From 48447c2cfb1cb373e6f3e9eec1c31f2ff63e9b9a Mon Sep 17 00:00:00 2001 From: Palanikannan M Date: Mon, 7 Oct 2024 16:15:45 +0530 Subject: [PATCH 1/4] fix: remove validation of roles from the live server --- live/src/core/lib/authentication.ts | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/live/src/core/lib/authentication.ts b/live/src/core/lib/authentication.ts index dbde17959ad..2ad4494f2c0 100644 --- a/live/src/core/lib/authentication.ts +++ b/live/src/core/lib/authentication.ts @@ -41,25 +41,9 @@ export const handleAuthentication = async (props: Props) => { const projectId = params.get("projectId")?.toString(); if (!workspaceSlug || !projectId) { throw Error( - "Authentication failed: Incomplete query params. Either workspaceSlug or projectId is missing." + "Authentication failed: Incomplete query params. Either workspaceSlug or projectId is missing.", ); } - // fetch current user's project membership info - try { - const projectMembershipInfo = await userService.getUserProjectMembership( - workspaceSlug, - projectId, - cookie - ); - const projectRole = projectMembershipInfo.role; - // make the connection read only for roles lower than a member - if (projectRole < 15) { - connection.readOnly = true; - } - } catch (error) { - manualLogger.error("Failed to fetch project membership info:", error); - throw error; - } } else { await authenticateUser({ connection, From 9d71626cc8acf7365885977ec3d2a4eedf7bf408 Mon Sep 17 00:00:00 2001 From: Palanikannan M Date: Mon, 7 Oct 2024 16:24:48 +0530 Subject: [PATCH 2/4] chore: remove the service --- live/src/core/services/user.service.ts | 35 +------------------------- 1 file changed, 1 insertion(+), 34 deletions(-) diff --git a/live/src/core/services/user.service.ts b/live/src/core/services/user.service.ts index 09412aa532c..39d200919ac 100644 --- a/live/src/core/services/user.service.ts +++ b/live/src/core/services/user.service.ts @@ -1,5 +1,5 @@ // types -import type { IProjectMember, IUser } from "@plane/types"; +import type { IUser } from "@plane/types"; // services import { API_BASE_URL, APIService } from "@/core/services/api.service.js"; @@ -25,37 +25,4 @@ export class UserService extends APIService { throw error; }); } - - async getUserWorkspaceMembership( - workspaceSlug: string, - cookie: string - ): Promise { - return this.get(`/api/workspaces/${workspaceSlug}/workspace-members/me/`, - { - headers: { - Cookie: cookie, - }, - }) - .then((response) => response?.data) - .catch((error) => { - throw error?.response; - }); - } - - async getUserProjectMembership( - workspaceSlug: string, - projectId: string, - cookie: string - ): Promise { - return this.get(`/api/workspaces/${workspaceSlug}/projects/${projectId}/project-members/me/`, - { - headers: { - Cookie: cookie, - }, - }) - .then((response) => response?.data) - .catch((error) => { - throw error?.response; - }); - } } From eda80534c1a29fb1e73710db47aaf1675ca789e3 Mon Sep 17 00:00:00 2001 From: Palanikannan M Date: Mon, 7 Oct 2024 16:37:03 +0530 Subject: [PATCH 3/4] fix: remove all validation of authorization --- live/src/ce/lib/authentication.ts | 15 --------------- live/src/core/lib/authentication.ts | 28 +--------------------------- 2 files changed, 1 insertion(+), 42 deletions(-) delete mode 100644 live/src/ce/lib/authentication.ts diff --git a/live/src/ce/lib/authentication.ts b/live/src/ce/lib/authentication.ts deleted file mode 100644 index 3d5a1ea48e5..00000000000 --- a/live/src/ce/lib/authentication.ts +++ /dev/null @@ -1,15 +0,0 @@ -import { ConnectionConfiguration } from "@hocuspocus/server"; -// types -import { TDocumentTypes } from "@/core/types/common.js"; - -type TArgs = { - connection: ConnectionConfiguration - cookie: string; - documentType: TDocumentTypes | undefined; - params: URLSearchParams; -} - -export const authenticateUser = async (args: TArgs): Promise => { - const { documentType } = args; - throw Error(`Authentication failed: Invalid document type ${documentType} provided.