m/umami
1
0
Fork 0
mirror of https://github.com/kremalicious/umami.git synced 2025-02-01 20:39:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Cleaned up auth.

Browse Source
This commit is contained in:
Mike Cao 2023-07-29 22:54:46 -07:00
parent b8cb47a476
commit ad710cc86a
1 changed files with 22 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
lib/auth.ts
View File

@ -2,14 +2,8 @@ import { Report } from '@prisma/client';
import redis from '@umami/redis-client'; import redis from '@umami/redis-client';
import debug from 'debug'; import debug from 'debug';
import { PERMISSIONS, ROLE_PERMISSIONS, SHARE_TOKEN_HEADER } from 'lib/constants'; import { PERMISSIONS, ROLE_PERMISSIONS, SHARE_TOKEN_HEADER } from 'lib/constants';
import { secret, isUuid } from 'lib/crypto'; import { secret } from 'lib/crypto';
import { import { createSecureToken, ensureArray, getRandomChars, parseToken } from 'next-basics';
createSecureToken,
ensureArray,
getRandomChars,
parseSecureToken,
parseToken,
} from 'next-basics';
import { getTeamUser, getTeamWebsite, findTeamWebsiteByUserId } from 'queries'; import { getTeamUser, getTeamWebsite, findTeamWebsiteByUserId } from 'queries';
import { loadWebsite } from './load'; import { loadWebsite } from './load';
import { Auth } from './types'; import { Auth } from './types';
@ -36,15 +30,6 @@ export function getAuthToken(req) {
} }
} }
export function parseAuthToken(req) {
try {
return parseSecureToken(getAuthToken(req), secret());
} catch (e) {
log(e);
return null;
}
}
export function parseShareToken(req) { export function parseShareToken(req) {
try { try {
return parseToken(req.headers[SHARE_TOKEN_HEADER], secret()); return parseToken(req.headers[SHARE_TOKEN_HEADER], secret());
@ -54,21 +39,6 @@ export function parseShareToken(req) {
} }
} }
export function isValidToken(token, validation) {
try {
if (typeof validation === 'object') {
return !Object.keys(validation).find(key => token[key] !== validation[key]);
} else if (typeof validation === 'function') {
return validation(token);
}
} catch (e) {
log(e);
return false;
}
return false;
}
export async function canViewWebsite({ user, shareToken }: Auth, websiteId: string) { export async function canViewWebsite({ user, shareToken }: Auth, websiteId: string) {
if (user?.isAdmin) { if (user?.isAdmin) {
return true; return true;
@ -80,7 +50,7 @@ export async function canViewWebsite({ user, shareToken }: Auth, websiteId: stri
const website = await loadWebsite(websiteId); const website = await loadWebsite(websiteId);
if (user.id === website.userId) { if (user.id === website?.userId) {
return true; return true;
} }
@ -100,17 +70,9 @@ export async function canUpdateWebsite({ user }: Auth, websiteId: string) {
return true; return true;
} }
if (!isUuid(websiteId)) {
return false;
}
const website = await loadWebsite(websiteId); const website = await loadWebsite(websiteId);
if (website.userId) { return user.id === website?.userId;
return user.id === website.userId;
}
return false;
} }
export async function canDeleteWebsite({ user }: Auth, websiteId: string) { export async function canDeleteWebsite({ user }: Auth, websiteId: string) {
@ -120,11 +82,7 @@ export async function canDeleteWebsite({ user }: Auth, websiteId: string) {
const website = await loadWebsite(websiteId); const website = await loadWebsite(websiteId);
if (website.userId) { return user.id === website?.userId;
return user.id === website.userId;
}
return false;
} }
export async function canViewReport(auth: Auth, report: Report) { export async function canViewReport(auth: Auth, report: Report) {
@ -139,12 +97,12 @@ export async function canViewReport(auth: Auth, report: Report) {
return !!(await canViewWebsite(auth, report.websiteId)); return !!(await canViewWebsite(auth, report.websiteId));
} }
export async function canUpdateReport(auth: Auth, report: Report) { export async function canUpdateReport({ user }: Auth, report: Report) {
if (auth.user.isAdmin) { if (user.isAdmin) {
return true; return true;
} }
return auth.user.id == report.userId; return user.id == report.userId;
} }
export async function canCreateTeam({ user }: Auth) { export async function canCreateTeam({ user }: Auth) {
@ -168,13 +126,9 @@ export async function canUpdateTeam({ user }: Auth, teamId: string) {
return true; return true;
} }
if (isUuid(teamId)) { const teamUser = await getTeamUser(teamId, user.id);
const teamUser = await getTeamUser(teamId, user.id);
return hasPermission(teamUser.role, PERMISSIONS.teamUpdate); return teamUser && hasPermission(teamUser.role, PERMISSIONS.teamUpdate);
}
return false;
} }
export async function canDeleteTeam({ user }: Auth, teamId: string) { export async function canDeleteTeam({ user }: Auth, teamId: string) {
@ -182,13 +136,9 @@ export async function canDeleteTeam({ user }: Auth, teamId: string) {
return true; return true;
} }
if (isUuid(teamId)) { const teamUser = await getTeamUser(teamId, user.id);
const teamUser = await getTeamUser(teamId, user.id);
return hasPermission(teamUser.role, PERMISSIONS.teamDelete); return teamUser && hasPermission(teamUser.role, PERMISSIONS.teamDelete);
}
return false;
} }
export async function canDeleteTeamUser({ user }: Auth, teamId: string, removeUserId: string) { export async function canDeleteTeamUser({ user }: Auth, teamId: string, removeUserId: string) {
@ -196,17 +146,13 @@ export async function canDeleteTeamUser({ user }: Auth, teamId: string, removeUs
return true; return true;
} }
if (isUuid(teamId) && isUuid(removeUserId)) { if (removeUserId === user.id) {
if (removeUserId === user.id) { return true;
return true;
}
const teamUser = await getTeamUser(teamId, user.id);
return hasPermission(teamUser.role, PERMISSIONS.teamUpdate);
} }
return false; const teamUser = await getTeamUser(teamId, user.id);
return teamUser && hasPermission(teamUser.role, PERMISSIONS.teamUpdate);
} }
export async function canDeleteTeamWebsite({ user }: Auth, teamId: string, websiteId: string) { export async function canDeleteTeamWebsite({ user }: Auth, teamId: string, websiteId: string) {
@ -214,13 +160,13 @@ export async function canDeleteTeamWebsite({ user }: Auth, teamId: string, websi
return true; return true;
} }
if (isUuid(teamId) && isUuid(websiteId)) { const teamWebsite = await getTeamWebsite(teamId, websiteId);
const teamWebsite = await getTeamWebsite(teamId, websiteId);
if (teamWebsite.website.userId === user.id) { if (teamWebsite?.website?.userId === user.id) {
return true; return true;
} }
if (teamWebsite) {
const teamUser = await getTeamUser(teamWebsite.teamId, user.id); const teamUser = await getTeamUser(teamWebsite.teamId, user.id);
return hasPermission(teamUser.role, PERMISSIONS.teamUpdate); return hasPermission(teamUser.role, PERMISSIONS.teamUpdate);