mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-15 23:54:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

auth: adds token-auth to public api

Browse source 
adds auth service
adds auth module
adds token-auth strategy
adds token-auth to all public api calls

Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
Philip Molares 2021-01-15 18:53:09 +01:00 committed by David Mehren
parent 4784a1aea2
commit 2ab950c5c3
No known key found for this signature in database
GPG key ID: 185982BA4C42B7C3
11 changed files with 174 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

25
src/api/public/me/me.controller.ts
View file

@ -13,6 +13,8 @@ import {
NotFoundException,
Param,
Put,
UseGuards,
Request,
} from '@nestjs/common';
import { HistoryEntryUpdateDto } from '../../../history/history-entry-update.dto';
import { HistoryEntryDto } from '../../../history/history-entry.dto';
@ -22,6 +24,7 @@ import { NoteMetadataDto } from '../../../notes/note-metadata.dto';
import { NotesService } from '../../../notes/notes.service';
import { UserInfoDto } from '../../../users/user-info.dto';
import { UsersService } from '../../../users/users.service';
import { TokenAuthGuard } from '../../../auth/token-auth.guard';
@Controller('me')
export class MeController {
@ -34,29 +37,36 @@ export class MeController {
this.logger.setContext(MeController.name);
}
@UseGuards(TokenAuthGuard)
@Get()
async getMe(): Promise<UserInfoDto> {
async getMe(@Request() req): Promise<UserInfoDto> {
return this.usersService.toUserDto(
await this.usersService.getUserByUsername('hardcoded'),
await this.usersService.getUserByUsername(req.user.userName),
);
}
@UseGuards(TokenAuthGuard)
@Get('history')
getUserHistory(): HistoryEntryDto[] {
return this.historyService.getUserHistory('someone');
getUserHistory(@Request() req): HistoryEntryDto[] {
return this.historyService.getUserHistory(req.user.userName);
}
@UseGuards(TokenAuthGuard)
@Put('history/:note')
updateHistoryEntry(
@Request() req,
@Param('note') note: string,
@Body() entryUpdateDto: HistoryEntryUpdateDto,
): HistoryEntryDto {
// ToDo: Check if user is allowed to pin this history entry
return this.historyService.updateHistoryEntry(note, entryUpdateDto);
}
@UseGuards(TokenAuthGuard)
@Delete('history/:note')
@HttpCode(204)
deleteHistoryEntry(@Param('note') note: string) {
deleteHistoryEntry(@Request() req, @Param('note') note: string) {
// ToDo: Check if user is allowed to delete note
try {
return this.historyService.deleteHistoryEntry(note);
} catch (e) {
@ -64,8 +74,9 @@ export class MeController {
}
}
@UseGuards(TokenAuthGuard)
@Get('notes')
getMyNotes(): NoteMetadataDto[] {
return this.notesService.getUserNotes('someone');
getMyNotes(@Request() req): NoteMetadataDto[] {
return this.notesService.getUserNotes(req.user.userName);
}
}