github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-10-22 23:22:08 -04:00
Code Issues Projects Releases Packages Wiki Activity

Get user from Session instead of hardcoded value

Browse source 
Signed-off-by: Yannick Bungers <git@innay.de>
This commit is contained in:
Yannick Bungers 2021-09-23 22:44:34 +02:00
parent b2ae4a85c3
commit 28266bca0b
7 changed files with 92 additions and 67 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
src/api/private/alias/alias.controller.ts
View file

@ -13,10 +13,9 @@ import {
Param, Param,
Post, Post,
Put, Put,
Req,
UnauthorizedException, UnauthorizedException,
UseGuards,
} from '@nestjs/common'; } from '@nestjs/common';
import { Request } from 'express';
import { import {
AlreadyInDBError, AlreadyInDBError,
@ -24,6 +23,7 @@ import {
NotInDBError, NotInDBError,
PrimaryAliasDeletionForbiddenError, PrimaryAliasDeletionForbiddenError,
} from '../../../errors/errors'; } from '../../../errors/errors';
import { SessionGuard } from '../../../identity/session.guard';
import { ConsoleLoggerService } from '../../../logger/console-logger.service'; import { ConsoleLoggerService } from '../../../logger/console-logger.service';
import { AliasCreateDto } from '../../../notes/alias-create.dto'; import { AliasCreateDto } from '../../../notes/alias-create.dto';
import { AliasUpdateDto } from '../../../notes/alias-update.dto'; import { AliasUpdateDto } from '../../../notes/alias-update.dto';
@ -31,8 +31,11 @@ import { AliasDto } from '../../../notes/alias.dto';
import { AliasService } from '../../../notes/alias.service'; import { AliasService } from '../../../notes/alias.service';
import { NotesService } from '../../../notes/notes.service'; import { NotesService } from '../../../notes/notes.service';
import { PermissionsService } from '../../../permissions/permissions.service'; import { PermissionsService } from '../../../permissions/permissions.service';
import { User } from '../../../users/user.entity';
import { UsersService } from '../../../users/users.service'; import { UsersService } from '../../../users/users.service';
import { RequestUser } from '../../utils/request-user.decorator';
@UseGuards(SessionGuard)
@Controller('alias') @Controller('alias')
export class AliasController { export class AliasController {
constructor( constructor(
@ -44,15 +47,12 @@ export class AliasController {
) { ) {
this.logger.setContext(AliasController.name); this.logger.setContext(AliasController.name);
} }
@Post() @Post()
async addAlias( async addAlias(
@Req() req: Request, @RequestUser() user: User,
@Body() newAliasDto: AliasCreateDto, @Body() newAliasDto: AliasCreateDto,
): Promise<AliasDto> { ): Promise<AliasDto> {
try { try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
const note = await this.noteService.getNoteByIdOrAlias( const note = await this.noteService.getNoteByIdOrAlias(
newAliasDto.noteIdOrAlias, newAliasDto.noteIdOrAlias,
); );
@ -77,7 +77,7 @@ export class AliasController {
@Put(':alias') @Put(':alias')
async makeAliasPrimary( async makeAliasPrimary(
@Req() req: Request, @RequestUser() user: User,
@Param('alias') alias: string, @Param('alias') alias: string,
@Body() changeAliasDto: AliasUpdateDto, @Body() changeAliasDto: AliasUpdateDto,
): Promise<AliasDto> { ): Promise<AliasDto> {
@ -87,8 +87,6 @@ export class AliasController {
); );
} }
try { try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
const note = await this.noteService.getNoteByIdOrAlias(alias); const note = await this.noteService.getNoteByIdOrAlias(alias);
if (!this.permissionsService.isOwner(user, note)) { if (!this.permissionsService.isOwner(user, note)) {
throw new UnauthorizedException('Reading note denied!'); throw new UnauthorizedException('Reading note denied!');
@ -112,12 +110,10 @@ export class AliasController {
@Delete(':alias') @Delete(':alias')
@HttpCode(204) @HttpCode(204)
async removeAlias( async removeAlias(
@Req() req: Request, @RequestUser() user: User,
@Param('alias') alias: string, @Param('alias') alias: string,
): Promise<void> { ): Promise<void> {
try { try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
const note = await this.noteService.getNoteByIdOrAlias(alias); const note = await this.noteService.getNoteByIdOrAlias(alias);
if (!this.permissionsService.isOwner(user, note)) { if (!this.permissionsService.isOwner(user, note)) {
throw new UnauthorizedException('Reading note denied!'); throw new UnauthorizedException('Reading note denied!');

