fix: api-token strategy correction

Signed-off-by: Pranav C <pranavxc@gmail.com>
1 year ago · e9aabf8633
2 changed files with 37 additions and 44 deletions
--- a/packages/nocodb-nest/src/strategies/authtoken.strategy/authtoken.strategy.ts
+++ b/packages/nocodb-nest/src/strategies/authtoken.strategy/authtoken.strategy.ts
@ -1,54 +1,47 @@
-import { Injectable } from '@nestjs/common';
-import { PassportStrategy } from '@nestjs/passport';
-import { Strategy } from 'passport-custom';
-import { ApiToken, ProjectUser, User } from '../../models';
-import type { Request } from 'express';
+import { Injectable } from '@nestjs/common'
+import { PassportStrategy } from '@nestjs/passport'
+import { Strategy } from 'passport-custom'
+import { ApiToken, ProjectUser, User } from '../../models'

@Injectable()
 export class AuthTokenStrategy extends PassportStrategy(Strategy, 'authtoken') {
-  constructor() {
-    super({
-      headerFields: ['xc-token'],
-      passReqToCallback: true,
-    });
-  }
-
-  // eslint-disable-next-line @typescript-eslint/ban-types
-  async validate(req: Request, token: string, done: Function) {
+  async validate(req: any, callback: Function) {
    try {
-      const apiToken = await ApiToken.getByToken(token);
-      if (!apiToken) {
-        return done({ msg: 'Invalid token' });
-      }
+      let user
+      if (req.headers['xc-token']) {

-      const user: any = {};
-      if (!apiToken.fk_user_id) {
-        user.roles = 'editor';
-        return done(null, user);
-      }
+        const apiToken = await ApiToken.getByToken(
+          req.headers['xc-token'],
+        )
+        if (!apiToken) {
+          return callback({ msg: 'Invalid token' })
+        }

-      const dbUser: Record<string, any> = await User.get(apiToken.fk_user_id);
-      if (!dbUser) {
-        return done({ msg: 'User not found' });
-      }
+        user = {}
+        if (!apiToken.fk_user_id) {
+          user.roles = 'editor'
+          return callback(null, user)
+        }

-      dbUser.is_api_token = true;
-      if (req['ncProjectId']) {
-        const projectUser = await ProjectUser.get(
-          req['ncProjectId'],
-          dbUser.id,
-        );
-        user.roles = projectUser?.roles || dbUser.roles;
-        user.roles = user.roles === 'owner' ? 'owner,creator' : user.roles;
-        // + (user.roles ? `,${user.roles}` : '');
-        // todo : cache
-        // await NocoCache.set(`${CacheScope.USER}:${key}`, user);
-        return done(null, user);
-      }
+        const dbUser: Record<string, any> = await User.get(apiToken.fk_user_id)
+        if (!dbUser) {
+          return callback({ msg: 'User not found' })
+        }

-      return done(null, dbUser);
+        dbUser.is_api_token = true
+        if (req['ncProjectId']) {
+          const projectUser = await ProjectUser.get(
+            req['ncProjectId'],
+            dbUser.id,
+          )
+          user.roles = projectUser?.roles || dbUser.roles
+          user.roles = user.roles === 'owner' ? 'owner,creator' : user.roles
+          return callback(null, user)
+        }
+      }
+      return callback(null, user)
    } catch (error) {
-      return done(error);
+      callback(error)
    }
  }
 }
--- a/packages/nocodb-nest/src/strategies/jwt.strategy.ts
+++ b/packages/nocodb-nest/src/strategies/jwt.strategy.ts
@ -1,6 +1,6 @@
-import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { Injectable } from '@nestjs/common';
 import { PassportStrategy } from '@nestjs/passport';
-import { ExtractJwt, Strategy } from 'passport-jwt';
+import { Strategy } from 'passport-jwt';
 import { OrgUserRoles } from 'nocodb-sdk';
 import NocoCache from '../cache/NocoCache';
 import { ProjectUser, User } from '../models';