`); -} \ No newline at end of file diff --git a/live/src/core/lib/authentication.ts b/live/src/core/lib/authentication.ts index 2ad4494f2c0..eb2894e4daa 100644 --- a/live/src/core/lib/authentication.ts +++ b/live/src/core/lib/authentication.ts @@ -1,10 +1,6 @@ import { ConnectionConfiguration } from "@hocuspocus/server"; // services import { UserService } from "@/core/services/user.service.js"; -// types -import { TDocumentTypes } from "@/core/types/common.js"; -// plane live lib -import { authenticateUser } from "@/plane-live/lib/authentication.js"; // core helpers import { manualLogger } from "@/core/helpers/logger.js"; @@ -18,11 +14,7 @@ type Props = { }; export const handleAuthentication = async (props: Props) => { - const { connection, cookie, params, token } = props; - // params - const documentType = params.get("documentType")?.toString() as - | TDocumentTypes - | undefined; + const { cookie, token } = props; // fetch current user info let response; try { @@ -35,24 +27,6 @@ export const handleAuthentication = async (props: Props) => { throw Error("Authentication failed: Token doesn't match the current user."); } - if (documentType === "project_page") { - // params - const workspaceSlug = params.get("workspaceSlug")?.toString(); - const projectId = params.get("projectId")?.toString(); - if (!workspaceSlug || !projectId) { - throw Error( - "Authentication failed: Incomplete query params. Either workspaceSlug or projectId is missing.", - ); - } - } else { - await authenticateUser({ - connection, - cookie, - documentType, - params, - }); - } - return { user: { id: response.id, From 3ad770a0210ca430ff373e69acc8c90b659f8208 Mon Sep 17 00:00:00 2001 From: Palanikannan M Date: Mon, 7 Oct 2024 16:45:16 +0530 Subject: [PATCH 4/4] fix: props updated --- live/src/core/hocuspocus-server.ts | 8 +------- live/src/core/lib/authentication.ts | 3 --- 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/live/src/core/hocuspocus-server.ts b/live/src/core/hocuspocus-server.ts index fb30c8f8281..0aa411b9334 100644 --- a/live/src/core/hocuspocus-server.ts +++ b/live/src/core/hocuspocus-server.ts @@ -12,15 +12,11 @@ export const getHocusPocusServer = async () => { name: serverName, onAuthenticate: async ({ requestHeaders, - requestParameters, - connection, // user id used as token for authentication token, }) => { // request headers const cookie = requestHeaders.cookie?.toString(); - // params - const params = requestParameters; if (!cookie) { throw Error("Credentials not provided"); @@ -28,9 +24,7 @@ export const getHocusPocusServer = async () => { try { await handleAuthentication({ - connection, cookie, - params, token, }); } catch (error) { @@ -38,6 +32,6 @@ export const getHocusPocusServer = async () => { } }, extensions, - debounce: 10000 + debounce: 10000, }); }; diff --git a/live/src/core/lib/authentication.ts b/live/src/core/lib/authentication.ts index eb2894e4daa..ee01b020908 100644 --- a/live/src/core/lib/authentication.ts +++ b/live/src/core/lib/authentication.ts @@ -1,4 +1,3 @@ -import { ConnectionConfiguration } from "@hocuspocus/server"; // services import { UserService } from "@/core/services/user.service.js"; // core helpers @@ -7,9 +6,7 @@ import { manualLogger } from "@/core/helpers/logger.js"; const userService = new UserService(); type Props = { - connection: ConnectionConfiguration; cookie: string; - params: URLSearchParams; token: string; };