePipe) note: Note,
|
||||||
|
@RequestUser() user: User,
|
||||||
@Body() entryUpdateDto: HistoryEntryUpdateDto,
|
@Body() entryUpdateDto: HistoryEntryUpdateDto,
|
||||||
): Promise<HistoryEntryDto> {
|
): Promise<HistoryEntryDto> {
|
||||||
try {
|
try {
|
||||||
// ToDo: use actual user here
|
|
||||||
const user = await this.userService.getUserByUsername('hardcoded');
|
|
||||||
const newEntry = await this.historyService.updateHistoryEntry(
|
const newEntry = await this.historyService.updateHistoryEntry(
|
||||||
note,
|
note,
|
||||||
user,
|
user,
|
||||||
|
@ -109,10 +106,9 @@ export class HistoryController {
|
||||||
@Delete(':note')
|
@Delete(':note')
|
||||||
async deleteHistoryEntry(
|
async deleteHistoryEntry(
|
||||||
@Param('note', GetNotePipe) note: Note,
|
@Param('note', GetNotePipe) note: Note,
|
||||||
|
@RequestUser() user: User,
|
||||||
): Promise<void> {
|
): Promise<void> {
|
||||||
try {
|
try {
|
||||||
// ToDo: use actual user here
|
|
||||||
const user = await this.userService.getUserByUsername('hardcoded');
|
|
||||||
await this.historyService.deleteHistoryEntry(note, user);
|
await this.historyService.deleteHistoryEntry(note, user);
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
if (e instanceof NotInDBError) {
|
if (e instanceof NotInDBError) {
|
||||||
|
|
|
@ -3,14 +3,26 @@
|
||||||
*
|
*
|
||||||
* SPDX-License-Identifier: AGPL-3.0-only
|
* SPDX-License-Identifier: AGPL-3.0-only
|
||||||
*/
|
*/
|
||||||
import { Body, Controller, Delete, Get, HttpCode, Post } from '@nestjs/common';
|
import {
|
||||||
|
Body,
|
||||||
|
Controller,
|
||||||
|
Delete,
|
||||||
|
Get,
|
||||||
|
HttpCode,
|
||||||
|
Post,
|
||||||
|
UseGuards,
|
||||||
|
} from '@nestjs/common';
|
||||||
|
|
||||||
|
import { SessionGuard } from '../../../identity/session.guard';
|
||||||
import { ConsoleLoggerService } from '../../../logger/console-logger.service';
|
import { ConsoleLoggerService } from '../../../logger/console-logger.service';
|
||||||
import { MediaUploadDto } from '../../../media/media-upload.dto';
|
import { MediaUploadDto } from '../../../media/media-upload.dto';
|
||||||
import { MediaService } from '../../../media/media.service';
|
import { MediaService } from '../../../media/media.service';
|
||||||
import { UserInfoDto } from '../../../users/user-info.dto';
|
import { UserInfoDto } from '../../../users/user-info.dto';
|
||||||
|
import { User } from '../../../users/user.entity';
|
||||||
import { UsersService } from '../../../users/users.service';
|
import { UsersService } from '../../../users/users.service';
|
||||||
|
import { RequestUser } from '../../utils/request-user.decorator';
|
||||||
|
|
||||||
|
@UseGuards(SessionGuard)
|
||||||
@Controller('me')
|
@Controller('me')
|
||||||
export class MeController {
|
export class MeController {
|
||||||
constructor(
|
constructor(
|
||||||
|
@ -20,27 +32,20 @@ export class MeController {
|
||||||
) {
|
) {
|
||||||
this.logger.setContext(MeController.name);
|
this.logger.setContext(MeController.name);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Get()
|
@Get()
|
||||||
async getMe(): Promise<UserInfoDto> {
|
getMe(@RequestUser() user: User): UserInfoDto {
|
||||||
// ToDo: use actual user here
|
|
||||||
const user = await this.userService.getUserByUsername('hardcoded');
|
|
||||||
return this.userService.toUserDto(user);
|
return this.userService.toUserDto(user);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Get('media')
|
@Get('media')
|
||||||
async getMyMedia(): Promise<MediaUploadDto[]> {
|
async getMyMedia(@RequestUser() user: User): Promise<MediaUploadDto[]> {
|
||||||
// ToDo: use actual user here
|
