Skip to content

[WEB-2603] fix: remove validation of roles from the live server #5761

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pushya22 merged 4 commits into from
Oct 8, 2024
Merged

[WEB-2603] fix: remove validation of roles from the live server #5761

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
48447c2
fix: remove validation of roles from the live server
Palanikannan1437 Oct 7, 2024
9d71626
chore: remove the service
Palanikannan1437 Oct 7, 2024
eda8053
fix: remove all validation of authorization
Palanikannan1437 Oct 7, 2024
3ad770a
fix: props updated
Palanikannan1437 Oct 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 0 additions & 15 deletions live/src/ce/lib/authentication.ts
View file
Open in desktop

This file was deleted.

8 changes: 1 addition & 7 deletions live/src/core/hocuspocus-server.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,32 +12,26 @@ export const getHocusPocusServer = async () => {
name: serverName,
onAuthenticate: async ({
requestHeaders,
requestParameters,
connection,
// user id used as token for authentication
token,
}) => {
// request headers
const cookie = requestHeaders.cookie?.toString();
// params
const params = requestParameters;

if (!cookie) {
throw Error("Credentials not provided");
}

try {
await handleAuthentication({
connection,
cookie,
params,
token,
});
} catch (error) {
throw Error("Authentication unsuccessful!");
}
},
extensions,
debounce: 10000
debounce: 10000,
});
};
47 changes: 1 addition & 46 deletions live/src/core/lib/authentication.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,28 +1,17 @@
import { ConnectionConfiguration } from "@hocuspocus/server";
// services
import { UserService } from "@/core/services/user.service.js";
// types
import { TDocumentTypes } from "@/core/types/common.js";
// plane live lib
import { authenticateUser } from "@/plane-live/lib/authentication.js";
// core helpers
import { manualLogger } from "@/core/helpers/logger.js";

const userService = new UserService();

type Props = {
connection: ConnectionConfiguration;
cookie: string;
params: URLSearchParams;
token: string;
};

export const handleAuthentication = async (props: Props) => {
const { connection, cookie, params, token } = props;
// params
const documentType = params.get("documentType")?.toString() as
| TDocumentTypes
| undefined;
const { cookie, token } = props;
// fetch current user info
let response;
try {
Expand All @@ -35,40 +24,6 @@ export const handleAuthentication = async (props: Props) => {
throw Error("Authentication failed: Token doesn't match the current user.");
}

if (documentType === "project_page") {
// params
const workspaceSlug = params.get("workspaceSlug")?.toString();
const projectId = params.get("projectId")?.toString();
if (!workspaceSlug || !projectId) {
throw Error(
"Authentication failed: Incomplete query params. Either workspaceSlug or projectId is missing."
);
}
// fetch current user's project membership info
try {
const projectMembershipInfo = await userService.getUserProjectMembership(
workspaceSlug,
projectId,
cookie
);
const projectRole = projectMembershipInfo.role;
// make the connection read only for roles lower than a member
if (projectRole < 15) {
connection.readOnly = true;
}
} catch (error) {
manualLogger.error("Failed to fetch project membership info:", error);
throw error;
}
} else {
await authenticateUser({
connection,
cookie,
documentType,
params,
});
}

return {
user: {
id: response.id,
Expand Down
35 changes: 1 addition & 34 deletions live/src/core/services/user.service.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
// types
import type { IProjectMember, IUser } from "@plane/types";
import type { IUser } from "@plane/types";
// services
import { API_BASE_URL, APIService } from "@/core/services/api.service.js";

Expand All @@ -25,37 +25,4 @@ export class UserService extends APIService {
throw error;
});
}

async getUserWorkspaceMembership(
workspaceSlug: string,
cookie: string
): Promise<IProjectMember> {
return this.get(`/api/workspaces/${workspaceSlug}/workspace-members/me/`,
{
headers: {
Cookie: cookie,
},
})
.then((response) => response?.data)
.catch((error) => {
throw error?.response;
});
}

async getUserProjectMembership(
workspaceSlug: string,
projectId: string,
cookie: string
): Promise<IProjectMember> {
return this.get(`/api/workspaces/${workspaceSlug}/projects/${projectId}/project-members/me/`,
{
headers: {
Cookie: cookie,
},
})
.then((response) => response?.data)
.catch((error) => {
throw error?.response;
});
}
}