yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Check commenting feature is enabled on all comments endpoints

Browse Source
This commit is contained in:
Tom Moor
2023-09-16 17:46:02 -04:00
parent 4fa3270f4e
commit 59734f2bf7
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
server/routes/api/comments/comments.ts
View File

@@ -1,7 +1,10 @@
import { Next } from "koa";
import Router from "koa-router"; import Router from "koa-router";
import { TeamPreference } from "@shared/types";
import commentCreator from "@server/commands/commentCreator"; import commentCreator from "@server/commands/commentCreator";
import commentDestroyer from "@server/commands/commentDestroyer"; import commentDestroyer from "@server/commands/commentDestroyer";
import commentUpdater from "@server/commands/commentUpdater"; import commentUpdater from "@server/commands/commentUpdater";
import { ValidationError } from "@server/errors";
import auth from "@server/middlewares/authentication"; import auth from "@server/middlewares/authentication";
import { rateLimiter } from "@server/middlewares/rateLimiter"; import { rateLimiter } from "@server/middlewares/rateLimiter";
import { transaction } from "@server/middlewares/transaction"; import { transaction } from "@server/middlewares/transaction";
@@ -20,6 +23,7 @@ router.post(
"comments.create", "comments.create",
rateLimiter(RateLimiterStrategy.TenPerMinute), rateLimiter(RateLimiterStrategy.TenPerMinute),
auth(), auth(),
checkCommentingEnabled(),
validate(T.CommentsCreateSchema), validate(T.CommentsCreateSchema),
transaction(), transaction(),
async (ctx: APIContext<T.CommentsCreateReq>) => { async (ctx: APIContext<T.CommentsCreateReq>) => {
@@ -54,6 +58,7 @@ router.post(
"comments.list", "comments.list",
auth(), auth(),
pagination(), pagination(),
checkCommentingEnabled(),
validate(T.CollectionsListSchema), validate(T.CollectionsListSchema),
async (ctx: APIContext<T.CollectionsListReq>) => { async (ctx: APIContext<T.CollectionsListReq>) => {
const { sort, direction, documentId } = ctx.input.body; const { sort, direction, documentId } = ctx.input.body;
@@ -80,6 +85,7 @@ router.post(
router.post( router.post(
"comments.update", "comments.update",
auth(), auth(),
checkCommentingEnabled(),
validate(T.CommentsUpdateSchema), validate(T.CommentsUpdateSchema),
transaction(), transaction(),
async (ctx: APIContext<T.CommentsUpdateReq>) => { async (ctx: APIContext<T.CommentsUpdateReq>) => {
@@ -119,6 +125,7 @@ router.post(
router.post( router.post(
"comments.delete", "comments.delete",
auth(), auth(),
checkCommentingEnabled(),
validate(T.CommentsDeleteSchema), validate(T.CommentsDeleteSchema),
transaction(), transaction(),
async (ctx: APIContext<T.CommentsDeleteReq>) => { async (ctx: APIContext<T.CommentsDeleteReq>) => {
@@ -149,6 +156,18 @@ router.post(
} }
); );
function checkCommentingEnabled() {
return async function checkCommentingEnabledMiddleware(
ctx: APIContext,
next: Next
) {
if (!ctx.state.auth.user.team.getPreference(TeamPreference.Commenting)) {
throw ValidationError("Commenting is currently disabled");
}
return next();
};
}
// router.post("comments.resolve", auth(), async (ctx) => { // router.post("comments.resolve", auth(), async (ctx) => {
// router.post("comments.unresolve", auth(), async (ctx) => { // router.post("comments.unresolve", auth(), async (ctx) => {