Skip to content

Commit

Permalink
use auth guards
Browse files Browse the repository at this point in the history
  • Loading branch information
rotorsoft committed Sep 9, 2024
1 parent fb51939 commit 904376d
Show file tree
Hide file tree
Showing 9 changed files with 68 additions and 108 deletions.
18 changes: 4 additions & 14 deletions libs/model/src/comment/CreateComment.command.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import * as schemas from '@hicommonwealth/schemas';
import { models } from '../database';
import { isAuthorized, type AuthContext } from '../middleware';
import { verifyCommentSignature } from '../middleware/canvas';
import { mustExist } from '../middleware/guards';
import { mustBeAuthorizedThread, mustExist } from '../middleware/guards';
import {
emitEvent,
emitMentions,
Expand Down Expand Up @@ -32,25 +32,15 @@ export function CreateComment(): Command<
isAuthorized({ action: schemas.PermissionEnum.CREATE_COMMENT }),
verifyCommentSignature,
],
body: async ({ actor, payload }) => {
const { thread_id, parent_id, ...rest } = payload;
body: async ({ actor, payload, auth }) => {
const { address, thread } = mustBeAuthorizedThread(actor, auth);

const thread = await models.Thread.findOne({ where: { id: thread_id } });
mustExist('Thread', thread);
if (thread.read_only)
throw new InvalidState(CreateCommentErrors.CantCommentOnReadOnly);
if (thread.archived_at)
throw new InvalidState(CreateCommentErrors.ThreadArchived);

const address = await models.Address.findOne({
where: {
community_id: thread.community_id,
user_id: actor.user.id,
address: actor.address,
},
});
mustExist('Community address', address);

const { thread_id, parent_id, ...rest } = payload;
if (parent_id) {
const parent = await models.Comment.findOne({
where: { id: parent_id, thread_id },
Expand Down
24 changes: 3 additions & 21 deletions libs/model/src/comment/CreateCommentReaction.command.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import * as schemas from '@hicommonwealth/schemas';
import { models } from '../database';
import { isAuthorized, type AuthContext } from '../middleware';
import { verifyReactionSignature } from '../middleware/canvas';
import { mustExist } from '../middleware/guards';
import { mustBeAuthorizedComment } from '../middleware/guards';
import { getVotingWeight } from '../services/stakeHelper';

export function CreateCommentReaction(): Command<
Expand All @@ -16,27 +16,9 @@ export function CreateCommentReaction(): Command<
isAuthorized({ action: schemas.PermissionEnum.CREATE_COMMENT_REACTION }),
verifyReactionSignature,
],
body: async ({ actor, payload }) => {
const comment = await models.Comment.findOne({
where: { id: payload.comment_id },
include: [
{
model: models.Thread,
required: true,
},
],
});
mustExist('Comment', comment);

body: async ({ payload, actor, auth }) => {
const { address, comment } = mustBeAuthorizedComment(actor, auth);
const thread = comment.Thread!;
const address = await models.Address.findOne({
where: {
community_id: thread.community_id,
user_id: actor.user.id,
address: actor.address,
},
});
mustExist('Community address', address);

const calculated_voting_weight = await getVotingWeight(
thread.community_id,
Expand Down
21 changes: 7 additions & 14 deletions libs/model/src/comment/UpdateComment.command.ts
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
import { type Command } from '@hicommonwealth/core';
import { InvalidInput, type Command } from '@hicommonwealth/core';
import * as schemas from '@hicommonwealth/schemas';
import { models } from '../database';
import { isAuthorized, type AuthContext } from '../middleware';
import { mustExist } from '../middleware/guards';
import { mustBeAuthorized } from '../middleware/guards';
import {
emitMentions,
findMentionDiff,
Expand All @@ -19,31 +19,24 @@ export function UpdateComment(): Command<
return {
...schemas.UpdateComment,
auth: [isAuthorized({})],
body: async ({ actor, payload }) => {
body: async ({ actor, payload, auth }) => {
const { address } = mustBeAuthorized(actor, auth);
const { comment_id, discord_meta } = payload;

// find by comment_id or discord_meta
const comment = await models.Comment.findOne({
where: comment_id ? { id: comment_id } : { discord_meta },
include: [{ model: models.Thread, required: true }],
});
mustExist('Comment', comment);
const thread = comment.Thread!;
if (!comment) throw new InvalidInput('Comment not found');

const thread = comment.Thread!;
const currentVersion = await models.CommentVersionHistory.findOne({
where: { comment_id: comment.id },
order: [['timestamp', 'DESC']],
});

if (currentVersion?.text !== payload.text) {
const address = await models.Address.findOne({
where: {
community_id: thread.community_id,
user_id: actor.user.id,
address: actor.address,
},
});
mustExist('Community address', address);

const text = sanitizeQuillText(payload.text);
const plaintext = quillToPlain(text);
const mentions = findMentionDiff(
Expand Down
31 changes: 0 additions & 31 deletions libs/model/src/community/UpdateCommunity.command.sample.ts

This file was deleted.

40 changes: 40 additions & 0 deletions libs/model/src/middleware/guards.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ import {
InvalidState,
logger,
} from '@hicommonwealth/core';
import { AddressInstance, ThreadInstance } from '../models';
import { AuthContext } from './authorization';

const log = logger(import.meta);

Expand Down Expand Up @@ -56,3 +58,41 @@ export function mustBeSuperAdmin(actor: Actor) {
if (!actor.user.isAdmin)
throw new InvalidActor(actor, 'Must be super administrator');
}

/**
* Address authorization guard
* @param auth auth context
* @returns narrowed auth context
*/
export function mustBeAuthorized(actor: Actor, auth?: AuthContext) {
if (!auth?.address) throw new InvalidActor(actor, 'Not authorized');
return auth as AuthContext & { address: AddressInstance };
}

/**
* Thread authorization guard
* @param auth auth context
* @returns narrowed auth context
*/
export function mustBeAuthorizedThread(actor: Actor, auth?: AuthContext) {
if (!auth?.address) throw new InvalidActor(actor, 'Not authorized');
if (!auth?.thread) throw new InvalidActor(actor, 'Not authorized thread');
return auth as AuthContext & {
address: AddressInstance;
thread: ThreadInstance;
};
}

/**
* Comment authorization guard
* @param auth auth context
* @returns narrowed auth context
*/
export function mustBeAuthorizedComment(actor: Actor, auth?: AuthContext) {
if (!auth?.address) throw new InvalidActor(actor, 'Not authorized');
if (!auth?.comment) throw new InvalidActor(actor, 'Not authorized comment');
return auth as AuthContext & {
address: AddressInstance;
comment: ThreadInstance;
};
}
16 changes: 4 additions & 12 deletions libs/model/src/thread/CreateThread.command.ts
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ import { GetActiveContestManagers } from '../contest';
import { models } from '../database';
import { isAuthorized, type AuthContext } from '../middleware';
import { verifyThreadSignature } from '../middleware/canvas';
import { mustExist } from '../middleware/guards';
import { mustBeAuthorized } from '../middleware/guards';
import { tokenBalanceCache } from '../services';
import {
emitMentions,
Expand Down Expand Up @@ -90,7 +90,9 @@ export function CreateThread(): Command<
isAuthorized({ action: schemas.PermissionEnum.CREATE_THREAD }),
verifyThreadSignature,
],
body: async ({ actor, payload }) => {
body: async ({ actor, payload, auth }) => {
const { address } = mustBeAuthorized(actor, auth);

const { community_id, topic_id, kind, url, ...rest } = payload;

if (kind === 'link' && !url?.trim())
Expand All @@ -109,16 +111,6 @@ export function CreateThread(): Command<
checkContestLimits(activeContestManagers, actor.address!);
}

// Loading to update last_active
const address = await models.Address.findOne({
where: {
user_id: actor.user.id,
community_id,
address: actor.address,
},
});
mustExist('Community address', address);

const body = sanitizeQuillText(payload.body);
const plaintext = kind === 'discussion' ? quillToPlain(body) : body;
const mentions = uniqueMentions(parseUserMentions(body));
Expand Down
19 changes: 4 additions & 15 deletions libs/model/src/thread/CreateThreadReaction.command.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import * as schemas from '@hicommonwealth/schemas';
import { models } from '../database';
import { isAuthorized, type AuthContext } from '../middleware';
import { verifyReactionSignature } from '../middleware/canvas';
import { mustExist } from '../middleware/guards';
import { mustBeAuthorizedThread } from '../middleware/guards';
import { getVotingWeight } from '../services/stakeHelper';

export const CreateThreadReactionErrors = {
Expand All @@ -22,23 +22,12 @@ export function CreateThreadReaction(): Command<
}),
verifyReactionSignature,
],
body: async ({ actor, payload }) => {
const thread = await models.Thread.findOne({
where: { id: payload.thread_id },
});
mustExist('Thread', thread);
body: async ({ payload, actor, auth }) => {
const { address, thread } = mustBeAuthorizedThread(actor, auth);

if (thread.archived_at)
throw new InvalidState(CreateThreadReactionErrors.ThreadArchived);

const address = await models.Address.findOne({
where: {
user_id: actor.user.id,
community_id: thread.community_id,
address: actor.address,
},
});
mustExist('Community address', address);

const calculated_voting_weight = await getVotingWeight(
thread.community_id,
address.address,
Expand Down
3 changes: 3 additions & 0 deletions libs/schemas/src/commands/comment.schemas.ts
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@ export const UpdateComment = {
input: z.object({
comment_id: PG_INT,
text: z.string().trim().min(1),

// discord integration
thread_id: PG_INT.optional(),
discord_meta: DiscordMetaSchema.optional(),
}),
output: Comment.extend({ community_id: z.string() }),
Expand Down
4 changes: 3 additions & 1 deletion packages/discord-bot/src/discord-consumer/handlers.ts
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,9 @@ export async function handleCommentMessages(
case 'comment-update':
await axios.patch(`${bot_path}/threads/${thread.id}/comments`, {
...sharedReqData,
body: encodeURIComponent(message.content),
comment_id: 0, // required in command
thread_id: thread.id, // to auth command
text: encodeURIComponent(message.content),
});
break;
case 'comment-delete':
Expand Down

0 comments on commit 904376d

Please sign in to comment.