feat: allow unauthenticated uploads

2026-04-11 10:27:01 +02:00 · 2022-10-18 14:27:14 +02:00
parent 41c3bafbd7
commit 84d29dff68
17 changed files with 340 additions and 249 deletions
--- a/backend/src/auth/guard/jwt.guard.ts
+++ b/backend/src/auth/guard/jwt.guard.ts
@@ -1,7 +1,14 @@
+import { ExecutionContext } from "@nestjs/common";
 import { AuthGuard } from "@nestjs/passport";
+import { Observable } from "rxjs";

 export class JwtGuard extends AuthGuard("jwt") {
  constructor() {
    super();
  }
+  canActivate(
+    context: ExecutionContext
+  ): boolean | Promise<boolean> | Observable<boolean> {
+    return  process.env.ALLOW_UNAUTHENTICATED_SHARES == "true" ? true : super.canActivate(context);
+  }
 }
--- a/backend/src/auth/strategy/jwt.strategy.ts
+++ b/backend/src/auth/strategy/jwt.strategy.ts
@@ -11,6 +11,7 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
    super({
      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
      secretOrKey: config.get("JWT_SECRET"),
+    
    });
  }

--- a/backend/src/share/guard/shareOwner.guard.ts
+++ b/backend/src/share/guard/shareOwner.guard.ts
@@ -28,6 +28,8 @@ export class ShareOwnerGuard implements CanActivate {

    if (!share) throw new NotFoundException("Share not found");

+    if(!share.creatorId) return true;
+
    return share.creatorId == (request.user as User).id;
  }
 }
--- a/backend/src/share/share.service.ts
+++ b/backend/src/share/share.service.ts
@@ -24,7 +24,7 @@ export class ShareService {
    private jwtService: JwtService
  ) {}

-  async create(share: CreateShareDTO, user: User) {
+  async create(share: CreateShareDTO, user?: User) {
    if (!(await this.isShareIdAvailable(share.id)).isAvailable)
      throw new BadRequestException("Share id already in use");

@@ -58,7 +58,7 @@ export class ShareService {
      data: {
        ...share,
        expiration: expirationDate,
-        creator: { connect: { id: user.id } },
+        creator: { connect: user ? { id: user.id } : undefined },
        security: { create: share.security },
      },
    });
@@ -154,6 +154,8 @@ export class ShareService {
    });

    if (!share) throw new NotFoundException("Share not found");
+    if (!share.creatorId)
+      throw new ForbiddenException("Anonymous shares can't be deleted");

    await this.fileService.deleteAllFiles(shareId);
    await this.prisma.share.delete({ where: { id: shareId } });