feat: Properly authenticate and prevent access of /api

2024-06-21 22:26:38 +02:00 · 2024-06-21 22:26:38 +02:00 · c3cb2441b3
commit c3cb2441b3
parent aca47a14e4
7 changed files with 59 additions and 26 deletions
--- a/app/src/lib/analysis/modes/transcription/Track.svelte
+++ b/app/src/lib/analysis/modes/transcription/Track.svelte
@ -97,9 +97,9 @@
 						tabindex="0"
 						class="flex h-full w-full items-center justify-center overflow-clip rounded-none bg-accent text-accent-foreground"
 						onclick={(event: MouseEvent) => handleCreate(event, caption)}
-						ondblclick={(event: MouseEvent)=>{
-							doubleClick(event)
-							createRegion(caption.start, caption.end, null)
+						ondblclick={(event: MouseEvent) => {
+							doubleClick(event);
+							createRegion(caption.start, caption.end, null);
 						}}
 						onfocusout={(event: FocusEvent) => focusOut(event, caption)}
 						onkeydown={(event: KeyboardEvent) => keyDown(event, caption)}
--- a/app/src/routes/(protected)/api/[...path]/+server.ts
+++ b/app/src/routes/(protected)/api/[...path]/+server.ts
@ -0,0 +1,49 @@
+import { PUBLIC_KERNEL_ORIGIN } from '$env/static/public';
+import { error } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+import { z } from 'zod';
+import { db } from '$lib/database';
+import { and, eq } from 'drizzle-orm';
+import { fileTable } from '$lib/database/schema';
+
+export const POST: RequestHandler = async ({ request, params: { path }, locals: { user } }) => {
+	if (!user) {
+		error(401, 'Not logged in');
+	}
+
+	const json = (await request.json()) as unknown;
+
+	const jsonShape = z.object({
+		fileState: z.object({
+			id: z.string()
+		})
+	});
+
+	const result = jsonShape.safeParse(json);
+
+	if (!result.success) {
+		error(400, 'Invalid JSON or no fileState.id');
+	}
+
+	const {
+		fileState: { id }
+	} = result.data;
+
+	const dbFile = await db.query.fileTable.findFirst({
+		where: and(eq(fileTable.id, id), eq(fileTable.uploader, user.id)),
+		columns: { id: true }
+	});
+
+	if (!dbFile) {
+		error(404, `File not found (id: ${id})`);
+	}
+
+	const url = new URL(path, PUBLIC_KERNEL_ORIGIN);
+	return await fetch(url, {
+		method: 'POST',
+		headers: {
+			'Content-Type': 'application/json'
+		},
+		body: JSON.stringify(json)
+	});
+};
--- a/app/src/routes/(protected)/recorder/RecorderSingle.svelte
+++ b/app/src/routes/(protected)/recorder/RecorderSingle.svelte
@ -137,7 +137,11 @@
 						on:focus={disableShortcuts}
 						on:blur={enableShortcuts}
 						bind:value={previewing.note}
-						on:input={(e: InputEvent) => {if(previewingIndex){handleNoteChange(e, previewingIndex)}}}
+						on:input={(e: InputEvent) => {
+							if (previewingIndex) {
+								handleNoteChange(e, previewingIndex);
+							}
+						}}
 					/>
 				{/if}
 			</div>
--- a/docker-compose.prod.yaml
+++ b/docker-compose.prod.yaml
@ -28,7 +28,7 @@ services:
    restart: unless-stopped
    stop_grace_period: 5s
    environment:
-      PUBLIC_KERNEL_ORIGIN: http://kernel
+      PUBLIC_KERNEL_ORIGIN: http://kernel:8000
      PG_CONNECTION_STRING: postgres://user:password@postgres:5432/spectral_db
    build:
      context: ./app
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -28,7 +28,7 @@ services:
    restart: unless-stopped
    stop_grace_period: 500ms
    environment:
-      PUBLIC_KERNEL_ORIGIN: http://kernel
+      PUBLIC_KERNEL_ORIGIN: http://kernel:8000
      PG_CONNECTION_STRING: postgres://user:password@postgres:5432/spectral_db
    build:
      context: ./app
--- a/nginx.conf
+++ b/nginx.conf
@ -22,16 +22,6 @@ http {
            client_max_body_size 100M; # Allows file uploads up to 100MB
        }

-        # Configuration for the kernel service
-        location /api/ {
-            proxy_pass http://kernel:8000; # Proxies requests to the kernel service
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection 'upgrade';
-            proxy_set_header Host $host;
-            proxy_cache_bypass $http_upgrade;
-        }
-
        location ^~ /log/ {
            proxy_pass http://log:8080;

--- a/nginx.prod.conf
+++ b/nginx.prod.conf
@ -41,16 +41,6 @@ http {
            client_max_body_size 2G; # Allows file uploads up to 2G
        }

-        # Configuration for the kernel service
-        location /api/ {
-            proxy_pass http://kernel:8000; # Proxies requests to the kernel service
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection 'upgrade';
-            proxy_set_header Host $host;
-            proxy_cache_bypass $http_upgrade;
-        }
-
        # Configuration for the log service
        location ^~ /log/ {
            proxy_pass http://log:8080;