You've already forked pocketbase
mirror of
https://github.com/pocketbase/pocketbase.git
synced 2025-10-31 16:47:43 +02:00
allowed specifying non-context auth model for the file token endpoint
This commit is contained in:
Gani Georgiev
@@ -28,7 +28,7 @@ func bindFileApi(app core.App, rg *echo.Group) {
|
|||||||
api := fileApi{app: app}
|
api := fileApi{app: app}
|
||||||
|
|
||||||
subGroup := rg.Group("/files", ActivityLogger(app))
|
subGroup := rg.Group("/files", ActivityLogger(app))
|
||||||
subGroup.POST("/token", api.fileToken, RequireAdminOrRecordAuth())
|
subGroup.POST("/token", api.fileToken)
|
||||||
subGroup.HEAD("/:collection/:recordId/:filename", api.download, LoadCollectionContext(api.app))
|
subGroup.HEAD("/:collection/:recordId/:filename", api.download, LoadCollectionContext(api.app))
|
||||||
subGroup.GET("/:collection/:recordId/:filename", api.download, LoadCollectionContext(api.app))
|
subGroup.GET("/:collection/:recordId/:filename", api.download, LoadCollectionContext(api.app))
|
||||||
}
|
}
|
||||||
@@ -50,7 +50,7 @@ func (api *fileApi) fileToken(c echo.Context) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
handlerErr := api.app.OnFileBeforeTokenRequest().Trigger(event, func(e *core.FileTokenEvent) error {
|
handlerErr := api.app.OnFileBeforeTokenRequest().Trigger(event, func(e *core.FileTokenEvent) error {
|
||||||
if e.Token == "" {
|
if e.Model == nil || e.Token == "" {
|
||||||
return NewBadRequestError("Failed to generate file token.", nil)
|
return NewBadRequestError("Failed to generate file token.", nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -9,6 +9,7 @@ import (
|
|||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/labstack/echo/v5"
|
"github.com/labstack/echo/v5"
|
||||||
|
"github.com/pocketbase/pocketbase/core"
|
||||||
"github.com/pocketbase/pocketbase/daos"
|
"github.com/pocketbase/pocketbase/daos"
|
||||||
"github.com/pocketbase/pocketbase/tests"
|
"github.com/pocketbase/pocketbase/tests"
|
||||||
"github.com/pocketbase/pocketbase/tools/types"
|
"github.com/pocketbase/pocketbase/tools/types"
|
||||||
@@ -20,8 +21,32 @@ func TestFileToken(t *testing.T) {
|
|||||||
Name: "unauthorized",
|
Name: "unauthorized",
|
||||||
Method: http.MethodPost,
|
Method: http.MethodPost,
|
||||||
Url: "/api/files/token",
|
Url: "/api/files/token",
|
||||||
ExpectedStatus: 401,
|
ExpectedStatus: 400,
|
||||||
ExpectedContent: []string{`"data":{}`},
|
ExpectedContent: []string{`"data":{}`},
|
||||||
|
ExpectedEvents: map[string]int{
|
||||||
|
"OnFileBeforeTokenRequest": 1,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name: "unauthorized with model and token via hook",
|
||||||
|
Method: http.MethodPost,
|
||||||
|
Url: "/api/files/token",
|
||||||
|
BeforeTestFunc: func(t *testing.T, app *tests.TestApp, e *echo.Echo) {
|
||||||
|
app.OnFileBeforeTokenRequest().Add(func(e *core.FileTokenEvent) error {
|
||||||
|
record, _ := app.Dao().FindAuthRecordByEmail("users", "test@example.com")
|
||||||
|
e.Model = record
|
||||||
|
e.Token = "test"
|
||||||
|
return nil
|
||||||
|
})
|
||||||
|
},
|
||||||
|
ExpectedStatus: 200,
|
||||||
|
ExpectedContent: []string{
|
||||||
|
`"token":"test"`,
|
||||||
|
},
|
||||||
|
ExpectedEvents: map[string]int{
|
||||||
|
"OnFileBeforeTokenRequest": 1,
|
||||||
|
"OnFileAfterTokenRequest": 1,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: "auth record",
|
Name: "auth record",
|
||||||
|
|||||||
Reference in New Issue
Block a user