|
||||||
const user = await this.userService.getUserByUsername('hardcoded');
|
|
||||||
const media = await this.mediaService.listUploadsByUser(user);
|
const media = await this.mediaService.listUploadsByUser(user);
|
||||||
return media.map((media) => this.mediaService.toMediaUploadDto(media));
|
return media.map((media) => this.mediaService.toMediaUploadDto(media));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Delete()
|
@Delete()
|
||||||
@HttpCode(204)
|
@HttpCode(204)
|
||||||
async deleteUser(): Promise<void> {
|
async deleteUser(@RequestUser() user: User): Promise<void> {
|
||||||
// ToDo: use actual user here
|
|
||||||
const user = await this.userService.getUserByUsername('hardcoded');
|
|
||||||
const mediaUploads = await this.mediaService.listUploadsByUser(user);
|
const mediaUploads = await this.mediaService.listUploadsByUser(user);
|
||||||
for (const mediaUpload of mediaUploads) {
|
for (const mediaUpload of mediaUploads) {
|
||||||
await this.mediaService.deleteFile(mediaUpload);
|
await this.mediaService.deleteFile(mediaUpload);
|
||||||
|
@ -52,9 +57,10 @@ export class MeController {
|
||||||
|
|
||||||
@Post('profile')
|
@Post('profile')
|
||||||
@HttpCode(200)
|
@HttpCode(200)
|
||||||
async updateDisplayName(@Body('name') newDisplayName: string): Promise<void> {
|
async updateDisplayName(
|
||||||
// ToDo: use actual user here
|
@RequestUser() user: User,
|
||||||
const user = await this.userService.getUserByUsername('hardcoded');
|
@Body('name') newDisplayName: string,
|
||||||
|
): Promise<void> {
|
||||||
await this.userService.changeDisplayName(user, newDisplayName);
|
await this.userService.changeDisplayName(user, newDisplayName);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,6 +11,7 @@ import {
|
||||||
InternalServerErrorException,
|
InternalServerErrorException,
|
||||||
Post,
|
Post,
|
||||||
UploadedFile,
|
UploadedFile,
|
||||||
|
UseGuards,
|
||||||
UseInterceptors,
|
UseInterceptors,
|
||||||
} from '@nestjs/common';
|
} from '@nestjs/common';
|
||||||
import { FileInterceptor } from '@nestjs/platform-express';
|
import { FileInterceptor } from '@nestjs/platform-express';
|
||||||
|
@ -20,6 +21,7 @@ import {
|
||||||
MediaBackendError,
|
MediaBackendError,
|
||||||
NotInDBError,
|
NotInDBError,
|
||||||
} from '../../../errors/errors';
|
} from '../../../errors/errors';
|
||||||
|
import { SessionGuard } from '../../../identity/session.guard';
|
||||||
import { ConsoleLoggerService } from '../../../logger/console-logger.service';
|
import { ConsoleLoggerService } from '../../../logger/console-logger.service';
|
||||||
import { MediaUploadUrlDto } from '../../../media/media-upload-url.dto';
|
import { MediaUploadUrlDto } from '../../../media/media-upload-url.dto';
|
||||||
import { MediaService } from '../../../media/media.service';
|
import { MediaService } from '../../../media/media.service';
|
||||||
|
@ -28,7 +30,9 @@ import { Note } from '../../../notes/note.entity';
|
||||||
import { NotesService } from '../../../notes/notes.service';
|
import { NotesService } from '../../../notes/notes.service';
|
||||||
import { User } from '../../../users/user.entity';
|
import { User } from '../../../users/user.entity';
|
||||||
import { UsersService } from '../../../users/users.service';
|
import { UsersService } from '../../../users/users.service';
|
||||||
|
import { RequestUser } from '../../utils/request-user.decorator';
|
||||||
|
|
||||||
|
@UseGuards(SessionGuard)
|
||||||
@Controller('media')
|
@Controller('media')
|
||||||
export class MediaController {
|
export class MediaController {
|
||||||
constructor(
|
constructor(
|
||||||
|