24
src/api/private/me/history/history.controller.ts
View file

@ -13,6 +13,7 @@ import {
Param, Param,
Post, Post,
Put, Put,
UseGuards,
} from '@nestjs/common'; } from '@nestjs/common';
import { ApiTags } from '@nestjs/swagger'; import { ApiTags } from '@nestjs/swagger';
@ -21,27 +22,27 @@ import { HistoryEntryImportDto } from '../../../../history/history-entry-import.
import { HistoryEntryUpdateDto } from '../../../../history/history-entry-update.dto'; import { HistoryEntryUpdateDto } from '../../../../history/history-entry-update.dto';
import { HistoryEntryDto } from '../../../../history/history-entry.dto'; import { HistoryEntryDto } from '../../../../history/history-entry.dto';
import { HistoryService } from '../../../../history/history.service'; import { HistoryService } from '../../../../history/history.service';
import { SessionGuard } from '../../../../identity/session.guard';
import { ConsoleLoggerService } from '../../../../logger/console-logger.service'; import { ConsoleLoggerService } from '../../../../logger/console-logger.service';
import { GetNotePipe } from '../../../../notes/get-note.pipe'; import { GetNotePipe } from '../../../../notes/get-note.pipe';
import { Note } from '../../../../notes/note.entity'; import { Note } from '../../../../notes/note.entity';
import { UsersService } from '../../../../users/users.service'; import { User } from '../../../../users/user.entity';
import { RequestUser } from '../../../utils/request-user.decorator';
@UseGuards(SessionGuard)
@ApiTags('history') @ApiTags('history')
@Controller('/me/history') @Controller('/me/history')
export class HistoryController { export class HistoryController {
constructor( constructor(
private readonly logger: ConsoleLoggerService, private readonly logger: ConsoleLoggerService,
private historyService: HistoryService, private historyService: HistoryService,
private userService: UsersService,
) { ) {
this.logger.setContext(HistoryController.name); this.logger.setContext(HistoryController.name);
} }
@Get() @Get()
async getHistory(): Promise<HistoryEntryDto[]> { async getHistory(@RequestUser() user: User): Promise<HistoryEntryDto[]> {
// ToDo: use actual user here
try { try {
const user = await this.userService.getUserByUsername('hardcoded');
const foundEntries = await this.historyService.getEntriesByUser(user); const foundEntries = await this.historyService.getEntriesByUser(user);
return foundEntries.map((entry) => return foundEntries.map((entry) =>
this.historyService.toHistoryEntryDto(entry), this.historyService.toHistoryEntryDto(entry),
@ -56,11 +57,10 @@ export class HistoryController {
@Post() @Post()
async setHistory( async setHistory(
@RequestUser() user: User,
@Body('history') history: HistoryEntryImportDto[], @Body('history') history: HistoryEntryImportDto[],
): Promise<void> { ): Promise<void> {
try { try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
await this.historyService.setHistory(user, history); await this.historyService.setHistory(user, history);
} catch (e) { } catch (e) {
if (e instanceof NotInDBError || e instanceof ForbiddenIdError) { if (e instanceof NotInDBError || e instanceof ForbiddenIdError) {
@ -71,10 +71,8 @@ export class HistoryController {
} }
@Delete() @Delete()
async deleteHistory(): Promise<void> { async deleteHistory(@RequestUser() user: User): Promise<void> {
try { try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
await this.historyService.deleteHistory(user); await this.historyService.deleteHistory(user);
} catch (e) { } catch (e) {
if (e instanceof NotInDBError) { if (e instanceof NotInDBError) {
@ -87,11 +85,10 @@ export class HistoryController {
@Put(':note') @Put(':note')
async updateHistoryEntry( async updateHistoryEntry(
@Param('note', GetNotePipe) note: Note, @Param('note', GetNotePipe) note: Note,
@RequestUser() user: User,
@Body() entryUpdateDto: HistoryEntryUpdateDto, @Body() entryUpdateDto: HistoryEntryUpdateDto,
): Promise<HistoryEntryDto> { ): Promise<HistoryEntryDto> {
try { try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
const newEntry = await this.historyService.updateHistoryEntry( const newEntry = await this.historyService.updateHistoryEntry(
note, note,
user, user,
@ -109,10 +106,9 @@ export class HistoryController {
@Delete(':note') @Delete(':note')
async deleteHistoryEntry( async deleteHistoryEntry(
@Param('note', GetNotePipe) note: Note, @Param('note', GetNotePipe) note: Note,
@RequestUser() user: User,
): Promise<void> { ): Promise<void> {
try { try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
await this.historyService.deleteHistoryEntry(note, user); await this.historyService.deleteHistoryEntry(note, user);
} catch (e) { } catch (e) {
if (e instanceof NotInDBError) { if (e instanceof NotInDBError) {

