admin-aaw/snapify-authentik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

only allow owner to modify sharing setting

Browse source
This commit is contained in:
MarconLP 2023-04-14 15:21:44 +02:00
parent c089fb7d47
commit 665369c43c
No known key found for this signature in database
GPG key ID: A08A9C8B623F5EA5
1 changed files with 13 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
src/server/api/routers/video.ts
View file

@ -1,6 +1,10 @@
import { z } from "zod"; import { z } from "zod";
import { createTRPCRouter, protectedProcedure } from "~/server/api/trpc"; import {
createTRPCRouter,
protectedProcedure,
publicProcedure,
} from "~/server/api/trpc";
import { GetObjectCommand, PutObjectCommand } from "@aws-sdk/client-s3"; import { GetObjectCommand, PutObjectCommand } from "@aws-sdk/client-s3";
import { env } from "~/env.mjs"; import { env } from "~/env.mjs";
import { getSignedUrl } from "@aws-sdk/s3-request-presigner"; import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
@ -16,7 +20,7 @@ export const videoRouter = createTRPCRouter({
return videos; return videos;
}), }),
get: protectedProcedure get: publicProcedure
.input(z.object({ videoId: z.string() })) .input(z.object({ videoId: z.string() }))
.query(async ({ ctx, input }) => { .query(async ({ ctx, input }) => {
const { s3 } = ctx; const { s3 } = ctx;
@ -28,14 +32,17 @@ export const videoRouter = createTRPCRouter({
user: true, user: true,
}, },
}); });
if (!video) {
throw new TRPCError({ code: "NOT_FOUND" });
}
if (video?.userId !== ctx.session.user.id) { if (video.userId !== ctx?.session?.user.id && !video.sharing) {
throw new TRPCError({ code: "FORBIDDEN" }); throw new TRPCError({ code: "FORBIDDEN" });
} }
const getObjectCommand = new GetObjectCommand({ const getObjectCommand = new GetObjectCommand({
Bucket: env.AWS_BUCKET_NAME, Bucket: env.AWS_BUCKET_NAME,
Key: ctx.session.user.id + "/" + video.id, Key: video.userId + "/" + video.id,
}); });
const signedUrl = await getSignedUrl(s3, getObjectCommand); const signedUrl = await getSignedUrl(s3, getObjectCommand);
@ -58,8 +65,6 @@ export const videoRouter = createTRPCRouter({
}, },
}); });
console.log(video.id);
const putObjectCommand = new PutObjectCommand({ const putObjectCommand = new PutObjectCommand({
Bucket: env.AWS_BUCKET_NAME, Bucket: env.AWS_BUCKET_NAME,
Key: ctx.session.user.id + "/" + video.id, Key: ctx.session.user.id + "/" + video.id,
@ -76,9 +81,10 @@ export const videoRouter = createTRPCRouter({
setSharing: protectedProcedure setSharing: protectedProcedure
.input(z.object({ videoId: z.string(), sharing: z.boolean() })) .input(z.object({ videoId: z.string(), sharing: z.boolean() }))
.mutation(async ({ ctx, input }) => { .mutation(async ({ ctx, input }) => {
const updateVideo = await ctx.prisma.video.update({ const updateVideo = await ctx.prisma.video.updateMany({
where: { where: {
id: input.videoId, id: input.videoId,
userId: ctx.session.user.id,
}, },
data: { data: {
sharing: input.sharing, sharing: input.sharing,