@ -46,9 +50,8 @@ export class MediaController {
|
||||||
async uploadMedia(
|
async uploadMedia(
|
||||||
@UploadedFile() file: MulterFile,
|
@UploadedFile() file: MulterFile,
|
||||||
@Headers('HedgeDoc-Note') noteId: string,
|
@Headers('HedgeDoc-Note') noteId: string,
|
||||||
|
@RequestUser() user: User,
|
||||||
): Promise<MediaUploadUrlDto> {
|
): Promise<MediaUploadUrlDto> {
|
||||||
// ToDo: Get real userName
|
|
||||||
const user: User = await this.userService.getUserByUsername('hardcoded');
|
|
||||||
try {
|
try {
|
||||||
// TODO: Move getting the Note object into a decorator
|
// TODO: Move getting the Note object into a decorator
|
||||||
const note: Note = await this.noteService.getNoteByIdOrAlias(noteId);
|
const note: Note = await this.noteService.getNoteByIdOrAlias(noteId);
|
||||||
|
|
|
@ -14,6 +14,7 @@ import {
|
||||||
Param,
|
Param,
|
||||||
Post,
|
Post,
|
||||||
UnauthorizedException,
|
UnauthorizedException,
|
||||||
|
UseGuards,
|
||||||
} from '@nestjs/common';
|
} from '@nestjs/common';
|
||||||
|
|
||||||
import {
|
import {
|
||||||
|
@ -22,6 +23,7 @@ import {
|
||||||
NotInDBError,
|
NotInDBError,
|
||||||
} from '../../../errors/errors';
|
} from '../../../errors/errors';
|
||||||
import { HistoryService } from '../../../history/history.service';
|
import { HistoryService } from '../../../history/history.service';
|
||||||
|
import { SessionGuard } from '../../../identity/session.guard';
|
||||||
import { ConsoleLoggerService } from '../../../logger/console-logger.service';
|
import { ConsoleLoggerService } from '../../../logger/console-logger.service';
|
||||||
import { MediaUploadDto } from '../../../media/media-upload.dto';
|
import { MediaUploadDto } from '../../../media/media-upload.dto';
|
||||||
import { MediaService } from '../../../media/media.service';
|
import { MediaService } from '../../../media/media.service';
|
||||||
|
@ -34,9 +36,12 @@ import { PermissionsService } from '../../../permissions/permissions.service';
|
||||||
import { RevisionMetadataDto } from '../../../revisions/revision-metadata.dto';
|
import { RevisionMetadataDto } from '../../../revisions/revision-metadata.dto';
|
||||||
import { RevisionDto } from '../../../revisions/revision.dto';
|
import { RevisionDto } from '../../../revisions/revision.dto';
|
||||||
import { RevisionsService } from '../../../revisions/revisions.service';
|
import { RevisionsService } from '../../../revisions/revisions.service';
|
||||||
|
import { User } from '../../../users/user.entity';
|
||||||
import { UsersService } from '../../../users/users.service';
|
import { UsersService } from '../../../users/users.service';
|
||||||
import { MarkdownBody } from '../../utils/markdownbody-decorator';
|
import { MarkdownBody } from '../../utils/markdownbody-decorator';
|
||||||
|
import { RequestUser } from '../../utils/request-user.decorator';
|
||||||
|
|
||||||
|
@UseGuards(SessionGuard)
|
||||||
@Controller('notes')
|
@Controller('notes')
|
||||||
export class NotesController {
|
export class NotesController {
|
||||||
constructor(
|
constructor(
|
||||||
|
@ -53,10 +58,9 @@ export class NotesController {
|
||||||
|
|
||||||
@Get(':noteIdOrAlias')
|
@Get(':noteIdOrAlias')
|
||||||
async getNote(
|
async getNote(
|
||||||
|
@RequestUser() user: User,
|
||||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||||
): Promise<NoteDto> {
|
): Promise<NoteDto> {
|
||||||
// ToDo: use actual user here
|
|
||||||
const user = await this.userService.getUserByUsername('hardcoded');
|
|
||||||
if (!this.permissionsService.mayRead(user, note)) {
|
if (!this.permissionsService.mayRead(user, note)) {
|
||||||
throw new UnauthorizedException('Reading note denied!');