34
src/api/private/me/me.controller.ts
View file

@ -3,14 +3,26 @@
* *
* SPDX-License-Identifier: AGPL-3.0-only * SPDX-License-Identifier: AGPL-3.0-only
*/ */
import { Body, Controller, Delete, Get, HttpCode, Post } from '@nestjs/common'; import {
Body,
Controller,
Delete,
Get,
HttpCode,
Post,
UseGuards,
} from '@nestjs/common';
import { SessionGuard } from '../../../identity/session.guard';
import { ConsoleLoggerService } from '../../../logger/console-logger.service'; import { ConsoleLoggerService } from '../../../logger/console-logger.service';
import { MediaUploadDto } from '../../../media/media-upload.dto'; import { MediaUploadDto } from '../../../media/media-upload.dto';
import { MediaService } from '../../../media/media.service'; import { MediaService } from '../../../media/media.service';
import { UserInfoDto } from '../../../users/user-info.dto'; import { UserInfoDto } from '../../../users/user-info.dto';
import { User } from '../../../users/user.entity';
import { UsersService } from '../../../users/users.service'; import { UsersService } from '../../../users/users.service';
import { RequestUser } from '../../utils/request-user.decorator';
@UseGuards(SessionGuard)
@Controller('me') @Controller('me')
export class MeController { export class MeController {
constructor( constructor(
@ -20,27 +32,20 @@ export class MeController {
) { ) {
this.logger.setContext(MeController.name); this.logger.setContext(MeController.name);
} }
@Get() @Get()
async getMe(): Promise<UserInfoDto> { getMe(@RequestUser() user: User): UserInfoDto {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
return this.userService.toUserDto(user); return this.userService.toUserDto(user);
} }
@Get('media') @Get('media')
async getMyMedia(): Promise<MediaUploadDto[]> { async getMyMedia(@RequestUser() user: User): Promise<MediaUploadDto[]> {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
const media = await this.mediaService.listUploadsByUser(user); const media = await this.mediaService.listUploadsByUser(user);
return media.map((media) => this.mediaService.toMediaUploadDto(media)); return media.map((media) => this.mediaService.toMediaUploadDto(media));
} }
@Delete() @Delete()
@HttpCode(204) @HttpCode(204)
async deleteUser(): Promise<void> { async deleteUser(@RequestUser() user: User): Promise<void> {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
const mediaUploads = await this.mediaService.listUploadsByUser(user); const mediaUploads = await this.mediaService.listUploadsByUser(user);
for (const mediaUpload of mediaUploads) { for (const mediaUpload of mediaUploads) {
await this.mediaService.deleteFile(mediaUpload); await this.mediaService.deleteFile(mediaUpload);
@ -52,9 +57,10 @@ export class MeController {
@Post('profile') @Post('profile')
@HttpCode(200) @HttpCode(200)
async updateDisplayName(@Body('name') newDisplayName: string): Promise<void> { async updateDisplayName(
// ToDo: use actual user here @RequestUser() user: User,
const user = await this.userService.getUserByUsername('hardcoded'); @Body('name') newDisplayName: string,
): Promise<void> {
await this.userService.changeDisplayName(user, newDisplayName); await this.userService.changeDisplayName(user, newDisplayName);
} }
} }

