fix api permission error
This commit is contained in:
parent
ba3d11d11a
commit
e99f9dc8af
|
@ -4,7 +4,7 @@ import crypto from "crypto";
|
||||||
import fs from "fs/promises";
|
import fs from "fs/promises";
|
||||||
import { getServerSession } from "next-auth";
|
import { getServerSession } from "next-auth";
|
||||||
import { AuditLog, auditLog } from "./audit";
|
import { AuditLog, auditLog } from "./audit";
|
||||||
import { AliasEntry, AliasRequestEntry, ApiKeyEntry, approveAliasEntry, createAliasEntry, createApiKeyEntry, createTempAliasRequestEntry, createUserEntry, database, deleteAliasEntry, deleteApiKey, deleteTempAliasRequestEntry, getAlias, getAllAliases, getApiKeyById, getTempAliasRequestEntry, getUserAliases, getUserApiKeys, setUserPassword } from "./db";
|
import { AliasEntry, AliasRequestEntry, ApiKeyEntry, approveAliasEntry, createAliasEntry, createApiKeyEntry, createTempAliasRequestEntry, createUserEntry, database, deleteAliasEntry, deleteApiKey, deleteTempAliasRequestEntry, getAlias, getAllAliases, getApiKeyById, getTempAliasRequestEntry, getUserAliases, getUserApiKeys, isAliasAvailable, setUserPassword } from "./db";
|
||||||
import { aliasesNeedApproval, anonymizeApiKey, generateAliasEmail, isAdmin } from "./util";
|
import { aliasesNeedApproval, anonymizeApiKey, generateAliasEmail, isAdmin } from "./util";
|
||||||
|
|
||||||
export async function fetchAllUsers(): Promise<string[]> {
|
export async function fetchAllUsers(): Promise<string[]> {
|
||||||
|
@ -55,38 +55,14 @@ export async function aliasAvailable(email: string, searchTempRequests: boolean
|
||||||
const session = await getServerSession();
|
const session = await getServerSession();
|
||||||
if (!session?.user) throw new Error("Unauthenticated");
|
if (!session?.user) throw new Error("Unauthenticated");
|
||||||
|
|
||||||
return new Promise<boolean>((resolve, reject) => {
|
return await isAliasAvailable(email, searchTempRequests);
|
||||||
const db = database('aliases');
|
|
||||||
db.get('SELECT id FROM aliases WHERE alias = ?', email.toLowerCase(), (err, res) => {
|
|
||||||
if (!searchTempRequests || err) db.close();
|
|
||||||
if (err) return reject(err);
|
|
||||||
if (res != undefined) return resolve(false);
|
|
||||||
|
|
||||||
const authDb = database('credentials');
|
|
||||||
authDb.get('SELECT key FROM passwords WHERE key = ?', email.toLowerCase(), (err, res) => {
|
|
||||||
authDb.close();
|
|
||||||
if (err) return reject(err);
|
|
||||||
|
|
||||||
if (!searchTempRequests) {
|
|
||||||
return resolve(res == undefined);
|
|
||||||
} else {
|
|
||||||
db.get('SELECT key FROM temp_alias_requests WHERE alias = ?', email.toLowerCase(), (err, res) => {
|
|
||||||
db.close();
|
|
||||||
if (err) return reject(err);
|
|
||||||
|
|
||||||
return resolve(res == undefined);
|
|
||||||
});
|
|
||||||
}
|
|
||||||
});
|
|
||||||
});
|
|
||||||
});
|
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function createAlias(user: string, alias: string): Promise<AliasEntry> {
|
export async function createAlias(user: string, alias: string): Promise<AliasEntry> {
|
||||||
const session = await getServerSession();
|
const session = await getServerSession();
|
||||||
if (!session?.user?.email) throw new Error("Unauthenticated");
|
if (!session?.user?.email) throw new Error("Unauthenticated");
|
||||||
if (!isAdmin(session)) throw new Error("Unauthenticated");
|
if (!isAdmin(session)) throw new Error("Unauthenticated");
|
||||||
if (!await aliasAvailable(alias)) throw new Error("Alias unavailable");
|
if (!await isAliasAvailable(alias)) throw new Error("Alias unavailable");
|
||||||
|
|
||||||
const id = await createAliasEntry(user, alias.toLowerCase(), false);
|
const id = await createAliasEntry(user, alias.toLowerCase(), false);
|
||||||
|
|
||||||
|
@ -107,7 +83,7 @@ export async function createAliasSelf(alias: string): Promise<AliasEntry> {
|
||||||
if (!session?.user?.email) throw new Error("Unauthenticated");
|
if (!session?.user?.email) throw new Error("Unauthenticated");
|
||||||
|
|
||||||
const pending = aliasesNeedApproval(session);
|