|
throw new UnauthorizedException('Reading note denied!');
|
||||||
}
|
}
|
||||||
|
@ -67,10 +71,9 @@ export class NotesController {
|
||||||
@Get(':noteIdOrAlias/media')
|
@Get(':noteIdOrAlias/media')
|
||||||
async getNotesMedia(
|
async getNotesMedia(
|
||||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||||
|
@RequestUser() user: User,
|
||||||
): Promise<MediaUploadDto[]> {
|
): Promise<MediaUploadDto[]> {
|
||||||
try {
|
try {
|
||||||
// ToDo: use actual user here
|
|
||||||
const user = await this.userService.getUserByUsername('hardcoded');
|
|
||||||
if (!this.permissionsService.mayRead(user, note)) {
|
if (!this.permissionsService.mayRead(user, note)) {
|
||||||
throw new UnauthorizedException('Reading note denied!');
|
throw new UnauthorizedException('Reading note denied!');
|
||||||
}
|
}
|
||||||
|
@ -86,10 +89,10 @@ export class NotesController {
|
||||||
|
|
||||||
@Post()
|
@Post()
|
||||||
@HttpCode(201)
|
@HttpCode(201)
|
||||||
async createNote(@MarkdownBody() text: string): Promise<NoteDto> {
|
async createNote(
|
||||||
// ToDo: use actual user here
|
@RequestUser() user: User,
|
||||||
const user = await this.userService.getUserByUsername('hardcoded');
|
@MarkdownBody() text: string,
|
||||||
// ToDo: provide user for createNoteDto
|
): Promise<NoteDto> {
|
||||||
if (!this.permissionsService.mayCreate(user)) {
|
if (!this.permissionsService.mayCreate(user)) {
|
||||||
throw new UnauthorizedException('Creating note denied!');
|
throw new UnauthorizedException('Creating note denied!');
|
||||||
}
|
}
|
||||||
|
@ -102,11 +105,10 @@ export class NotesController {
|
||||||
@Post(':noteAlias')
|
@Post(':noteAlias')
|
||||||
@HttpCode(201)
|
@HttpCode(201)
|
||||||
async createNamedNote(
|
async createNamedNote(
|
||||||
|
@RequestUser() user: User,
|
||||||
@Param('noteAlias') noteAlias: string,
|
@Param('noteAlias') noteAlias: string,
|
||||||
@MarkdownBody() text: string,
|
@MarkdownBody() text: string,
|
||||||
): Promise<NoteDto> {
|
): Promise<NoteDto> {
|
||||||
// ToDo: use actual user here
|
|
||||||
const user = await this.userService.getUserByUsername('hardcoded');
|
|
||||||
if (!this.permissionsService.mayCreate(user)) {
|
if (!this.permissionsService.mayCreate(user)) {
|
||||||
throw new UnauthorizedException('Creating note denied!');
|
throw new UnauthorizedException('Creating note denied!');
|
||||||
}
|
}
|
||||||
|
@ -129,12 +131,11 @@ export class NotesController {
|
||||||
@Delete(':noteIdOrAlias')
|
@Delete(':noteIdOrAlias')
|
||||||
@HttpCode(204)
|
@HttpCode(204)
|
||||||
async deleteNote(
|
async deleteNote(
|
||||||
|
@RequestUser() user: User,
|
||||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||||
@Body() noteMediaDeletionDto: NoteMediaDeletionDto,
|
@Body() noteMediaDeletionDto: NoteMediaDeletionDto,
|
||||||
): Promise<void> {
|
): Promise<void> {
|
||||||
try {
|
try {
|
||||||
// ToDo: use actual user here
|
|
||||||
const user = await this.userService.getUserByUsername('hardcoded');
|
|
||||||
if (!this.permissionsService.isOwner(user, note)) {
|
if (!this.permissionsService.isOwner(user, note)) {
|
||||||
throw new UnauthorizedException('Deleting note denied!');
|
throw new UnauthorizedException('Deleting note denied!');
|
||||||
}
|
}
|
||||||
|
@ -160,11 +161,10 @@ export class NotesController {
|
||||||
|
|
||||||
@Get(':noteIdOrAlias/revisions')
|
@Get(':noteIdOrAlias/revisions')
|
||||||
async getNoteRevisions(
|
async getNoteRevisions(
|
||||||
|
@RequestUser() user: User,
|
||||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||||
): Promise<RevisionMetadataDto[]> {
|
): Promise<RevisionMetadataDto[]> {