7
src/api/private/media/media.controller.ts
View file

@ -11,6 +11,7 @@ import {
InternalServerErrorException, InternalServerErrorException,
Post, Post,
UploadedFile, UploadedFile,
UseGuards,
UseInterceptors, UseInterceptors,
} from '@nestjs/common'; } from '@nestjs/common';
import { FileInterceptor } from '@nestjs/platform-express'; import { FileInterceptor } from '@nestjs/platform-express';
@ -20,6 +21,7 @@ import {
MediaBackendError, MediaBackendError,
NotInDBError, NotInDBError,
} from '../../../errors/errors'; } from '../../../errors/errors';
import { SessionGuard } from '../../../identity/session.guard';
import { ConsoleLoggerService } from '../../../logger/console-logger.service'; import { ConsoleLoggerService } from '../../../logger/console-logger.service';
import { MediaUploadUrlDto } from '../../../media/media-upload-url.dto'; import { MediaUploadUrlDto } from '../../../media/media-upload-url.dto';
import { MediaService } from '../../../media/media.service'; import { MediaService } from '../../../media/media.service';
@ -28,7 +30,9 @@ import { Note } from '../../../notes/note.entity';
import { NotesService } from '../../../notes/notes.service'; import { NotesService } from '../../../notes/notes.service';
import { User } from '../../../users/user.entity'; import { User } from '../../../users/user.entity';
import { UsersService } from '../../../users/users.service'; import { UsersService } from '../../../users/users.service';
import { RequestUser } from '../../utils/request-user.decorator';
@UseGuards(SessionGuard)
@Controller('media') @Controller('media')
export class MediaController { export class MediaController {
constructor( constructor(
@ -46,9 +50,8 @@ export class MediaController {
async uploadMedia( async uploadMedia(
@UploadedFile() file: MulterFile, @UploadedFile() file: MulterFile,
@Headers('HedgeDoc-Note') noteId: string, @Headers('HedgeDoc-Note') noteId: string,
@RequestUser() user: User,
): Promise<MediaUploadUrlDto> { ): Promise<MediaUploadUrlDto> {
// ToDo: Get real userName
const user: User = await this.userService.getUserByUsername('hardcoded');
try { try {
// TODO: Move getting the Note object into a decorator // TODO: Move getting the Note object into a decorator
const note: Note = await this.noteService.getNoteByIdOrAlias(noteId); const note: Note = await this.noteService.getNoteByIdOrAlias(noteId);