const pending = aliasesNeedApproval(session);
|
||||||
if (!await aliasAvailable(alias)) throw new Error("Alias unavailable");
|
if (!await isAliasAvailable(alias)) throw new Error("Alias unavailable");
|
||||||
|
|
||||||
const id = await createAliasEntry(session.user.email, alias.toLowerCase(), pending);
|
const id = await createAliasEntry(session.user.email, alias.toLowerCase(), pending);
|
||||||
const res = {
|
const res = {
|
||||||
|
@ -218,7 +194,7 @@ export async function createUser(email: string, password: string) {
|
||||||
if (!session?.user?.email) throw new Error("Unauthenticated");
|
if (!session?.user?.email) throw new Error("Unauthenticated");
|
||||||
if (!isAdmin(session)) throw new Error("Unauthorized");
|
if (!isAdmin(session)) throw new Error("Unauthorized");
|
||||||
|
|
||||||
if (!await aliasAvailable(email.toLowerCase())) {
|
if (!await isAliasAvailable(email.toLowerCase())) {
|
||||||
throw new Error("Alias unavailable");
|
throw new Error("Alias unavailable");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -134,6 +134,34 @@ export function getAlias(alias: string) {
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
export function isAliasAvailable(email: string, searchTempRequests: boolean = false) {
|
||||||
|
return new Promise<boolean>((resolve, reject) => {
|
||||||
|
const db = database('aliases');
|
||||||
|
db.get('SELECT id FROM aliases WHERE alias = ?', email.toLowerCase(), (err, res) => {
|
||||||
|
if (!searchTempRequests || err) db.close();
|
||||||
|
if (err) return reject(err);
|
||||||
|
if (res != undefined) return resolve(false);
|
||||||
|
|
||||||
|
const authDb = database('credentials');
|
||||||
|
authDb.get('SELECT key FROM passwords WHERE key = ?', email.toLowerCase(), (err, res) => {
|
||||||
|
authDb.close();
|
||||||
|
if (err) return reject(err);
|
||||||
|
|
||||||
|
if (!searchTempRequests) {
|
||||||
|
return resolve(res == undefined);
|
||||||
|
} else {
|
||||||
|
db.get('SELECT key FROM temp_alias_requests WHERE alias = ?', email.toLowerCase(), (err, res) => {
|
||||||
|
db.close();
|
||||||
|
if (err) return reject(err);
|
||||||
|
|
||||||
|
return resolve(res == undefined);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
});
|
||||||
|
});
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
export function createAliasEntry(user: string, alias: string, pending: boolean, temporary: boolean = false) {
|
export function createAliasEntry(user: string, alias: string, pending: boolean, temporary: boolean = false) {
|
||||||
return new Promise<number>(async (resolve, reject) => {
|
return new Promise<number>(async (resolve, reject) => {
|
||||||
const db = database('aliases');
|
const db = database('aliases');
|
||||||
|
|
|
@ -1,9 +1,8 @@
|
||||||
import { Session } from 'next-auth';
|
import { Session } from 'next-auth';
|
||||||
import crypto from 'crypto';
|
import crypto from 'crypto';
|
||||||
import { ApiKeyEntry } from './db';
|
import { ApiKeyEntry, isAliasAvailable } from './db';
|
||||||
import * as random_words from "random-words";
|
import * as random_words from "random-words";
|
||||||
import { TEMP_EMAIL_DOMAIN } from './constants';
|
import { TEMP_EMAIL_DOMAIN } from './constants';
|
||||||
import { aliasAvailable } from './actions';
|
|
||||||
|
|
||||||
export function sha256sum(input: any) {
|
export function sha256sum(input: any) {
|
||||||
const hash = crypto.createHash('sha256');
|
const hash = crypto.createHash('sha256');
|
||||||
|
@ -45,7 +44,7 @@ export async function generateAliasEmail(label: string, style: 'words' | 'random
|
||||||
throw new Error("Invalid style");
|
throw new Error("Invalid style");
|
||||||
}
|
}
|
||||||
email = `${labelAtEnd ? `${randomString}-${label}` : `${label}-${randomString}`}@${TEMP_EMAIL_DOMAIN}`;
|
email = `${labelAtEnd ? `${randomString}-${label}` : `${label}-${randomString}`}@${TEMP_EMAIL_DOMAIN}`;
|
||||||
} while (!await aliasAvailable(email, true));
|
} while (!await isAliasAvailable(email, true));
|
||||||
|
|
||||||
return email;
|
return email;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue