mirror of https://github.com/nocodb/nocodb
Pranav C
2 years ago
1 changed files with 20 additions and 22 deletions
@ -1,47 +1,45 @@ |
|||||||
import { Injectable } from '@nestjs/common' |
import { Injectable } from '@nestjs/common'; |
||||||
import { PassportStrategy } from '@nestjs/passport' |
import { PassportStrategy } from '@nestjs/passport'; |
||||||
import { Strategy } from 'passport-custom' |
import { Strategy } from 'passport-custom'; |
||||||
import { ApiToken, ProjectUser, User } from '../../models' |
import { ApiToken, ProjectUser, User } from '../../models'; |
||||||
|
|
||||||
@Injectable() |
@Injectable() |
||||||
export class AuthTokenStrategy extends PassportStrategy(Strategy, 'authtoken') { |
export class AuthTokenStrategy extends PassportStrategy(Strategy, 'authtoken') { |
||||||
|
// eslint-disable-next-line @typescript-eslint/ban-types
|
||||||
async validate(req: any, callback: Function) { |
async validate(req: any, callback: Function) { |
||||||
try { |
try { |
||||||
let user |
let user; |
||||||
if (req.headers['xc-token']) { |
if (req.headers['xc-token']) { |
||||||
|
const apiToken = await ApiToken.getByToken(req.headers['xc-token']); |
||||||
const apiToken = await ApiToken.getByToken( |
|
||||||
req.headers['xc-token'], |
|
||||||
) |
|
||||||
if (!apiToken) { |
if (!apiToken) { |
||||||
return callback({ msg: 'Invalid token' }) |
return callback({ msg: 'Invalid token' }); |
||||||
} |
} |
||||||
|
|
||||||
user = {} |
user = {}; |
||||||
if (!apiToken.fk_user_id) { |
if (!apiToken.fk_user_id) { |
||||||
user.roles = 'editor' |
user.roles = 'editor'; |
||||||
return callback(null, user) |
return callback(null, user); |
||||||
} |
} |
||||||
|
|
||||||
const dbUser: Record<string, any> = await User.get(apiToken.fk_user_id) |
const dbUser: Record<string, any> = await User.get(apiToken.fk_user_id); |
||||||
if (!dbUser) { |
if (!dbUser) { |
||||||
return callback({ msg: 'User not found' }) |
return callback({ msg: 'User not found' }); |
||||||
} |
} |
||||||
|
|
||||||
dbUser.is_api_token = true |
dbUser.is_api_token = true; |
||||||
if (req['ncProjectId']) { |
if (req['ncProjectId']) { |
||||||
const projectUser = await ProjectUser.get( |
const projectUser = await ProjectUser.get( |
||||||
req['ncProjectId'], |
req['ncProjectId'], |
||||||
dbUser.id, |
dbUser.id, |
||||||
) |
); |
||||||
user.roles = projectUser?.roles || dbUser.roles |
user.roles = projectUser?.roles || dbUser.roles; |
||||||
user.roles = user.roles === 'owner' ? 'owner,creator' : user.roles |
user.roles = user.roles === 'owner' ? 'owner,creator' : user.roles; |
||||||
return callback(null, user) |
return callback(null, user); |
||||||
} |
} |
||||||
} |
} |
||||||
return callback(null, user) |
return callback(null, user); |
||||||
} catch (error) { |
} catch (error) { |
||||||
callback(error) |
callback(error); |
||||||
} |
} |
||||||
} |
} |
||||||
} |
} |
||||||
|
|||||||
Loading…
Reference in new issue