Skip to content

Commit 1671e1c

Browse files
tacxoutacxou
committed
Add authorization checks to read raw photo endpoint
1 parent 6210a14 commit 1671e1c

File tree

2 files changed

+14
-0
lines changed

2 files changed

+14
-0
lines changed

src/management/identities/identities-photo.controller.ts

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ import {
77
Post,
88
Query,
99
Res,
10+
UnauthorizedException,
1011
UploadedFile,
1112
UseInterceptors,
1213
} from '@nestjs/common';
@@ -30,6 +31,9 @@ import { TransformersFilestorageService } from '~/core/filestorage/_services/tra
3031
import { PaginatedFilterDto } from '~/_common/dto/paginated-filter.dto';
3132
import { IdentitiesCrudService } from '~/management/identities/identities-crud.service';
3233
import { Public } from '~/_common/decorators/public.decorator';
34+
import { Agents } from '~/core/agents/_schemas/agents.schema';
35+
import { hash } from 'crypto';
36+
import { AgentsService } from '~/core/agents/agents.service';
3337

3438
@ApiTags('management/identities')
3539
@Controller('identities')
@@ -39,6 +43,7 @@ export class IdentitiesPhotoController extends AbstractController {
3943
protected readonly _validation: IdentitiesValidationService,
4044
protected readonly filestorage: FilestorageService,
4145
private readonly transformerService: TransformersFilestorageService,
46+
private agentsService: AgentsService,
4247
) {
4348
super();
4449
}
@@ -97,8 +102,15 @@ export class IdentitiesPhotoController extends AbstractController {
97102
public async readPhotoRaw(
98103
@Res() res: Response,
99104
@SearchFilterSchema() searchFilterSchema: FilterSchema,
105+
@Query('id') id: string,
106+
@Query('key') key: string,
100107
@Query('mime') mime: string = '',
101108
): Promise<void> {
109+
if (!id || !key) throw new UnauthorizedException();
110+
const user = await this.agentsService.findById<Agents>(id);
111+
if (!user) throw new UnauthorizedException();
112+
if (key !== hash('sha256', user.security.secretKey)) throw new UnauthorizedException();
113+
102114
const identity = await this._service.findOne<Identities>(searchFilterSchema);
103115
const [data, stream, parent] = await this.filestorage.findOneWithRawData({
104116
namespace: 'identities',

src/management/identities/identities.module.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ import { IdentitiesActivationController } from '~/management/identities/identiti
1919
import { IdentitiesActivationService } from '~/management/identities/identities-activation.service';
2020
import { IdentitiesDoublonController } from '~/management/identities/identities-doublon.controller';
2121
import { EnsureIdentitiesIndexMiddleware } from './_middlewares/ensure-identities-index.middleware';
22+
import { AgentsModule } from '~/core/agents/agents.module';
2223

2324
@Module({
2425
imports: [
@@ -32,6 +33,7 @@ import { EnsureIdentitiesIndexMiddleware } from './_middlewares/ensure-identitie
3233
]),
3334
FilestorageModule,
3435
forwardRef(() => BackendsModule),
36+
AgentsModule,
3537
],
3638
providers: [
3739
IdentitiesUpsertService,

0 commit comments

Comments
 (0)