topaLE
/
ghostfolio
mirror of https://github.com/ghostfolio/ghostfolio
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

common accesToken related authorization logic moved into validateOwnAccessToken

pull/5016/head
csehatt741 6 days ago
committed by Thomas Kaul
parent
feeb731fcf
commit
ecbf4e7eb1
1 changed files with 24 additions and 31 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 55
      apps/api/src/app/user/user.controller.ts

55
apps/api/src/app/user/user.controller.ts
View File

@ -54,24 +54,9 @@ export class UserController {
public async deleteOwnUser(
@Body() data: DeleteOwnUserDto
): Promise<UserModel> {
const hashedAccessToken = this.userService.createAccessToken({
password: data.accessToken,
salt: this.configurationService.get('ACCESS_TOKEN_SALT')
});
const [user] = await this.userService.users({
where: { accessToken: hashedAccessToken, id: this.request.user.id }
});
if (!user) {
throw new HttpException(
getReasonPhrase(StatusCodes.FORBIDDEN),
StatusCodes.FORBIDDEN
);
}
const user = await this.validateOwnAccessToken(data.accessToken);
return this.userService.deleteUser({
accessToken: hashedAccessToken,
id: user.id
});
}
@ -107,21 +92,7 @@ export class UserController {
public async updateOwnAccessToken(
@Body() data: UpdateOwnAccessTokenDto
): Promise<AccessTokenResponse> {
const currentHashedAccessToken = this.userService.createAccessToken({
password: data.accessToken,
salt: this.configurationService.get('ACCESS_TOKEN_SALT')
});
const [user] = await this.userService.users({
where: { accessToken: currentHashedAccessToken, id: this.request.user.id }
});
if (!user) {
throw new HttpException(
getReasonPhrase(StatusCodes.FORBIDDEN),
StatusCodes.FORBIDDEN
);
}
const user = await this.validateOwnAccessToken(data.accessToken);
return await this.rotateUserAccessToken(user.id);
}
@ -206,6 +177,28 @@ export class UserController {
});
}
private async validateOwnAccessToken(
accessToken: string
): Promise<UserModel> {
const hashedAccessToken = this.userService.createAccessToken({
password: accessToken,
salt: this.configurationService.get('ACCESS_TOKEN_SALT')
});
const [user] = await this.userService.users({
where: { accessToken: hashedAccessToken, id: this.request.user.id }
});
if (!user) {
throw new HttpException(
getReasonPhrase(StatusCodes.FORBIDDEN),
StatusCodes.FORBIDDEN
);
}
return user;
}
private async rotateUserAccessToken(
userId: string
): Promise<AccessTokenResponse> {

Write Preview
Loading…
Cancel
Save