github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-26 03:33:58 -05:00
Code Issues Projects Releases Packages Wiki Activity

MeController: Double-check that req.user is defined

Browse source 
TokenAuthGuard ensures that req.user is always
defined, but thanks to strict mode we have to check again.

In the future, we may add a custom Request type and
a custom param decorator to centralize the check.

Signed-off-by: David Mehren <git@herrmehren.de>
This commit is contained in:
David Mehren 2021-04-29 16:43:16 +02:00
parent 87eb099d34
commit 90038cf116
No known key found for this signature in database
GPG key ID: 185982BA4C42B7C3
1 changed files with 29 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
src/api/public/me/me.controller.ts
View file

@ -15,6 +15,7 @@ import {
Put,
UseGuards,
Req,
InternalServerErrorException,
} from '@nestjs/common';
import { HistoryEntryUpdateDto } from '../../../history/history-entry-update.dto';
import { HistoryService } from '../../../history/history.service';
@ -65,6 +66,10 @@ export class MeController {
})
@ApiUnauthorizedResponse({ description: unauthorizedDescription })
async getMe(@Req() req: Request): Promise<UserInfoDto> {
if (!req.user) {
// We should never reach this, as the TokenAuthGuard handles missing user info
throw new InternalServerErrorException('Request did not specify user');
}
return this.usersService.toUserDto(
await this.usersService.getUserByUsername(req.user.userName),
);
@ -79,6 +84,10 @@ export class MeController {
})
@ApiUnauthorizedResponse({ description: unauthorizedDescription })
async getUserHistory(@Req() req: Request): Promise<HistoryEntryDto[]> {
if (!req.user) {
// We should never reach this, as the TokenAuthGuard handles missing user info
throw new InternalServerErrorException('Request did not specify user');
}
const foundEntries = await this.historyService.getEntriesByUser(req.user);
return await Promise.all(
foundEntries.map((entry) => this.historyService.toHistoryEntryDto(entry)),
@ -97,6 +106,10 @@ export class MeController {
@Req() req: Request,
@Param('note') note: string,
): Promise<HistoryEntryDto> {
if (!req.user) {
// We should never reach this, as the TokenAuthGuard handles missing user info
throw new InternalServerErrorException('Request did not specify user');
}
try {
const foundEntry = await this.historyService.getEntryByNoteIdOrAlias(
note,
@ -124,6 +137,10 @@ export class MeController {
@Param('note') note: string,
@Body() entryUpdateDto: HistoryEntryUpdateDto,
): Promise<HistoryEntryDto> {
if (!req.user) {
// We should never reach this, as the TokenAuthGuard handles missing user info
throw new InternalServerErrorException('Request did not specify user');
}
// ToDo: Check if user is allowed to pin this history entry
try {
return this.historyService.toHistoryEntryDto(
@ -151,6 +168,10 @@ export class MeController {
@Req() req: Request,
@Param('note') note: string,
): Promise<void> {
if (!req.user) {
// We should never reach this, as the TokenAuthGuard handles missing user info
throw new InternalServerErrorException('Request did not specify user');
}
// ToDo: Check if user is allowed to delete note
try {
await this.historyService.deleteHistoryEntry(note, req.user);
@ -171,6 +192,10 @@ export class MeController {
})
@ApiUnauthorizedResponse({ description: unauthorizedDescription })
async getMyNotes(@Req() req: Request): Promise<NoteMetadataDto[]> {
if (!req.user) {
// We should never reach this, as the TokenAuthGuard handles missing user info
throw new InternalServerErrorException('Request did not specify user');
}
const notes = this.notesService.getUserNotes(req.user);
return await Promise.all(
(await notes).map((note) => this.notesService.toNoteMetadataDto(note)),
@ -186,6 +211,10 @@ export class MeController {
})
@ApiUnauthorizedResponse({ description: unauthorizedDescription })
async getMyMedia(@Req() req: Request): Promise<MediaUploadDto[]> {
if (!req.user) {
// We should never reach this, as the TokenAuthGuard handles missing user info
throw new InternalServerErrorException('Request did not specify user');
}
const media = await this.mediaService.listUploadsByUser(req.user);
return media.map((media) => this.mediaService.toMediaUploadDto(media));
}