Skip to content

Commit

Permalink
feat(app-server): add filename field to file operation token;
Browse files Browse the repository at this point in the history
  • Loading branch information
@maslow
maslow committed Aug 17, 2021
1 parent f3d9a32 commit 68f25ef
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 6 deletions.
2 changes: 1 addition & 1 deletion packages/app-server/src/router/file/gridfs.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ async function handleDownloadFile(req: express.Request, res: express.Response) {

// check file operation token if bucket is not 'public'
if (bucket_name !== 'public') {
const [code, message] = checkFileOperationToken(bucket_name, req.query?.token as string, FS_OPERATION.READ)
const [code, message] = checkFileOperationToken(bucket_name, req.query?.token as string, FS_OPERATION.READ, filename)
if (code) {
return res.status(code).send(message)
}
Expand Down
4 changes: 2 additions & 2 deletions packages/app-server/src/router/file/localfs.ts
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
/*
* @Author: Maslow<wangfugen@126.com>
* @Date: 2021-08-11 18:01:25
* @LastEditTime: 2021-08-17 13:57:43
* @LastEditTime: 2021-08-17 17:52:20
* @Description:
*/
import { logger } from '../../lib/logger'
Expand Down Expand Up @@ -74,7 +74,7 @@ async function handleDownloadFile(req: express.Request, res: express.Response) {

// check file operation token if bucket is not 'public'
if (bucket !== 'public') {
const [code, message] = checkFileOperationToken(bucket, req.query?.token as string, FS_OPERATION.READ)
const [code, message] = checkFileOperationToken(bucket, req.query?.token as string, FS_OPERATION.READ, filename)
if (code) {
return res.status(code).send(message)
}
Expand Down
18 changes: 15 additions & 3 deletions packages/app-server/src/router/file/utils.ts
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,10 @@
/*
* @Author: Maslow<wangfugen@126.com>
* @Date: 2021-08-11 18:07:36
* @LastEditTime: 2021-08-17 17:58:30
* @Description:
*/

import assert = require("assert")
import { parseToken } from "../../lib/utils/token"
import * as crypto from 'crypto'
Expand Down Expand Up @@ -33,15 +40,16 @@ export enum FS_OPERATION {
* {
* bucket: string, // indicated that this token only valid for this `bucket`
* ops: string[], // operation permissions granted, values can be one or more of: 'create' | 'read' | 'delete' | 'list'
*
* filename?: string // optionally, file name
* }
* ```
* @param bucket the bucket name
* @param token the file operation token
* @param operation the operation: 'create' | 'read' | 'delete' | 'list'
* @param filename the name of file, optionally
* @returns
*/
export function checkFileOperationToken(bucket: string, token: string, operation: FS_OPERATION): [number, string] {
export function checkFileOperationToken(bucket: string, token: string, operation: FS_OPERATION, filename?: string): [number, string] {
assert(bucket, 'empty `bucket` got')
assert(token, 'empty `token` got')
assert(operation, 'empty `operation` got')
Expand All @@ -60,7 +68,11 @@ export function checkFileOperationToken(bucket: string, token: string, operation
return [403, 'permission denied']
}

if (payload?.bucket != bucket) {
if (payload?.bucket != bucket && payload?.bucket !== '*') {
return [403, 'permission denied']
}

if (filename && payload?.filename && payload?.filename != filename) {
return [403, 'permission denied']
}

Expand Down

0 comments on commit 68f25ef

Please sign in to comment.