Skip to content

Commit

Permalink
update user authrization
Browse files Browse the repository at this point in the history
  • Loading branch information
@huytran17
huytran17 committed May 20, 2024
1 parent 9ad9811 commit 183624e
Show file tree
Hide file tree
Showing 5 changed files with 35 additions and 0 deletions.
7 changes: 7 additions & 0 deletions core/server/src/data-access/controllers/user/user/delete-user.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import { Request } from "express";
import { get } from "lodash";
import { HttpStatusCode } from "../../../../constants/http-status-code";
import { isEmpty } from "../../../../utils/is-empty";
import IUser from "../../../../database/interfaces/user";

export default function makeDeleteUserController({
getUser,
Expand All @@ -26,10 +27,16 @@ export default function makeDeleteUserController({
};

try {
const { _id: user_id } = <IUser>get(httpRequest, "context.user", {});

const { _id } = <IDeleteUserPayload>(
get(httpRequest, "context.validated", {})
);

if (user_id !== _id) {
throw new Error("Access denied");
}

const exists = await getUser({ _id });

if (isEmpty(exists)) {
Expand Down
7 changes: 7 additions & 0 deletions core/server/src/data-access/controllers/user/user/get-user.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import { GetUser, IGetUserPayload } from "../../../../use-cases/user/get-user";
import { get } from "lodash";
import { HttpStatusCode } from "../../../../constants/http-status-code";
import { isEmpty } from "../../../../utils/is-empty";
import IUser from "../../../../database/interfaces/user";

export default function makeGetUserController({
getUser,
Expand All @@ -17,10 +18,16 @@ export default function makeGetUserController({
};

try {
const { _id: user_id } = <IUser>get(httpRequest, "context.user", {});

const { _id } = <IGetUserPayload>(
get(httpRequest, "context.validated", {})
);

if (user_id !== _id) {
throw new Error("Access denied");
}

const exists = await getUser({ _id });

if (isEmpty(exists)) {
Expand Down
7 changes: 7 additions & 0 deletions core/server/src/data-access/controllers/user/user/update-user.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import { Logger } from "winston";
import { Request } from "express";
import { get } from "lodash";
import { HttpStatusCode } from "../../../../constants/http-status-code";
import IUser from "../../../../database/interfaces/user";

export default function makeUpdateUserController({
updateUser,
Expand All @@ -22,10 +23,16 @@ export default function makeUpdateUserController({
};

try {
const { _id } = <IUser>get(httpRequest, "context.user", {});

const user_details = <IUpdateUserPayload>(
get(httpRequest, "context.validated", {})
);

if (_id !== user_details._id) {
throw new Error("Access denied");
}

const updated_user = await updateUser(user_details);

logger.verbose(`Updated user ${updated_user.email}`);
Expand Down
7 changes: 7 additions & 0 deletions core/server/src/data-access/controllers/user/user/upload-avatar.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import { UpdateUser } from "../../../../use-cases/user/update-user";
import { HttpStatusCode } from "../../../../constants/http-status-code";
import { isEmpty } from "../../../../utils/is-empty";
import deleteS3Object from "../../../../utils/delete-s3-object";
import IUser from "../../../../database/interfaces/user";

export default function makeUploadUserAvatarController({
getUser,
Expand All @@ -21,10 +22,16 @@ export default function makeUploadUserAvatarController({
};

try {
const { _id: user_id } = <IUser>get(httpRequest, "context.user", {});

const { _id } = <IGetUserPayload>(
get(httpRequest, "context.validated", {})
);

if (user_id !== _id) {
throw new Error("Access denied");
}

const exists = await getUser({ _id });

if (isEmpty(exists)) {
Expand Down
7 changes: 7 additions & 0 deletions core/server/src/data-access/controllers/user/v2/user/upload-avatar.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import { isEmpty } from "../../../../../utils/is-empty";
import getFIleUploadedPath from "../../../../../utils/get-file-uploaded-path";
import { IDiskUploadFile } from "../../../../../config/middlewares/disk-upload-file";
import deleteUploadedFile from "../../../../../utils/delete-uploaded-file";
import IUser from "../../../../../database/interfaces/user";

export default function makeUploadUserAvatarController({
getUser,
Expand All @@ -26,10 +27,16 @@ export default function makeUploadUserAvatarController({
};

try {
const { _id: user_id } = <IUser>get(httpRequest, "context.user", {});

const { _id } = <IGetUserPayload>(
get(httpRequest, "context.validated", {})
);

if (user_id !== _id) {
throw new Error("Access denied");
}

const exists = await getUser({ _id });

if (isEmpty(exists)) {
Expand Down

0 comments on commit 183624e

Please sign in to comment.