go/pocketbase
1
0
Fork 0
mirror of https://github.com/pocketbase/pocketbase.git synced 2025-01-07 17:06:20 +02:00
Code Issues Releases Activity

allowed specifying non-context auth model for the file token endpoint

Browse Source
This commit is contained in:
Gani Georgiev 2023-04-17 22:04:58 +03:00
parent c937c06688
commit a7d5a0640c
2 changed files with 28 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apis/file.go
View File

@ -28,7 +28,7 @@ func bindFileApi(app core.App, rg *echo.Group) {
api := fileApi{app: app} api := fileApi{app: app}
subGroup := rg.Group("/files", ActivityLogger(app)) subGroup := rg.Group("/files", ActivityLogger(app))
subGroup.POST("/token", api.fileToken, RequireAdminOrRecordAuth()) subGroup.POST("/token", api.fileToken)
subGroup.HEAD("/:collection/:recordId/:filename", api.download, LoadCollectionContext(api.app)) subGroup.HEAD("/:collection/:recordId/:filename", api.download, LoadCollectionContext(api.app))
subGroup.GET("/:collection/:recordId/:filename", api.download, LoadCollectionContext(api.app)) subGroup.GET("/:collection/:recordId/:filename", api.download, LoadCollectionContext(api.app))
} }
@ -50,7 +50,7 @@ func (api *fileApi) fileToken(c echo.Context) error {
} }
handlerErr := api.app.OnFileBeforeTokenRequest().Trigger(event, func(e *core.FileTokenEvent) error { handlerErr := api.app.OnFileBeforeTokenRequest().Trigger(event, func(e *core.FileTokenEvent) error {
if e.Token == "" { if e.Model == nil || e.Token == "" {
return NewBadRequestError("Failed to generate file token.", nil) return NewBadRequestError("Failed to generate file token.", nil)
} }

27
apis/file_test.go
View File

@ -9,6 +9,7 @@ import (
"testing" "testing"
"github.com/labstack/echo/v5" "github.com/labstack/echo/v5"
"github.com/pocketbase/pocketbase/core"
"github.com/pocketbase/pocketbase/daos" "github.com/pocketbase/pocketbase/daos"
"github.com/pocketbase/pocketbase/tests" "github.com/pocketbase/pocketbase/tests"
"github.com/pocketbase/pocketbase/tools/types" "github.com/pocketbase/pocketbase/tools/types"
@ -20,8 +21,32 @@ func TestFileToken(t *testing.T) {
Name: "unauthorized", Name: "unauthorized",
Method: http.MethodPost, Method: http.MethodPost,
Url: "/api/files/token", Url: "/api/files/token",
ExpectedStatus: 401, ExpectedStatus: 400,
ExpectedContent: []string{`"data":{}`}, ExpectedContent: []string{`"data":{}`},
ExpectedEvents: map[string]int{
"OnFileBeforeTokenRequest": 1,
},
},
{
Name: "unauthorized with model and token via hook",
Method: http.MethodPost,
Url: "/api/files/token",
BeforeTestFunc: func(t *testing.T, app *tests.TestApp, e *echo.Echo) {
app.OnFileBeforeTokenRequest().Add(func(e *core.FileTokenEvent) error {
record, _ := app.Dao().FindAuthRecordByEmail("users", "test@example.com")
e.Model = record
e.Token = "test"
return nil
})
},
ExpectedStatus: 200,
ExpectedContent: []string{
`"token":"test"`,
},
ExpectedEvents: map[string]int{
"OnFileBeforeTokenRequest": 1,
"OnFileAfterTokenRequest": 1,
},
}, },
{ {
Name: "auth record", Name: "auth record",