renati/music-repo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix very faulty authorization

Browse Source
This commit is contained in:
Szymon Nowakowski
2025-10-08 00:43:21 +02:00
parent be3445a5a9
commit 21f7b55c8a
1 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
packages/backend/src/the_api.ts
View File

@@ -1,6 +1,6 @@
import { AttachmentId, PieceId, RepertoireId, Sha256 } from "common";
import api, { NotFound, Role, Unauthorized } from "common/the_api";
import { DateTime, Effect, HashSet, Option, pipe } from "effect";
import { DateTime, Effect, HashSet, Number, Option, pipe } from "effect";
import { sql } from "kysely";
import { implement } from "./api";
import * as Authentication from "./services/Authentication";
@@ -17,7 +17,11 @@ const requireAuthenticated = pipe(
const requireReadAccess = pipe(
Authentication.Authentication,
Effect.flatMap(({ me }) => me),
Effect.flatMap((user) => HashSet.isSubset(user.roles, READ_ACCESS)
Effect.flatMap((user) => pipe(
HashSet.intersection(user.roles, READ_ACCESS),
HashSet.size,
Number.greaterThan(0),
)
? Effect.succeed(user)
: Effect.fail(Unauthorized.make())
),
@@ -26,7 +30,11 @@ const requireReadAccess = pipe(
const requireWriteAccess = pipe(
Authentication.Authentication,
Effect.flatMap(({ me }) => me),
Effect.flatMap((user) => HashSet.isSubset(user.roles, WRITE_ACCESS)
Effect.flatMap((user) => pipe(
HashSet.intersection(user.roles, WRITE_ACCESS),
HashSet.size,
Number.greaterThan(0),
)
? Effect.succeed(user)
: Effect.fail(Unauthorized.make())
),