Skip to content

Commit

Permalink
refactor storage rules in folder
Browse files Browse the repository at this point in the history
  • Loading branch information
elitan committed Mar 9, 2019
1 parent bc09dd0 commit fa9280a
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 36 deletions.
27 changes: 27 additions & 0 deletions src/storage/rules/index.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
exports.storagePermission = (key, type, claims) => {
let res;

console.log('checking access permission 2');

// console.log({key});
// console.log({type});
// console.log({claims});

res = key.match(/\/companies\/(?<company_id>\w*)\/customers\/(\d*)\/.*/);
if (res) {
if (claims['x-hasura-company-id'] === res.groups.company_id) {
return true;
}
return false;
}

// accept read to public directory
res = key.match(/\/public\/.*/);
if (res) {
if (type === 'read') {
return true;
}
}

return false;
};
32 changes: 0 additions & 32 deletions src/storage/storage-rules.js

This file was deleted.

8 changes: 4 additions & 4 deletions src/storage/storage.js
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ const {
S3_BUCKET,
} = require('../config');

const storage_rules = require('./storage-rules');
const { storagePermission } = require('./rules');

const router = express.Router();

Expand Down Expand Up @@ -50,8 +50,8 @@ router.get('/file/*', (req, res, next) => {
}

// check access of key for jwt token claims
if (!storage_rules.validateInteraction(key, 'read', claims)) {
console.log('not allowed to read');
if (!storagePermission(key, 'read', claims)) {
console.error('not allowed to read');
return next(Boom.unauthorized('You are not allowed to read this file'));
}

Expand Down Expand Up @@ -152,7 +152,7 @@ const upload_auth = (req, res, next) => {
// completed
req.saved_files = [];

if (!storage_rules.validateInteraction(req.s3_key_prefix, 'write', claims)) {
if (!storagePermission(req.s3_key_prefix, 'write', claims)) {
return next(Boom.unauthorized('You are not allowed to write files here'));
}

Expand Down

0 comments on commit fa9280a

Please sign in to comment.