From 6c36aeb7748cdb61c623ba4fa4e750a2d039a905 Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Mon, 10 Apr 2023 22:02:53 +0530
Subject: [PATCH] fix: audit api corrections

Signed-off-by: Pranav C <pranavxc@gmail.com>
---
 .../extract-project-id/extract-project-id.middleware.ts   | 2 +-
 .../nocodb-nest/src/modules/audits/audits.controller.ts   | 8 +++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/packages/nocodb-nest/src/middlewares/extract-project-id/extract-project-id.middleware.ts b/packages/nocodb-nest/src/middlewares/extract-project-id/extract-project-id.middleware.ts
index e6da15ac3d..2ff4a32de6 100644
--- a/packages/nocodb-nest/src/middlewares/extract-project-id/extract-project-id.middleware.ts
+++ b/packages/nocodb-nest/src/middlewares/extract-project-id/extract-project-id.middleware.ts
@@ -221,7 +221,7 @@ export class AclMiddleware implements NestInterceptor {
     const res = context.switchToHttp().getResponse();
     req.customProperty = 'This is a custom property';
 
-    const roles: Record<string, boolean> = extractRolesObj(req.user.roles);
+    const roles: Record<string, boolean> = extractRolesObj(req.user?.roles);
 
     if (req?.user?.is_api_token && blockApiTokenAccess) {
       NcError.forbidden('Not allowed with API token');
diff --git a/packages/nocodb-nest/src/modules/audits/audits.controller.ts b/packages/nocodb-nest/src/modules/audits/audits.controller.ts
index 6252c5fe41..e6deb38aaa 100644
--- a/packages/nocodb-nest/src/modules/audits/audits.controller.ts
+++ b/packages/nocodb-nest/src/modules/audits/audits.controller.ts
@@ -7,13 +7,19 @@ import {
   Post,
   Query,
   Request,
+  UseGuards,
 } from '@nestjs/common';
 import { PagedResponseImpl } from '../../helpers/PagedResponse';
-import { Acl } from '../../middlewares/extract-project-id/extract-project-id.middleware';
+import {
+  Acl,
+  ExtractProjectIdMiddleware,
+} from '../../middlewares/extract-project-id/extract-project-id.middleware';
 import { Audit } from '../../models';
 import { AuditsService } from './audits.service';
+import { AuthGuard } from '@nestjs/passport';
 
 @Controller()
+@UseGuards(ExtractProjectIdMiddleware, AuthGuard('jwt'))
 export class AuditsController {
   constructor(private readonly auditsService: AuditsService) {}