mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-24 20:14:35 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

feat: allow guests in SessionGuard

Browse source 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
Philip Molares 2022-10-02 20:33:59 +02:00
parent b384c795d0
commit 6b62688824
1 changed files with 24 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

27
src/identity/session.guard.ts
View file

@ -1,33 +1,54 @@
/* /*
* SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file) * SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
* *
* SPDX-License-Identifier: AGPL-3.0-only * SPDX-License-Identifier: AGPL-3.0-only
*/ */
import { import {
CanActivate, CanActivate,
ExecutionContext, ExecutionContext,
Inject,
Injectable, Injectable,
UnauthorizedException, UnauthorizedException,
} from '@nestjs/common'; } from '@nestjs/common';
import { GuestAccess } from '../config/guest_access.enum';
import noteConfiguration, { NoteConfig } from '../config/note.config';
import { NotInDBError } from '../errors/errors'; import { NotInDBError } from '../errors/errors';
import { ConsoleLoggerService } from '../logger/console-logger.service'; import { ConsoleLoggerService } from '../logger/console-logger.service';
import { User } from '../users/user.entity'; import { User } from '../users/user.entity';
import { UsersService } from '../users/users.service'; import { UsersService } from '../users/users.service';
/**
* This guard checks if a session is present.
*
* If there is a username in `request.session.user` it will try to get this user from the database and put it into `request.user`. See {@link RequestUser}.
* If there is no `request.session.user`, but any GuestAccess is configured, `request.session.authProvider` is set to `guest` to indicate a guest user.
*
* @throws UnauthorizedException
*/
@Injectable() @Injectable()
export class SessionGuard implements CanActivate { export class SessionGuard implements CanActivate {
constructor( constructor(
private readonly logger: ConsoleLoggerService, private readonly logger: ConsoleLoggerService,
private userService: UsersService, private userService: UsersService,
@Inject(noteConfiguration.KEY)
private noteConfig: NoteConfig,
) { ) {
this.logger.setContext(SessionGuard.name); this.logger.setContext(SessionGuard.name);
} }
async canActivate(context: ExecutionContext): Promise<boolean> { async canActivate(context: ExecutionContext): Promise<boolean> {
const request: Request & { session?: { user: string }; user?: User } = const request: Request & {
context.switchToHttp().getRequest(); session?: { user: string; authProvider: string };
user?: User;
} = context.switchToHttp().getRequest();
if (!request.session?.user) { if (!request.session?.user) {
if (this.noteConfig.guestAccess !== GuestAccess.DENY) {
if (request.session) {
request.session.authProvider = 'guest';
return true;
}
}
this.logger.debug('The user has no session.'); this.logger.debug('The user has no session.');
throw new UnauthorizedException("You're not logged in"); throw new UnauthorizedException("You're not logged in");
} }