|
||||||
try {
|
try {
|
||||||
// ToDo: use actual user here
|
|
||||||
const user = await this.userService.getUserByUsername('hardcoded');
|
|
||||||
if (!this.permissionsService.mayRead(user, note)) {
|
if (!this.permissionsService.mayRead(user, note)) {
|
||||||
throw new UnauthorizedException('Reading note denied!');
|
throw new UnauthorizedException('Reading note denied!');
|
||||||
}
|
}
|
||||||
|
@ -185,11 +185,10 @@ export class NotesController {
|
||||||
@Delete(':noteIdOrAlias/revisions')
|
@Delete(':noteIdOrAlias/revisions')
|
||||||
@HttpCode(204)
|
@HttpCode(204)
|
||||||
async purgeNoteRevisions(
|
async purgeNoteRevisions(
|
||||||
|
@RequestUser() user: User,
|
||||||
@Param('noteIdOrAlias') noteIdOrAlias: string,
|
@Param('noteIdOrAlias') noteIdOrAlias: string,
|
||||||
): Promise<void> {
|
): Promise<void> {
|
||||||
try {
|
try {
|
||||||
// ToDo: use actual user here
|
|
||||||
const user = await this.userService.getUserByUsername('hardcoded');
|
|
||||||
const note = await this.noteService.getNoteByIdOrAlias(noteIdOrAlias);
|
const note = await this.noteService.getNoteByIdOrAlias(noteIdOrAlias);
|
||||||
if (!this.permissionsService.mayRead(user, note)) {
|
if (!this.permissionsService.mayRead(user, note)) {
|
||||||
throw new UnauthorizedException('Reading note denied!');
|
throw new UnauthorizedException('Reading note denied!');
|
||||||
|
@ -217,12 +216,11 @@ export class NotesController {
|
||||||
|
|
||||||
@Get(':noteIdOrAlias/revisions/:revisionId')
|
@Get(':noteIdOrAlias/revisions/:revisionId')
|
||||||
async getNoteRevision(
|
async getNoteRevision(
|
||||||
|
@RequestUser() user: User,
|
||||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||||
@Param('revisionId') revisionId: number,
|
@Param('revisionId') revisionId: number,
|
||||||
): Promise<RevisionDto> {
|
): Promise<RevisionDto> {
|
||||||
try {
|
try {
|
||||||
// ToDo: use actual user here
|
|
||||||
const user = await this.userService.getUserByUsername('hardcoded');
|
|
||||||
if (!this.permissionsService.mayRead(user, note)) {
|
if (!this.permissionsService.mayRead(user, note)) {
|
||||||
throw new UnauthorizedException('Reading note denied!');
|
throw new UnauthorizedException('Reading note denied!');
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,6 +14,7 @@ import { Identity } from '../../../identity/identity.entity';
|
||||||
import { LoggerModule } from '../../../logger/logger.module';
|
import { LoggerModule } from '../../../logger/logger.module';
|
||||||
import { Session } from '../../../users/session.entity';
|
import { Session } from '../../../users/session.entity';
|
||||||
import { User } from '../../../users/user.entity';
|
import { User } from '../../../users/user.entity';
|
||||||
|
import { UsersModule } from '../../../users/users.module';
|
||||||
import { TokensController } from './tokens.controller';
|
import { TokensController } from './tokens.controller';
|
||||||
|
|
||||||
describe('TokensController', () => {
|
describe('TokensController', () => {
|
||||||
|
@ -29,6 +30,7 @@ describe('TokensController', () => {
|
||||||
}),
|
}),
|
||||||
LoggerModule,
|
LoggerModule,
|
||||||
AuthModule,
|
AuthModule,
|
||||||
|
UsersModule,
|
||||||
],
|
],
|
||||||
})
|
})
|
||||||
.overrideProvider(getRepositoryToken(User))
|
.overrideProvider(getRepositoryToken(User))
|
||||||
|
|
|
@ -9,17 +9,25 @@ import {
|
||||||
Delete,
|
Delete,
|
||||||
Get,
|
Get,
|
||||||
HttpCode,
|
HttpCode,
|
||||||
|
NotFoundException,
|
||||||
Param,
|
Param,
|
||||||
Post,
|
Post,
|
||||||
|
UnauthorizedException,
|
||||||
|
UseGuards,
|
||||||
} from '@nestjs/common';
|
} from '@nestjs/common';
|
||||||
