mirrors/puter
1
0
Fork 0
mirror of https://github.com/HeyPuter/puter synced 2024-11-14 22:06:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add subdomain permission (if applicable) on app share

Browse Source
This commit is contained in:
KernelDeimos 2024-06-24 18:38:07 -04:00 committed by Eric Dubé
parent 0cf90ee39a
commit 13e2f72c9f
1 changed files with 42 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
packages/backend/src/routers/share.js
View File

@ -15,6 +15,7 @@ const { UsernameNotifSelector } = require('../services/NotificationService');
const { quot } = require('../util/strutil'); const { quot } = require('../util/strutil');
const { UtilFn } = require('../util/fnutil'); const { UtilFn } = require('../util/fnutil');
const { WorkList } = require('../util/workutil'); const { WorkList } = require('../util/workutil');
const { DB_WRITE } = require('../services/database/consts');
const router = express.Router(); const router = express.Router();
@ -29,6 +30,8 @@ const v0_2 = async (req, res) => {
const actor = Context.get('actor'); const actor = Context.get('actor');
const db = req.services.get('database').get('share', DB_WRITE);
// === Request Validators === // === Request Validators ===
const validate_mode = UtilFn(mode => { const validate_mode = UtilFn(mode => {
@ -372,11 +375,6 @@ const v0_2 = async (req, res) => {
continue; continue;
} }
// Process: conditionally add permission for subdomain
for ( const item of shares_work.list() ) {
// NEXT
}
shares_work.clear_invalid(); shares_work.clear_invalid();
for ( const item of shares_work.list() ) { for ( const item of shares_work.list() ) {
@ -410,11 +408,49 @@ const v0_2 = async (req, res) => {
shares_work.clear_invalid(); shares_work.clear_invalid();
// Fetch app info for app shares
for ( const item of shares_work.list() ) { for ( const item of shares_work.list() ) {
if ( item.type !== 'app' ) continue; if ( item.type !== 'app' ) continue;
const app = await get_app({}); const { thing } = item;
const app = await get_app(thing.uid ?
{ uid: thing.uid } : { name: thing.name });
if ( ! app ) {
item.invalid = true;
result.shares[item.i] =
// note: since we're reporting `entity_not_found`
// we will report the id as an entity-storage-compatible
// identifier.
APIError.create('entity_not_found', null, {
identifier: thing.uid
? { uid: thing.uid }
: { id: { name: thing.name } }
});
}
item.app = app;
} }
shares_work.clear_invalid();
// Process: conditionally add permission for subdomain
for ( const item of shares_work.list() ) {
if ( item.type !== 'app' ) continue;
const [subdomain] = await db.read(
`SELECT * FROM subdomains WHERE associated_app_id = ? ` +
`AND user_id = ? LIMIT 1`,
[item.app.id, actor.type.user.id]
);
if ( ! subdomain ) continue;
// The subdomain is also owned by this user, so we'll
// add a permission for that as well
const site_selector = `uid#${subdomain.uuid}`;
item.share_intent.permissions.push(
PermissionUtil.join('site', site_selector, 'access')
)
}
shares_work.clear_invalid(); shares_work.clear_invalid();
// Mark files as successful; further errors will be // Mark files as successful; further errors will be