34
src/api/private/notes/notes.controller.ts
View file

@ -14,6 +14,7 @@ import {
Param, Param,
Post, Post,
UnauthorizedException, UnauthorizedException,
UseGuards,
} from '@nestjs/common'; } from '@nestjs/common';
import { import {
@ -22,6 +23,7 @@ import {
NotInDBError, NotInDBError,
} from '../../../errors/errors'; } from '../../../errors/errors';
import { HistoryService } from '../../../history/history.service'; import { HistoryService } from '../../../history/history.service';
import { SessionGuard } from '../../../identity/session.guard';
import { ConsoleLoggerService } from '../../../logger/console-logger.service'; import { ConsoleLoggerService } from '../../../logger/console-logger.service';
import { MediaUploadDto } from '../../../media/media-upload.dto'; import { MediaUploadDto } from '../../../media/media-upload.dto';
import { MediaService } from '../../../media/media.service'; import { MediaService } from '../../../media/media.service';
@ -34,9 +36,12 @@ import { PermissionsService } from '../../../permissions/permissions.service';
import { RevisionMetadataDto } from '../../../revisions/revision-metadata.dto'; import { RevisionMetadataDto } from '../../../revisions/revision-metadata.dto';
import { RevisionDto } from '../../../revisions/revision.dto'; import { RevisionDto } from '../../../revisions/revision.dto';
import { RevisionsService } from '../../../revisions/revisions.service'; import { RevisionsService } from '../../../revisions/revisions.service';
import { User } from '../../../users/user.entity';
import { UsersService } from '../../../users/users.service'; import { UsersService } from '../../../users/users.service';
import { MarkdownBody } from '../../utils/markdownbody-decorator'; import { MarkdownBody } from '../../utils/markdownbody-decorator';
import { RequestUser } from '../../utils/request-user.decorator';
@UseGuards(SessionGuard)
@Controller('notes') @Controller('notes')
export class NotesController { export class NotesController {
constructor( constructor(
@ -53,10 +58,9 @@ export class NotesController {
@Get(':noteIdOrAlias') @Get(':noteIdOrAlias')
async getNote( async getNote(
@RequestUser() user: User,
@Param('noteIdOrAlias', GetNotePipe) note: Note, @Param('noteIdOrAlias', GetNotePipe) note: Note,
): Promise<NoteDto> { ): Promise<NoteDto> {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
if (!this.permissionsService.mayRead(user, note)) { if (!this.permissionsService.mayRead(user, note)) {
throw new UnauthorizedException('Reading note denied!'); throw new UnauthorizedException('Reading note denied!');
} }
@ -67,10 +71,9 @@ export class NotesController {
@Get(':noteIdOrAlias/media') @Get(':noteIdOrAlias/media')
async getNotesMedia( async getNotesMedia(
@Param('noteIdOrAlias', GetNotePipe) note: Note, @Param('noteIdOrAlias', GetNotePipe) note: Note,
@RequestUser() user: User,
): Promise<MediaUploadDto[]> { ): Promise<MediaUploadDto[]> {
try { try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
if (!this.permissionsService.mayRead(user, note)) { if (!this.permissionsService.mayRead(user, note)) {
throw new UnauthorizedException('Reading note denied!'); throw new UnauthorizedException('Reading note denied!');
} }
@ -86,10 +89,10 @@ export class NotesController {
@Post() @Post()
@HttpCode(201) @HttpCode(201)
async createNote(@MarkdownBody() text: string): Promise<NoteDto> { async createNote(
// ToDo: use actual user here @RequestUser() user: User,
const user = await this.userService.getUserByUsername('hardcoded'); @MarkdownBody() text: string,
// ToDo: provide user for createNoteDto ): Promise<NoteDto> {
if (!this.permissionsService.mayCreate(user)) { if (!this.permissionsService.mayCreate(user)) {
