watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2025-12-08 05:12:36 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Refactor API authentication.

Browse source
This commit is contained in:
Mike Cao 2022-10-12 13:11:44 -07:00
parent c33729e185
commit 5a4fc96ebc
13 changed files with 71 additions and 73 deletions
Download patch file Download diff file Expand all files Collapse all files

26
lib/auth.js
View file

@ -1,4 +1,3 @@
import { validate } from 'uuid';
import { parseSecureToken, parseToken } from 'next-basics';
import { getWebsite } from 'queries';
import { SHARE_TOKEN_HEADER } from 'lib/constants';
@ -38,24 +37,23 @@ export function isValidToken(token, validation) {
return false;
}
export async function allowQuery(req, skipToken) {
const { id } = req.query;
const token = req.headers[SHARE_TOKEN_HEADER];
export async function allowQuery(req) {
const { id: websiteId } = req.query;
const website = await getWebsite(validate(id) ? { websiteUuid: id } : { id: +id });
const { userId, isAdmin, shareToken } = req.auth ?? {};
if (website) {
if (token && token !== 'undefined' && !skipToken) {
return isValidToken(token, { websiteId: website.id });
}
if (isAdmin) {
return true;
}
const authToken = await getAuthToken(req);
if (shareToken) {
return isValidToken(shareToken, { websiteUuid: websiteId });
}
if (authToken) {
const { userId, isAdmin } = authToken;
if (userId) {
const website = await getWebsite({ websiteUuid: websiteId });
return isAdmin || website.userId === userId;
}
return website && website.userId === userId;
}
return false;