From fa9280a511a353c229c940d1cbc67cdb1dda7560 Mon Sep 17 00:00:00 2001
From: elitan <johan@eliasson.me>
Date: Sat, 9 Mar 2019 16:23:06 +0100
Subject: [PATCH] refactor storage rules in folder

---
 src/storage/rules/index.js   | 27 +++++++++++++++++++++++++++
 src/storage/storage-rules.js | 32 --------------------------------
 src/storage/storage.js       |  8 ++++----
 3 files changed, 31 insertions(+), 36 deletions(-)
 create mode 100644 src/storage/rules/index.js
 delete mode 100644 src/storage/storage-rules.js

diff --git a/src/storage/rules/index.js b/src/storage/rules/index.js
new file mode 100644
index 00000000..b0807b16
--- /dev/null
+++ b/src/storage/rules/index.js
@@ -0,0 +1,27 @@
+exports.storagePermission = (key, type, claims) => {
+  let res;
+
+  console.log('checking access permission 2');
+
+  // console.log({key});
+  // console.log({type});
+  // console.log({claims});
+
+  res = key.match(/\/companies\/(?<company_id>\w*)\/customers\/(\d*)\/.*/);
+  if (res) {
+    if (claims['x-hasura-company-id'] === res.groups.company_id) {
+      return true;
+    }
+    return false;
+  }
+
+  // accept read to public directory
+  res = key.match(/\/public\/.*/);
+  if (res) {
+    if (type === 'read') {
+      return true;
+    }
+  }
+
+  return false;
+};
diff --git a/src/storage/storage-rules.js b/src/storage/storage-rules.js
deleted file mode 100644
index a7d1d36f..00000000
--- a/src/storage/storage-rules.js
+++ /dev/null
@@ -1,32 +0,0 @@
-module.exports = {
-
-	// key - file path
-	// type - [ read, write ]
-	// claims - claims in JWT
-	// this is similar to Firebase Security Rules for files. but not as good looking
-	validateInteraction: function(key, type, claims) {
-		let res;
-
-		// console.log({key});
-		// console.log({type});
-		// console.log({claims});
-
-		res = key.match(/\/companies\/(?<company_id>\w*)\/customers\/(\d*)\/.*/);
-		if (res) {
-			if (claims['x-hasura-company-id'] === res.groups.company_id) {
-				return true;
-			}
-			return false;
-		}
-
-		// accept read to public directory
-		res = key.match(/\/public\/.*/);
-		if (res) {
-			if (type === 'read') {
-				return true;
-			}
-		}
-
-		return false;
-	},
-};
diff --git a/src/storage/storage.js b/src/storage/storage.js
index c35ec8de..2d6fe881 100644
--- a/src/storage/storage.js
+++ b/src/storage/storage.js
@@ -17,7 +17,7 @@ const {
   S3_BUCKET,
 } = require('../config');
 
-const storage_rules = require('./storage-rules');
+const { storagePermission } = require('./rules');
 
 const router = express.Router();
 
@@ -50,8 +50,8 @@ router.get('/file/*', (req, res, next) => {
   }
 
   // check access of key for jwt token claims
-  if (!storage_rules.validateInteraction(key, 'read', claims)) {
-    console.log('not allowed to read');
+  if (!storagePermission(key, 'read', claims)) {
+    console.error('not allowed to read');
     return next(Boom.unauthorized('You are not allowed to read this file'));
   }
 
@@ -152,7 +152,7 @@ const upload_auth = (req, res, next) => {
   // completed
   req.saved_files = [];
 
-  if (!storage_rules.validateInteraction(req.s3_key_prefix, 'write', claims)) {
+  if (!storagePermission(req.s3_key_prefix, 'write', claims)) {
     return next(Boom.unauthorized('You are not allowed to write files here'));
   }