From f7327a74fad3211de8996e86276ac982ff153174 Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Fri, 21 Oct 2022 17:10:54 +0530
Subject: [PATCH] feat: update token based strategy

Signed-off-by: Pranav C <pranavxc@gmail.com>
---
 .../lib/meta/api/userApi/initStrategies.ts    | 64 +++++++++++++------
 1 file changed, 45 insertions(+), 19 deletions(-)

diff --git a/packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts b/packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts
index 03ca839f69..10e0fdc2de 100644
--- a/packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts
+++ b/packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts
@@ -1,3 +1,4 @@
+import { OrgUserRoles } from '../../../../enums/OrgUserRoles';
 import User from '../../../models/User';
 import ProjectUser from '../../../models/ProjectUser';
 import { promisify } from 'util';
@@ -27,20 +28,45 @@ import Plugin from '../../../models/Plugin';
 export function initStrategies(router): void {
   passport.use(
     'authtoken',
-    new AuthTokenStrategy({ headerFields: ['xc-token'] }, (token, done) => {
-      ApiToken.getByToken(token)
-        .then((apiToken) => {
-          if (apiToken) {
-            done(null, { roles: 'editor' });
-          } else {
-            return done({ msg: 'Invalid tok' });
-          }
-        })
-        .catch((e) => {
-          console.log(e);
-          done({ msg: 'Invalid tok' });
-        });
-    })
+    new AuthTokenStrategy(
+      { headerFields: ['xc-token'], passReqToCallback: true },
+      (req, token, done) => {
+        ApiToken.getByToken(token)
+          .then((apiToken) => {
+            if (!apiToken) {
+              return done({ msg: 'Invalid tok' });
+            }
+
+            if (!apiToken.fk_user_id) return done(null, { roles: 'editor' });
+            User.get(apiToken.fk_user_id)
+              .then((user) => {
+                if (req.ncProjectId) {
+                  ProjectUser.get(req.ncProjectId, user.id)
+                    .then(async (projectUser) => {
+                      user.roles = projectUser?.roles || 'user';
+                      user.roles =
+                        user.roles === 'owner' ? 'owner,creator' : user.roles;
+                      // + (user.roles ? `,${user.roles}` : '');
+                      // todo : cache
+                      // await NocoCache.set(`${CacheScope.USER}:${key}`, user);
+                      done(null, user);
+                    })
+                    .catch((e) => done(e));
+                } else {
+                  return done(null, user);
+                }
+              })
+              .catch((e) => {
+                console.log(e);
+                done({ msg: 'User not found' });
+              });
+          })
+          .catch((e) => {
+            console.log(e);
+            done({ msg: 'Invalid token' });
+          });
+      }
+    )
   );
 
   passport.serializeUser(function (
@@ -92,11 +118,11 @@ export function initStrategies(router): void {
       },
       async (req, jwtPayload, done) => {
         // todo: improve this
-        // if (req.roles.split(',').includes(OrgUserRoles.SUPER)) {
-        //   return User.getByEma,il(jwtPayload?.email).then(async (user) => {
-        //     return done(null, { ...user, roles: 'owner,creator' });
-        //   });
-        // }
+        if (jwtPayload.roles?.split(',').includes(OrgUserRoles.SUPER)) {
+          return User.getByEmail(jwtPayload?.email).then(async (user) => {
+            return done(null, { ...user, roles: 'owner,creator' });
+          });
+        }
 
         const keyVals = [jwtPayload?.email];
         if (req.ncProjectId) {