mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-15 07:34:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fix: add CompleteRequest type to have better type checks for HTTP-Request attribute injection.

Browse source 
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
This commit is contained in:
Yannick Bungers 2023-03-25 16:26:52 +01:00 committed by Yannick Bungers
parent 0263c09ce1
commit d369132519
10 changed files with 34 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

8
backend/src/identity/session.guard.ts
View file

@ -11,12 +11,11 @@ import {
UnauthorizedException,
} from '@nestjs/common';
import { CompleteRequest } from '../api/utils/request.type';
import { GuestAccess } from '../config/guest_access.enum';
import noteConfiguration, { NoteConfig } from '../config/note.config';
import { NotInDBError } from '../errors/errors';
import { ConsoleLoggerService } from '../logger/console-logger.service';
import { SessionState } from '../session/session.service';
import { User } from '../users/user.entity';
import { UsersService } from '../users/users.service';
/**
@ -39,10 +38,7 @@ export class SessionGuard implements CanActivate {
}
async canActivate(context: ExecutionContext): Promise<boolean> {
const request: Request & {
session?: SessionState;
user?: User;
} = context.switchToHttp().getRequest();
const request: CompleteRequest = context.switchToHttp().getRequest();
const username = request.session?.username;
if (!username) {
if (this.noteConfig.guestAccess !== GuestAccess.DENY && request.session) {