From 5cb5a75455e6f1589da8282435bb9375fc103e9b Mon Sep 17 00:00:00 2001 From: Nariman Jelveh Date: Thu, 20 Jun 2024 19:31:03 -0700 Subject: [PATCH] Verify `share_token` when launched --- src/initgui.js | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/src/initgui.js b/src/initgui.js index 31a3b97b..f534cea2 100644 --- a/src/initgui.js +++ b/src/initgui.js @@ -210,6 +210,40 @@ window.initgui = async function(options){ } } + //-------------------------------------------------------------------------------------- + // `share_token` provided + // i.e. https://puter.com/?share_token= + //-------------------------------------------------------------------------------------- + if(window.url_query_params.has('share_token')){ + let share_token = window.url_query_params.get('share_token'); + + fetch(`${config.api_origin}/sharelink/check`, { + "headers": { + "Content-Type": "application/json", + "Authorization": `Bearer ${puter.authToken}`, + }, + "body": JSON.stringify({ + token: share_token, + }), + "method": "POST", + }).then(response => response.json()) + .then(async data => { + if(data.success){ + if(data.email && data.email !== window.user.email){ + UIAlert({ + message: 'You are not authorized to view this link.' + }); + }else{ + UIAlert({ + type: 'success', + message: 'You are authorized to view this link.' + }); + } + } + }).catch(error => { + console.error('Error:', error); + }) + } //-------------------------------------------------------------------------------------- // Determine if an app was launched from URL // i.e. https://puter.com/app/