Prepping /document.info for public docs
This commit is contained in:
Jori Lallo
@@ -30,26 +30,27 @@ export default function auth({ require = true } = {}) {
|
||||
throw httpErrors.Unauthorized('Authentication required');
|
||||
}
|
||||
|
||||
// Get user without verifying payload signature
|
||||
let payload;
|
||||
try {
|
||||
payload = JWT.decode(token);
|
||||
} catch(_e) {
|
||||
throw httpErrors.Unauthorized('Unable to decode JWT token');
|
||||
}
|
||||
console.log(payload)
|
||||
const user = await User.findOne({
|
||||
where: { id: payload.id },
|
||||
});
|
||||
if (token && require) {
|
||||
// Get user without verifying payload signature
|
||||
let payload;
|
||||
try {
|
||||
payload = JWT.decode(token);
|
||||
} catch(_e) {
|
||||
throw httpErrors.Unauthorized('Unable to decode JWT token');
|
||||
}
|
||||
const user = await User.findOne({
|
||||
where: { id: payload.id },
|
||||
});
|
||||
|
||||
try {
|
||||
JWT.verify(token, user.jwtSecret);
|
||||
} catch(e) {
|
||||
throw httpErrors.Unauthorized('Invalid token');
|
||||
}
|
||||
try {
|
||||
JWT.verify(token, user.jwtSecret);
|
||||
} catch(e) {
|
||||
throw httpErrors.Unauthorized('Invalid token');
|
||||
}
|
||||
|
||||
ctx.state.token = token;
|
||||
ctx.state.user = user;
|
||||
ctx.state.token = token;
|
||||
ctx.state.user = user;
|
||||
}
|
||||
|
||||
return next();
|
||||
};
|
||||
|
||||
@@ -8,23 +8,35 @@ import { Document, Atlas } from '../models';
|
||||
|
||||
const router = new Router();
|
||||
|
||||
router.post('documents.info', auth(), async (ctx) => {
|
||||
router.post('documents.info', auth({ require: false }), async (ctx) => {
|
||||
let { id } = ctx.request.body;
|
||||
ctx.assertPresent(id, 'id is required');
|
||||
|
||||
const team = await ctx.state.user.getTeam();
|
||||
const document = await Document.findOne({
|
||||
where: {
|
||||
id: id,
|
||||
teamId: team.id,
|
||||
},
|
||||
});
|
||||
|
||||
if (!document) throw httpErrors.NotFound();
|
||||
// Don't expose private documents outside the team
|
||||
if (document.private) {
|
||||
if (!ctx.state.user) throw httpErrors.NotFound();
|
||||
|
||||
ctx.body = {
|
||||
data: await presentDocument(document, true),
|
||||
};
|
||||
const team = await ctx.state.user.getTeam();
|
||||
if (document.teamId !== team.id) {
|
||||
if (!document) throw httpErrors.NotFound();
|
||||
}
|
||||
|
||||
ctx.body = {
|
||||
data: await presentDocument(document, true),
|
||||
};
|
||||
} else {
|
||||
ctx.body = {
|
||||
data: await presentDocument(document),
|
||||
};
|
||||
}
|
||||
|
||||
if (!document) throw httpErrors.NotFound();
|
||||
});
|
||||
|
||||
|
||||
|
||||
@@ -3,13 +3,13 @@ import Document from './models/Document';
|
||||
|
||||
export function presentUser(user) {
|
||||
return new Promise(async (resolve, reject) => {
|
||||
resolve({
|
||||
const data = {
|
||||
id: user.id,
|
||||
name: user.name,
|
||||
username: user.username,
|
||||
email: user.email,
|
||||
avatarUrl: user.slackData.image_192,
|
||||
});
|
||||
};
|
||||
resolve(data);
|
||||
});
|
||||
}
|
||||
|
||||
@@ -62,6 +62,7 @@ export async function presentDocument(document, includeAtlas=false) {
|
||||
text: document.text,
|
||||
html: document.html,
|
||||
preview: document.preview,
|
||||
private: document.private,
|
||||
createdAt: document.createdAt,
|
||||
updatedAt: document.updatedAt,
|
||||
atlas: document.atlaId,
|
||||
@@ -71,10 +72,10 @@ export async function presentDocument(document, includeAtlas=false) {
|
||||
if (includeAtlas) {
|
||||
const atlas = await document.getAtlas();
|
||||
data.atlas = await presentAtlas(atlas, false);
|
||||
|
||||
const user = await document.getUser();
|
||||
data.user = await presentUser(user, false);
|
||||
}
|
||||
|
||||
const user = await document.getUser();
|
||||
data.user = await presentUser(user);
|
||||
|
||||
return data;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user