mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-19 09:45:37 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

auth: adds token-auth to public api

Browse source 
adds auth service
adds auth module
adds token-auth strategy
adds token-auth to all public api calls

Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
Philip Molares 2021-01-15 18:53:09 +01:00
parent 9a65a9bd29
commit 8d89614a4d
11 changed files with 174 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/api/public/media/media.controller.ts
View file

@ -12,8 +12,10 @@ import {
NotFoundException,
Param,
Post,
Request,
UnauthorizedException,
UploadedFile,
UseGuards,
UseInterceptors,
} from '@nestjs/common';
import { FileInterceptor } from '@nestjs/platform-express';
@ -25,6 +27,7 @@ import {
import { ConsoleLoggerService } from '../../../logger/console-logger.service';
import { MediaService } from '../../../media/media.service';
import { MulterFile } from '../../../media/multer-file.interface';
import { TokenAuthGuard } from '../../../auth/token-auth.guard';
@Controller('media')
export class MediaController {
@ -35,14 +38,16 @@ export class MediaController {
this.logger.setContext(MediaController.name);
}
@UseGuards(TokenAuthGuard)
@Post()
@UseInterceptors(FileInterceptor('file'))
async uploadMedia(
@Request() req,
@UploadedFile() file: MulterFile,
@Headers('HedgeDoc-Note') noteId: string,
) {
//TODO: Get user from request
const username = 'hardcoded';
const username = req.user.userName;
this.logger.debug(
`Recieved filename '${file.originalname}' for note '${noteId}' from user '${username}'`,
'uploadImage',
@ -64,10 +69,11 @@ export class MediaController {
}
}
@UseGuards(TokenAuthGuard)
@Delete(':filename')
async deleteMedia(@Param('filename') filename: string) {
async deleteMedia(@Request() req, @Param('filename') filename: string) {
//TODO: Get user from request
const username = 'hardcoded';
const username = req.user.userName;
try {
await this.mediaService.deleteFile(filename, username);
} catch (e) {