Ryan/docmost
1
0
Fork 0
mirror of https://github.com/docmost/docmost.git synced 2025-11-13 16:52:37 +10:00
Code Issues Packages Projects Releases Wiki Activity

more checks for collab auth token (#1345)

Browse Source
This commit is contained in:
Philip Okugbe
2025-07-14 02:35:03 -07:00
committed by GitHub
parent e856c8eb69
commit e51a93221c
4 changed files with 15 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apps/server/src/collaboration/extensions/authentication.extension.ts
View File

@ -46,6 +46,10 @@ export class AuthenticationExtension implements Extension {
throw new UnauthorizedException(); throw new UnauthorizedException();
} }
if (user.deactivatedAt || user.deletedAt) {
throw new UnauthorizedException();
}
const page = await this.pageRepo.findById(pageId); const page = await this.pageRepo.findById(pageId);
if (!page) { if (!page) {
this.logger.warn(`Page not found: ${pageId}`); this.logger.warn(`Page not found: ${pageId}`);

2
apps/server/src/core/auth/auth.controller.ts
View File

@ -108,7 +108,7 @@ export class AuthController {
@AuthUser() user: User, @AuthUser() user: User,
@AuthWorkspace() workspace: Workspace, @AuthWorkspace() workspace: Workspace,
) { ) {
return this.authService.getCollabToken(user.id, workspace.id); return this.authService.getCollabToken(user, workspace.id);
} }
@UseGuards(JwtAuthGuard) @UseGuards(JwtAuthGuard)

6
apps/server/src/core/auth/services/auth.service.ts
View File

@ -22,7 +22,7 @@ import { ForgotPasswordDto } from '../dto/forgot-password.dto';
import ForgotPasswordEmail from '@docmost/transactional/emails/forgot-password-email'; import ForgotPasswordEmail from '@docmost/transactional/emails/forgot-password-email';
import { UserTokenRepo } from '@docmost/db/repos/user-token/user-token.repo'; import { UserTokenRepo } from '@docmost/db/repos/user-token/user-token.repo';
import { PasswordResetDto } from '../dto/password-reset.dto'; import { PasswordResetDto } from '../dto/password-reset.dto';
import { UserToken, Workspace } from '@docmost/db/types/entity.types'; import { User, UserToken, Workspace } from '@docmost/db/types/entity.types';
import { UserTokenType } from '../auth.constants'; import { UserTokenType } from '../auth.constants';
import { KyselyDB } from '@docmost/db/types/kysely.types'; import { KyselyDB } from '@docmost/db/types/kysely.types';
import { InjectKysely } from 'nestjs-kysely'; import { InjectKysely } from 'nestjs-kysely';
@ -222,9 +222,9 @@ export class AuthService {
} }
} }
async getCollabToken(userId: string, workspaceId: string) { async getCollabToken(user: User, workspaceId: string) {
const token = await this.tokenService.generateCollabToken( const token = await this.tokenService.generateCollabToken(
userId, user,
workspaceId, workspaceId,
); );
return { token }; return { token };

13
apps/server/src/core/auth/services/token.service.ts
View File

@ -22,7 +22,7 @@ export class TokenService {
) {} ) {}
async generateAccessToken(user: User): Promise<string> { async generateAccessToken(user: User): Promise<string> {
if (user.deletedAt) { if (user.deactivatedAt || user.deletedAt) {
throw new ForbiddenException(); throw new ForbiddenException();
} }
@ -35,12 +35,13 @@ export class TokenService {
return this.jwtService.sign(payload); return this.jwtService.sign(payload);
} }
async generateCollabToken( async generateCollabToken(user: User, workspaceId: string): Promise<string> {
userId: string, if (user.deactivatedAt || user.deletedAt) {
workspaceId: string, throw new ForbiddenException();
): Promise<string> { }
const payload: JwtCollabPayload = { const payload: JwtCollabPayload = {
sub: userId, sub: user.id,
workspaceId, workspaceId,
type: JwtType.COLLAB, type: JwtType.COLLAB,
}; };