github
/
nocodb
mirror of https://github.com/nocodb/nocodb
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

fix: attachment middleware 

Signed-off-by: Pranav C <pranavxc@gmail.com>
pull/5444/head
Pranav C 2 years ago
parent
fa6f20957d
commit
aa84df43cc
3 changed files with 63 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 7
      packages/nocodb-nest/src/interceptors/is-upload-allowed/is-upload-allowed.interceptor.spec.ts
  2. 49
      packages/nocodb-nest/src/interceptors/is-upload-allowed/is-upload-allowed.interceptor.ts
  3. 10
      packages/nocodb-nest/src/modules/attachments/attachments.controller.ts

7
packages/nocodb-nest/src/interceptors/is-upload-allowed/is-upload-allowed.interceptor.spec.ts
Unescape View File

@ -0,0 +1,7 @@
import { IsUploadAllowedInterceptor } from './is-upload-allowed.interceptor';
describe('IsUploadAllowedInterceptor', () => {
it('should be defined', () => {
expect(new IsUploadAllowedInterceptor()).toBeDefined();
});
});

49
packages/nocodb-nest/src/interceptors/is-upload-allowed/is-upload-allowed.interceptor.ts
Unescape View File

@ -0,0 +1,49 @@
import {
Injectable,
NestInterceptor,
ExecutionContext,
CallHandler,
} from '@nestjs/common';
import { OrgUserRoles, ProjectRoles } from 'nocodb-sdk';
import { Observable, throwError } from 'rxjs';
import { NcError } from '../../helpers/catchError';
import Noco from '../../Noco';
import extractRolesObj from '../../utils/extractRolesObj';
import { MetaTable } from '../../utils/globals';
@Injectable()
export class UploadAllowedInterceptor implements NestInterceptor {
async intercept(
context: ExecutionContext,
next: CallHandler,
): Promise<Observable<any>> {
const request = context.switchToHttp().getRequest();
if (!request['user']?.id) {
if (!request['user']?.isPublicBase) {
NcError.unauthorized('Unauthorized');
}
}
try {
if (
extractRolesObj(request['user'].roles)[OrgUserRoles.SUPER_ADMIN] ||
extractRolesObj(request['user'].roles)[OrgUserRoles.CREATOR] ||
extractRolesObj(request['user'].roles)[ProjectRoles.EDITOR] ||
!!(await Noco.ncMeta
.knex(MetaTable.PROJECT_USERS)
.where(function () {
this.where('roles', ProjectRoles.OWNER);
this.orWhere('roles', ProjectRoles.CREATOR);
this.orWhere('roles', ProjectRoles.EDITOR);
})
.andWhere('fk_user_id', request['user'].id)
.first())
) {
return next.handle();
}
} catch {}
NcError.badRequest('Upload not allowed');
}
}

10
packages/nocodb-nest/src/modules/attachments/attachments.controller.ts
Unescape View File

@ -11,11 +11,12 @@ import {
UseInterceptors, UseInterceptors,
} from '@nestjs/common'; } from '@nestjs/common';
import multer from 'multer'; import multer from 'multer';
import { FileInterceptor, FilesInterceptor } from '@nestjs/platform-express' import { FileInterceptor, FilesInterceptor } from '@nestjs/platform-express';
import { OrgUserRoles, ProjectRoles } from 'nocodb-sdk'; import { OrgUserRoles, ProjectRoles } from 'nocodb-sdk';
import path from 'path'; import path from 'path';
import { NC_ATTACHMENT_FIELD_SIZE } from '../../constants' import { NC_ATTACHMENT_FIELD_SIZE } from '../../constants';
import { NcError } from '../../helpers/catchError'; import { NcError } from '../../helpers/catchError';
import { UploadAllowedInterceptor } from '../../interceptors/is-upload-allowed/is-upload-allowed.interceptor';
import Noco from '../../Noco'; import Noco from '../../Noco';
import { MetaTable } from '../../utils/globals'; import { MetaTable } from '../../utils/globals';
import { AttachmentsService } from './attachments.service'; import { AttachmentsService } from './attachments.service';
@ -70,7 +71,8 @@ export class AttachmentsController {
// ); // );
) )
@UseInterceptors( @UseInterceptors(
FilesInterceptor('files[]', null,{ UploadAllowedInterceptor,
FilesInterceptor('files[]', null, {
storage: multer.diskStorage({}), storage: multer.diskStorage({}),
// limits: { // limits: {
// fieldSize: NC_ATTACHMENT_FIELD_SIZE, // fieldSize: NC_ATTACHMENT_FIELD_SIZE,
@ -95,7 +97,7 @@ export class AttachmentsController {
} }
@Post('/api/v1/db/storage/upload-by-url') @Post('/api/v1/db/storage/upload-by-url')
@UseInterceptors(UploadAllowedInterceptor)
// [ // [
// extractProjectIdAndAuthenticate, // extractProjectIdAndAuthenticate,
// catchError(isUploadAllowedMw), // catchError(isUploadAllowedMw),

Write Preview
Loading…
Cancel
Save