throw new UnauthorizedException('Creating note denied!'); throw new UnauthorizedException('Creating note denied!');
} }
@ -102,11 +105,10 @@ export class NotesController {
@Post(':noteAlias') @Post(':noteAlias')
@HttpCode(201) @HttpCode(201)
async createNamedNote( async createNamedNote(
@RequestUser() user: User,
@Param('noteAlias') noteAlias: string, @Param('noteAlias') noteAlias: string,
@MarkdownBody() text: string, @MarkdownBody() text: string,
): Promise<NoteDto> { ): Promise<NoteDto> {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
if (!this.permissionsService.mayCreate(user)) { if (!this.permissionsService.mayCreate(user)) {
throw new UnauthorizedException('Creating note denied!'); throw new UnauthorizedException('Creating note denied!');
} }
@ -129,12 +131,11 @@ export class NotesController {
@Delete(':noteIdOrAlias') @Delete(':noteIdOrAlias')
@HttpCode(204) @HttpCode(204)
async deleteNote( async deleteNote(
@RequestUser() user: User,
@Param('noteIdOrAlias', GetNotePipe) note: Note, @Param('noteIdOrAlias', GetNotePipe) note: Note,
@Body() noteMediaDeletionDto: NoteMediaDeletionDto, @Body() noteMediaDeletionDto: NoteMediaDeletionDto,
): Promise<void> { ): Promise<void> {
try { try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
if (!this.permissionsService.isOwner(user, note)) { if (!this.permissionsService.isOwner(user, note)) {
throw new UnauthorizedException('Deleting note denied!'); throw new UnauthorizedException('Deleting note denied!');
} }
@ -160,11 +161,10 @@ export class NotesController {
@Get(':noteIdOrAlias/revisions') @Get(':noteIdOrAlias/revisions')
async getNoteRevisions( async getNoteRevisions(
@RequestUser() user: User,
@Param('noteIdOrAlias', GetNotePipe) note: Note, @Param('noteIdOrAlias', GetNotePipe) note: Note,
): Promise<RevisionMetadataDto[]> { ): Promise<RevisionMetadataDto[]> {
try { try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
if (!this.permissionsService.mayRead(user, note)) { if (!this.permissionsService.mayRead(user, note)) {
throw new UnauthorizedException('Reading note denied!'); throw new UnauthorizedException('Reading note denied!');
} }
@ -185,11 +185,10 @@ export class NotesController {
@Delete(':noteIdOrAlias/revisions') @Delete(':noteIdOrAlias/revisions')
@HttpCode(204) @HttpCode(204)
async purgeNoteRevisions( async purgeNoteRevisions(
@RequestUser() user: User,
@Param('noteIdOrAlias') noteIdOrAlias: string, @Param('noteIdOrAlias') noteIdOrAlias: string,
): Promise<void> { ): Promise<void> {
try { try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
const note = await this.noteService.getNoteByIdOrAlias(noteIdOrAlias); const note = await this.noteService.getNoteByIdOrAlias(noteIdOrAlias);
if (!this.permissionsService.mayRead(user, note)) { if (!this.permissionsService.mayRead(user, note)) {
throw new UnauthorizedException('Reading note denied!'); throw new UnauthorizedException('Reading note denied!');
@ -217,12 +216,11 @@ export class NotesController {
@Get(':noteIdOrAlias/revisions/:revisionId') @Get(':noteIdOrAlias/revisions/:revisionId')
async getNoteRevision( async getNoteRevision(
@RequestUser() user: User,
@Param('noteIdOrAlias', GetNotePipe) note: Note, @Param('noteIdOrAlias', GetNotePipe) note: Note,
@Param('revisionId') revisionId: number, @Param('revisionId') revisionId: number,
): Promise<RevisionDto> { ): Promise<RevisionDto> {
try { try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
if (!this.permissionsService.mayRead(user, note)) { if (!this.permissionsService.mayRead(user, note)) {
throw new UnauthorizedException('Reading note denied!'); throw new UnauthorizedException('Reading note denied!');
} }

