Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-01-11 00:08:30 +01:00
Code Issues Projects Releases Wiki Activity

feat: move middleware to enterprise (#4767)

Browse Source
This commit is contained in:
Jaanus Sellin 2023-09-20 08:37:52 +03:00 committed by GitHub
parent ebc9cb20a9
commit e4577362bc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/lib/app.ts
View File

@ -29,7 +29,6 @@ import maintenanceMiddleware from './middleware/maintenance-middleware';
import { unless } from './middleware/unless-middleware'; import { unless } from './middleware/unless-middleware';
import { catchAllErrorHandler } from './middleware/catch-all-error-handler'; import { catchAllErrorHandler } from './middleware/catch-all-error-handler';
import NotFoundError from './error/notfound-error'; import NotFoundError from './error/notfound-error';
import privateProjectMiddleware from './features/private-project/privateProjectMiddleware';
export default async function getApp( export default async function getApp(
config: IUnleashConfig, config: IUnleashConfig,
@ -158,8 +157,6 @@ export default async function getApp(
} }
} }
app.use(baseUriPath, privateProjectMiddleware(config, services));
app.use( app.use(
baseUriPath, baseUriPath,
rbacMiddleware(config, stores, services.accessService), rbacMiddleware(config, stores, services.accessService),

39
src/lib/features/private-project/privateProjectMiddleware.ts
View File

@ -1,39 +0,0 @@
import { IUnleashConfig, IUnleashServices } from '../../types';
import { findParam } from '../../middleware';
import { NextFunction, Response } from 'express';
const privateProjectMiddleware = (
{
getLogger,
flagResolver,
}: Pick<IUnleashConfig, 'getLogger' | 'flagResolver'>,
{ accessService, privateProjectChecker }: IUnleashServices,
): any => {
const logger = getLogger('/middleware/project-middleware.ts');
logger.debug('Enabling private project middleware');
if (!flagResolver.isEnabled('privateProjects')) {
return (req, res, next) => next();
}
return async (req, res: Response, next: NextFunction) => {
req.checkPrivateProjectPermissions = async () => {
const { user } = req;
let projectId =
findParam('projectId', req) || findParam('project', req);
if (projectId === undefined) {
return true;
}
const permissions = await accessService.getPermissionsForUser(user);
return (
permissions.map((p) => p.permission).includes('ADMIN') ||
privateProjectChecker.hasAccessToProject(user.id, projectId)
);
};
next();
};
};
export default privateProjectMiddleware;

23
src/lib/features/private-project/privateProjectStore.ts
View File

@ -2,6 +2,8 @@ import { Db } from '../../db/db';
import { Logger, LogProvider } from '../../logger'; import { Logger, LogProvider } from '../../logger';
import { IPrivateProjectStore } from './privateProjectStoreType'; import { IPrivateProjectStore } from './privateProjectStoreType';
const ADMIN_TOKEN_ID = -1;
class PrivateProjectStore implements IPrivateProjectStore { class PrivateProjectStore implements IPrivateProjectStore {
private db: Db; private db: Db;
@ -15,26 +17,28 @@ class PrivateProjectStore implements IPrivateProjectStore {
destroy(): void {} destroy(): void {}
async getUserAccessibleProjects(userId: number): Promise<string[]> { async getUserAccessibleProjects(userId: number): Promise<string[]> {
const isNotViewer = await this.db('role_user') if (userId === ADMIN_TOKEN_ID) {
const allProjects = await this.db('projects').pluck('id');
return allProjects;
}
const isViewer = await this.db('role_user')
.join('roles', 'role_user.role_id', 'roles.id') .join('roles', 'role_user.role_id', 'roles.id')
.where('role_user.user_id', userId) .where('role_user.user_id', userId)
.andWhere((db) => { .andWhere({
db.whereNot({ 'roles.name': 'Viewer',
'roles.name': 'Viewer', 'roles.type': 'root',
'roles.type': 'root',
});
}) })
.count('*') .count('*')
.first(); .first();
if (isNotViewer && isNotViewer.count > 0) { if (!isViewer || isViewer.count == 0) {
const allProjects = await this.db('projects').pluck('id'); const allProjects = await this.db('projects').pluck('id');
return allProjects; return allProjects;
} }
const accessibleProjects = await this.db const accessibleProjects = await this.db
.from((db) => { .from((db) => {
db.distinct('accessible_projects.project_id') db.distinct()
.select('projects.id as project_id') .select('projects.id as project_id')
.from('projects') .from('projects')
.leftJoin( .leftJoin(
@ -82,7 +86,8 @@ class PrivateProjectStore implements IPrivateProjectStore {
}) })
.as('accessible_projects'); .as('accessible_projects');
}) })
.select('*'); .select('*')
.pluck('project_id');
return accessibleProjects; return accessibleProjects;
} }