mirror of
https://github.com/mollersuite/monofile.git
synced 2024-11-25 07:06:25 -08:00
Kms
This commit is contained in:
parent
9b68d7a705
commit
da4c4d202f
|
@ -148,13 +148,13 @@ export const noAPIAccess: RequestHandler = function (ctx, next) {
|
|||
*/
|
||||
|
||||
export const assertAPI = function (
|
||||
condition: (acc: Accounts.Account, token: string) => boolean
|
||||
condition: (ctx: Context) => boolean
|
||||
): RequestHandler {
|
||||
return function (ctx, next) {
|
||||
let reqToken = auth.tokenFor(ctx)!
|
||||
if (
|
||||
auth.getType(reqToken) == "App" &&
|
||||
condition(ctx.get("account"), reqToken)
|
||||
auth.getType(reqToken) != "User" &&
|
||||
condition(ctx)
|
||||
)
|
||||
return ServeError(
|
||||
ctx,
|
||||
|
|
|
@ -32,6 +32,7 @@ const router = new Hono<{
|
|||
Variables: {
|
||||
account: Accounts.Account
|
||||
target: Accounts.Account
|
||||
parsedScheme: any
|
||||
}
|
||||
}>()
|
||||
|
||||
|
@ -281,37 +282,32 @@ export default function (files: Files) {
|
|||
router.patch(
|
||||
"/:user",
|
||||
scheme(UserUpdateScheme),
|
||||
assertAPI(
|
||||
ctx =>
|
||||
Object.keys(ctx.get("parsedScheme"))
|
||||
.some(e => validators[e as keyof typeof validators]?.noAPIAccess)
|
||||
&& ctx.get("account") == ctx.get("target")
|
||||
),
|
||||
async (ctx) => {
|
||||
const body = (await ctx.req.json()) as z.infer<typeof UserUpdateScheme>
|
||||
const actor = ctx.get("account")!
|
||||
const target = ctx.get("target")!
|
||||
const tokenType = auth.getType(auth.tokenFor(ctx)!)
|
||||
const body = ctx.get("parsedScheme") as z.infer<typeof UserUpdateScheme>
|
||||
const actor = ctx.get("account")
|
||||
const target = ctx.get("target")
|
||||
|
||||
if (body.poi && !verifyPoi(target.id, body.poi))
|
||||
return ServeError(ctx, 403, "invalid proof of identity provided")
|
||||
|
||||
let results: Result[] = (
|
||||
let messages = (
|
||||
Object.entries(body).filter(
|
||||
(e) => e[0] !== "poi"
|
||||
)
|
||||
).map(([x, v]) => {
|
||||
let validator = validators[x as keyof typeof validators]!
|
||||
|
||||
if (target == actor && tokenType !== "User") {
|
||||
if (validator.noAPIAccess)
|
||||
return [400, "no API access to this route"]
|
||||
}
|
||||
|
||||
return [
|
||||
x,
|
||||
validator.validator(actor, target, body as any, ctx),
|
||||
] as [
|
||||
keyof Accounts.Account,
|
||||
Accounts.Account[keyof Accounts.Account],
|
||||
]
|
||||
})
|
||||
|
||||
let allMsgs = results.map((v) => {
|
||||
] as Result
|
||||
}).map((v) => {
|
||||
if (isMessage(v)) return v
|
||||
target[v[0]] = v[1] as never // lol
|
||||
return [200, "OK"] as Message
|
||||
|
@ -319,20 +315,20 @@ export default function (files: Files) {
|
|||
|
||||
await Accounts.save()
|
||||
|
||||
if (allMsgs.length == 1)
|
||||
if (messages.length == 1)
|
||||
return ctx.text(
|
||||
...(allMsgs[0]!.reverse() as [Message[1], Message[0]])
|
||||
...(messages[0]!.reverse() as [Message[1], Message[0]])
|
||||
) // im sorry
|
||||
else return ctx.json(allMsgs)
|
||||
else return ctx.json(messages)
|
||||
}
|
||||
)
|
||||
|
||||
router.delete("/:user", noAPIAccess, async (ctx) => {
|
||||
router.delete("/:user", async (ctx) => {
|
||||
let actor = ctx.get("account")
|
||||
let target = ctx.get("target")
|
||||
|
||||
if (actor == target && !verifyPoi(actor.id, ctx.req.query("poi")))
|
||||
return ServeError(ctx, 403, "no proof of identity provided")
|
||||
return ServeError(ctx, 403, "invalid proof of identity provided")
|
||||
|
||||
auth.AuthTokens.filter((e) => e.account == target?.id).forEach((token) => {
|
||||
auth.invalidate(token.token)
|
||||
|
|
Loading…
Reference in a new issue