2
src/api/private/tokens/tokens.controller.spec.ts
View file

@ -14,6 +14,7 @@ import { Identity } from '../../../identity/identity.entity';
import { LoggerModule } from '../../../logger/logger.module'; import { LoggerModule } from '../../../logger/logger.module';
import { Session } from '../../../users/session.entity'; import { Session } from '../../../users/session.entity';
import { User } from '../../../users/user.entity'; import { User } from '../../../users/user.entity';
import { UsersModule } from '../../../users/users.module';
import { TokensController } from './tokens.controller'; import { TokensController } from './tokens.controller';
describe('TokensController', () => { describe('TokensController', () => {
@ -29,6 +30,7 @@ describe('TokensController', () => {
}), }),
LoggerModule, LoggerModule,
AuthModule, AuthModule,
UsersModule,
], ],
}) })
.overrideProvider(getRepositoryToken(User)) .overrideProvider(getRepositoryToken(User))

38
src/api/private/tokens/tokens.controller.ts
View file

@ -9,17 +9,25 @@ import {
Delete, Delete,
Get, Get,
HttpCode, HttpCode,
NotFoundException,
Param, Param,
Post, Post,
UnauthorizedException,
UseGuards,
} from '@nestjs/common'; } from '@nestjs/common';
import { ApiTags } from '@nestjs/swagger'; import { ApiTags } from '@nestjs/swagger';
import { AuthTokenWithSecretDto } from '../../../auth/auth-token-with-secret.dto'; import { AuthTokenWithSecretDto } from '../../../auth/auth-token-with-secret.dto';
import { AuthTokenDto } from '../../../auth/auth-token.dto'; import { AuthTokenDto } from '../../../auth/auth-token.dto';
import { AuthService } from '../../../auth/auth.service'; import { AuthService } from '../../../auth/auth.service';
import { NotInDBError } from '../../../errors/errors';
import { SessionGuard } from '../../../identity/session.guard';
import { ConsoleLoggerService } from '../../../logger/console-logger.service'; import { ConsoleLoggerService } from '../../../logger/console-logger.service';
import { User } from '../../../users/user.entity';
import { TimestampMillis } from '../../../utils/timestamp'; import { TimestampMillis } from '../../../utils/timestamp';
import { RequestUser } from '../../utils/request-user.decorator';
@UseGuards(SessionGuard)
@ApiTags('tokens') @ApiTags('tokens')
@Controller('tokens') @Controller('tokens')
export class TokensController { export class TokensController {
@ -31,9 +39,8 @@ export class TokensController {
} }
@Get() @Get()
async getUserTokens(): Promise<AuthTokenDto[]> { async getUserTokens(@RequestUser() user: User): Promise<AuthTokenDto[]> {
// ToDo: Get real userName return (await this.authService.getTokensByUsername(user.userName)).map(
return (await this.authService.getTokensByUsername('hardcoded')).map(
(token) => this.authService.toAuthTokenDto(token), (token) => this.authService.toAuthTokenDto(token),
); );
} }
@ -42,10 +49,10 @@ export class TokensController {
async postTokenRequest( async postTokenRequest(
@Body('label') label: string, @Body('label') label: string,
@Body('validUntil') validUntil: TimestampMillis, @Body('validUntil') validUntil: TimestampMillis,
@RequestUser() user: User,
): Promise<AuthTokenWithSecretDto> { ): Promise<AuthTokenWithSecretDto> {
// ToDo: Get real userName
return await this.authService.createTokenForUser( return await this.authService.createTokenForUser(
'hardcoded', user.userName,
label, label,
validUntil, validUntil,
); );
@ -53,7 +60,24 @@ export class TokensController {
@Delete('/:keyId') @Delete('/:keyId')
@HttpCode(204) @HttpCode(204)
async deleteToken(@Param('keyId') keyId: string): Promise<void> { async deleteToken(
return await this.authService.removeToken(keyId); @RequestUser() user: User,
@Param('keyId') keyId: string,
): Promise<void> {
const tokens = await this.authService.getTokensByUsername(user.userName);
try {
for (const token of tokens) {
if (token.keyId == keyId) {
return await this.authService.removeToken(keyId);
}
}
} catch (e) {
if (e instanceof NotInDBError) {
throw new NotFoundException(e.message);
}
}
throw new UnauthorizedException(
'User is not authorized to delete this token',
);
} }
} }