FabLab/app
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

Compare commits

base: FabLab:1818fcfe888ee810b7184d4edd85ce62159ca589
Branches Tags
FabLab:main
..
compare: FabLab:221410dfb0f1942089d64a8b9ec82b1526c52333
Branches Tags
FabLab:main

No commits in common. "1818fcfe888ee810b7184d4edd85ce62159ca589" and "221410dfb0f1942089d64a8b9ec82b1526c52333" have entirely different histories.
1818fcfe88 ... 221410dfb0

2 changed files with 2 additions and 98 deletions
Show Stats Expand all files Collapse all files

38
apps/backend/src/app/auth/auth.guard.ts
View File

@ -87,41 +87,3 @@ export class AdminGuard implements CanActivate {
return true; return true;
} }
} }
@Injectable()
export class InsertAdminState implements CanActivate {
constructor(
@Inject(CredentialsService)
private readonly credentialService: CredentialsService,
@Inject(DbService) private readonly databaseService: DbService,
) {}
async canActivate(context: ExecutionContext): Promise<boolean> {
const request : Request = context.switchToHttp().getRequest();
const authHeader = request.headers.authorization;
if (!authHeader) {
request.headers.is_admin = false;
return true;
}
const token = authHeader.split(" ")[1];
const vToken = await this.credentialService.verifyAuthToken(token);
const user = await this.databaseService
.use()
.select()
.from(UsersTable)
.where(eq(UsersTable.uuid, vToken.payload.sub));
if (user.length !== 1)
throw new UnauthorizedException("No such user found.");
if (!user[0].isAdmin) {
request.headers.is_admin = false;
return true;
}
request.headers.is_admin = true
return true;
}
}

62
apps/backend/src/app/files/files.controller.ts
View File

@ -1,71 +1,13 @@
import { import { Controller, DefaultValuePipe, Get, Param, ParseIntPipe, Post, Query, StreamableFile } from '@nestjs/common';
Controller,
DefaultValuePipe,
Get,
Param,
ParseIntPipe,
Post,
Query,
Req,
Res,
Request,
Response,
StreamableFile, HttpStatus, HttpCode, BadRequestException, UseGuards
} from '@nestjs/common';
import { FilesService } from "./files.service"; import { FilesService } from "./files.service";
import { IncomingMessage } from 'node:http';
import { InsertAdminState } from '../auth/auth.guard';
@Controller("files") @Controller("files")
export class FilesController { export class FilesController {
constructor(private readonly filesService: FilesService) {} constructor(private readonly filesService: FilesService) {}
@UseGuards(InsertAdminState)
@HttpCode(HttpStatus.OK)
@Post('new') @Post('new')
async saveFile(@Req() req: IncomingMessage, @Res() res: Response) { async saveFile() {
let fileBuffer: Buffer = Buffer.from([]);
req.on('data', (chunk: Buffer) => {
fileBuffer = Buffer.concat([fileBuffer, chunk]);
});
req.on('end', async () => {
const _fileName = req.headers['file_name'] as string;
const _groupId = req.headers['group_id'] as string;
const _machineId = req.headers['machine_id'];
const _isDocumentation = req.headers['is_documentation'] as string;
const _isRestricted = req.headers['is_restricted'] as string;
const _isAdmin = Boolean(req.headers['is_admin'] as string | boolean);
// Vérifier que les en-têtes nécessaires sont présents
if (!_fileName || !_groupId || !_machineId) {
throw new BadRequestException("Header(s) manquant(s)");
}
const machineId = Array(..._machineId);
const Params = new Map()
.set("fileName", _fileName.toString())
.set("groupId", _groupId.toString())
.set("machinesId", Array(..._machineId))
//TODO Integrate a verification if the source is an admin, if that the case then it can define isDocumentation and isRestricted else throw in case of presence of those parameters.
if (_isAdmin) {
Params.set("isDocumentation", Boolean(_isDocumentation))
Params.set("isRestricted", Boolean(_isRestricted))
}
//TODO Implement the service
//await this.filesService.save(fileBuffer, Params);
// TODO logique de sauvegarde du fichier et des données
return { message: 'Fichier sauvegardé avec succès' }
});
req.on('error', (err) => {
throw new BadRequestException(err.message)
});
} }
@Get('find') @Get('find')