import { ApiTags } from '@nestjs/swagger';
|
import { ApiTags } from '@nestjs/swagger';
|
||||||
|
|
||||||
import { AuthTokenWithSecretDto } from '../../../auth/auth-token-with-secret.dto';
|
import { AuthTokenWithSecretDto } from '../../../auth/auth-token-with-secret.dto';
|
||||||
import { AuthTokenDto } from '../../../auth/auth-token.dto';
|
import { AuthTokenDto } from '../../../auth/auth-token.dto';
|
||||||
import { AuthService } from '../../../auth/auth.service';
|
import { AuthService } from '../../../auth/auth.service';
|
||||||
|
import { NotInDBError } from '../../../errors/errors';
|
||||||
|
import { SessionGuard } from '../../../identity/session.guard';
|
||||||
import { ConsoleLoggerService } from '../../../logger/console-logger.service';
|
import { ConsoleLoggerService } from '../../../logger/console-logger.service';
|
||||||
|
import { User } from '../../../users/user.entity';
|
||||||
import { TimestampMillis } from '../../../utils/timestamp';
|
import { TimestampMillis } from '../../../utils/timestamp';
|
||||||
|
import { RequestUser } from '../../utils/request-user.decorator';
|
||||||
|
|
||||||
|
@UseGuards(SessionGuard)
|
||||||
@ApiTags('tokens')
|
@ApiTags('tokens')
|
||||||
@Controller('tokens')
|
@Controller('tokens')
|
||||||
export class TokensController {
|
export class TokensController {
|
||||||
|
@ -31,9 +39,8 @@ export class TokensController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Get()
|
@Get()
|
||||||
async getUserTokens(): Promise<AuthTokenDto[]> {
|
async getUserTokens(@RequestUser() user: User): Promise<AuthTokenDto[]> {
|
||||||
// ToDo: Get real userName
|
return (await this.authService.getTokensByUsername(user.userName)).map(
|
||||||
return (await this.authService.getTokensByUsername('hardcoded')).map(
|
|
||||||
(token) => this.authService.toAuthTokenDto(token),
|
(token) => this.authService.toAuthTokenDto(token),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
@ -42,10 +49,10 @@ export class TokensController {
|
||||||
async postTokenRequest(
|
async postTokenRequest(
|
||||||
@Body('label') label: string,
|
@Body('label') label: string,
|
||||||
@Body('validUntil') validUntil: TimestampMillis,
|
@Body('validUntil') validUntil: TimestampMillis,
|
||||||
|
@RequestUser() user: User,
|
||||||
): Promise<AuthTokenWithSecretDto> {
|
): Promise<AuthTokenWithSecretDto> {
|
||||||
// ToDo: Get real userName
|
|
||||||
return await this.authService.createTokenForUser(
|
return await this.authService.createTokenForUser(
|
||||||
'hardcoded',
|
user.userName,
|
||||||
label,
|
label,
|
||||||
validUntil,
|
validUntil,
|
||||||
);
|
);
|
||||||
|
@ -53,7 +60,24 @@ export class TokensController {
|
||||||
|
|
||||||
@Delete('/:keyId')
|
@Delete('/:keyId')
|
||||||
@HttpCode(204)
|
@HttpCode(204)
|
||||||
async deleteToken(@Param('keyId') keyId: string): Promise<void> {
|
async deleteToken(
|
||||||
return await this.authService.removeToken(keyId);
|
@RequestUser() user: User,
|
||||||
|
@Param('keyId') keyId: string,
|
||||||
|
): Promise<void> {
|
||||||
|
const tokens = await this.authService.getTokensByUsername(user.userName);
|
||||||
|
try {
|
||||||
|
for (const token of tokens) {
|
||||||
|
if (token.keyId == keyId) {
|
||||||
|
return await this.authService.removeToken(keyId);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} catch (e) {
|
||||||
|
if (e instanceof NotInDBError) {
|
||||||
|
throw new NotFoundException(e.message);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
throw new UnauthorizedException(
|
||||||
|
'User is not authorized to delete this token',
|
||||||
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue