15b1069bcc
This PR moves the entire project to Typescript. Due to the ~1000 ignores this will lead to a messy codebase for a while, but the churn is worth it – all of those ignore comments are places that were never type-safe previously. closes #1282
47 lines
1.2 KiB
TypeScript
47 lines
1.2 KiB
TypeScript
import { onAuthenticatePayload } from "@hocuspocus/server";
|
|
import { Document } from "@server/models";
|
|
import { getUserForJWT } from "@server/utils/jwt";
|
|
import { AuthenticationError } from "../errors";
|
|
import policy from "../policies";
|
|
|
|
const { can } = policy;
|
|
|
|
export default class Authentication {
|
|
async onAuthenticate({
|
|
connection,
|
|
token,
|
|
documentName,
|
|
}: onAuthenticatePayload) {
|
|
// allows for different entity types to use this multiplayer provider later
|
|
const [, documentId] = documentName.split(".");
|
|
|
|
if (!token) {
|
|
throw AuthenticationError("Authentication required");
|
|
}
|
|
|
|
const user = await getUserForJWT(token);
|
|
|
|
if (user.isSuspended) {
|
|
throw AuthenticationError("Account suspended");
|
|
}
|
|
|
|
const document = await Document.findByPk(documentId, {
|
|
userId: user.id,
|
|
});
|
|
|
|
if (!can(user, "read", document)) {
|
|
throw AuthenticationError("Authorization required");
|
|
}
|
|
|
|
// set document to read only for the current user, thus changes will not be
|
|
// accepted and synced to other clients
|
|
if (!can(user, "update", document)) {
|
|
connection.readOnly = true;
|
|
}
|
|
|
|
return {
|
|
user,
|
|
};
|
|
}
|
|
}
|