From c7e2b1001982bc9cbdba3bb204164d24f8ddd3f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E0=A4=95=E0=A4=BE=E0=A4=B0=E0=A4=A4=E0=A5=8B=E0=A4=AB?= =?UTF-8?q?=E0=A5=8D=E0=A4=AB=E0=A5=87=E0=A4=B2=E0=A4=B8=E0=A5=8D=E0=A4=95?= =?UTF-8?q?=E0=A5=8D=E0=A4=B0=E0=A4=BF=E0=A4=AA=E0=A5=8D=E0=A4=9F=E2=84=A2?= Date: Thu, 27 Apr 2023 12:08:43 +0200 Subject: [PATCH 1/2] fix(core): Skip auth for controllers/routes that don't use the `Authorized` decorator --- packages/cli/src/decorators/registerController.ts | 7 +++++++ packages/cli/src/middlewares/auth.ts | 7 ++----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/packages/cli/src/decorators/registerController.ts b/packages/cli/src/decorators/registerController.ts index fe792040b6067..17324ae74f421 100644 --- a/packages/cli/src/decorators/registerController.ts +++ b/packages/cli/src/decorators/registerController.ts @@ -14,6 +14,7 @@ import type { AuthRole, AuthRoleMetadata, Controller, + Method, MiddlewareMetadata, RouteMetadata, } from './types'; @@ -32,6 +33,11 @@ export const createAuthMiddleware = res.status(403).json({ status: 'error', message: 'Unauthorized' }); }; +const authFreeRoutes: string[] = []; + +export const canSkipAuth = (method: string, path: string): boolean => + authFreeRoutes.includes(`${method.toLowerCase()} ${path}`); + export const registerController = (app: Application, config: Config, controller: object) => { const controllerClass = controller.constructor; const controllerBasePath = Reflect.getMetadata(CONTROLLER_BASE_PATH, controllerClass) as @@ -69,6 +75,7 @@ export const registerController = (app: Application, config: Config, controller: (controller as Controller)[handlerName](req, res), ), ); + if (!authRole || authRole === 'none') authFreeRoutes.push(`${method} ${prefix}${path}`); }); app.use(prefix, router); diff --git a/packages/cli/src/middlewares/auth.ts b/packages/cli/src/middlewares/auth.ts index 231b48beddf91..e28272766b916 100644 --- a/packages/cli/src/middlewares/auth.ts +++ b/packages/cli/src/middlewares/auth.ts @@ -12,6 +12,7 @@ import { AUTH_COOKIE_NAME, EDITOR_UI_DIST_DIR } from '@/constants'; import { issueCookie, resolveJwtContent } from '@/auth/jwt'; import { isUserManagementEnabled } from '@/UserManagement/UserManagementHelper'; import type { UserRepository } from '@db/repositories'; +import { canSkipAuth } from '@/decorators/registerController'; const jwtFromRequest = (req: Request) => { // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access @@ -90,14 +91,10 @@ export const setupAuthMiddlewares = ( // skip authentication for preflight requests req.method === 'OPTIONS' || staticAssets.includes(req.url.slice(1)) || + canSkipAuth(req.method, req.path) || isAuthExcluded(req.url, ignoredEndpoints) || req.url.startsWith(`/${restEndpoint}/settings`) || - req.url.startsWith(`/${restEndpoint}/login`) || - req.url.startsWith(`/${restEndpoint}/resolve-signup-token`) || isPostUsersId(req, restEndpoint) || - req.url.startsWith(`/${restEndpoint}/forgot-password`) || - req.url.startsWith(`/${restEndpoint}/resolve-password-token`) || - req.url.startsWith(`/${restEndpoint}/change-password`) || req.url.startsWith(`/${restEndpoint}/oauth2-credential/callback`) || req.url.startsWith(`/${restEndpoint}/oauth1-credential/callback`) ) { From 18bdf359e2eb69a8cddbe3d0f6d050e372c2459d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E0=A4=95=E0=A4=BE=E0=A4=B0=E0=A4=A4=E0=A5=8B=E0=A4=AB?= =?UTF-8?q?=E0=A5=8D=E0=A4=AB=E0=A5=87=E0=A4=B2=E0=A4=B8=E0=A5=8D=E0=A4=95?= =?UTF-8?q?=E0=A5=8D=E0=A4=B0=E0=A4=BF=E0=A4=AA=E0=A5=8D=E0=A4=9F=E2=84=A2?= Date: Thu, 27 Apr 2023 12:21:40 +0200 Subject: [PATCH 2/2] fix linting --- packages/cli/src/decorators/registerController.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/packages/cli/src/decorators/registerController.ts b/packages/cli/src/decorators/registerController.ts index 17324ae74f421..54ff6bbbbcfd6 100644 --- a/packages/cli/src/decorators/registerController.ts +++ b/packages/cli/src/decorators/registerController.ts @@ -14,7 +14,6 @@ import type { AuthRole, AuthRoleMetadata, Controller, - Method, MiddlewareMetadata, RouteMetadata, } from './types';