Ryan/documenso
1
0
Fork 1
mirror of https://github.com/documenso/documenso.git synced 2025-11-13 16:23:06 +10:00
Code Issues Packages Projects Releases Wiki Activity

🐛 return to login if user was not found (probably deleted in db or token manipulated)🚸

Browse Source
This commit is contained in:
Timur Ercan
2023-03-09 11:24:32 +01:00
parent 02372eb6bc
commit 30e186d82a
5 changed files with 25 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/web/pages/api/documents/index.ts
View File

@ -45,7 +45,7 @@ async function postHandler(req: NextApiRequest, res: NextApiResponse) {
} }
async function getHandler(req: NextApiRequest, res: NextApiResponse) { async function getHandler(req: NextApiRequest, res: NextApiResponse) {
let user = await getUserFromToken(req, res); const user = await getUserFromToken(req, res);
if (!user) return; if (!user) return;
const documents = await getDocumentsForUserFromToken({ req: req, res: res }); const documents = await getDocumentsForUserFromToken({ req: req, res: res });

8
apps/web/pages/dashboard.tsx
View File

@ -128,7 +128,13 @@ function getStat(name: string, props: any) {
export async function getServerSideProps(context: any) { export async function getServerSideProps(context: any) {
const user = await getUserFromToken(context.req, context.res); const user = await getUserFromToken(context.req, context.res);
if (!user) return; if (!user)
return {
redirect: {
destination: "/login",
permanent: false,
},
};
const documents: any[] = await getDocumentsForUserFromToken(context); const documents: any[] = await getDocumentsForUserFromToken(context);

8
apps/web/pages/documents/[id]/index.tsx
View File

@ -109,7 +109,13 @@ function formatDocumentStatus(status: DocumentStatus) {
export async function getServerSideProps(context: any) { export async function getServerSideProps(context: any) {
const user = await getUserFromToken(context.req, context.res); const user = await getUserFromToken(context.req, context.res);
if (!user) return; if (!user)
return {
redirect: {
destination: "/login",
permanent: false,
},
};
const { id: documentId } = context.query; const { id: documentId } = context.query;

8
apps/web/pages/documents/[id]/recipients.tsx
View File

@ -442,7 +442,13 @@ RecipientsPage.getLayout = function getLayout(page: ReactElement) {
export async function getServerSideProps(context: any) { export async function getServerSideProps(context: any) {
const user = await getUserFromToken(context.req, context.res); const user = await getUserFromToken(context.req, context.res);
if (!user) return; if (!user)
return {
redirect: {
destination: "/login",
permanent: false,
},
};
const { id: documentId } = context.query; const { id: documentId } = context.query;
const document: PrismaDocument = await getDocument( const document: PrismaDocument = await getDocument(

7
packages/lib/server/getUserFromToken.ts
View File

@ -2,6 +2,7 @@ import prisma from "@documenso/prisma";
import { User as PrismaUser } from "@prisma/client"; import { User as PrismaUser } from "@prisma/client";
import { NextApiRequest, NextApiResponse } from "next"; import { NextApiRequest, NextApiResponse } from "next";
import { getToken } from "next-auth/jwt"; import { getToken } from "next-auth/jwt";
import { signOut } from "next-auth/react";
export async function getUserFromToken( export async function getUserFromToken(
req: NextApiRequest, req: NextApiRequest,
@ -20,11 +21,9 @@ export async function getUserFromToken(
return null; return null;
} }
let user = await prisma.user.findFirstOrThrow({ const user = await prisma.user.findFirst({
where: { email: tokenEmail }, where: { email: tokenEmail },
}); });
if (user) return user; return user;
if (!user) res.status(401).send("No user found for token.");
return null;
} }