From 04343b2a6c948f08621aa14f1f47d91e6c485468 Mon Sep 17 00:00:00 2001 From: Neeraj Gupta <254676+ua741@users.noreply.github.com> Date: Wed, 14 Aug 2024 10:43:18 +0530 Subject: [PATCH 1/2] [server] Add auth key validation --- server/ente/errors.go | 2 ++ .../controller/authenticator/controller.go | 26 +++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/server/ente/errors.go b/server/ente/errors.go index 528a92317b..effeaee252 100644 --- a/server/ente/errors.go +++ b/server/ente/errors.go @@ -178,6 +178,8 @@ const ( FileNotFoundInAlbum ErrorCode = "FILE_NOT_FOUND_IN_ALBUM" + AuthKeyNotCreated ErrorCode = "AUTH_KEY_NOT_CREATED" + // PublicCollectDisabled error code indicates that the user has not enabled public collect PublicCollectDisabled ErrorCode = "PUBLIC_COLLECT_DISABLED" diff --git a/server/pkg/controller/authenticator/controller.go b/server/pkg/controller/authenticator/controller.go index a89b5047f0..f42d2deafd 100644 --- a/server/pkg/controller/authenticator/controller.go +++ b/server/pkg/controller/authenticator/controller.go @@ -1,11 +1,14 @@ package authenticaor import ( + "errors" + "github.com/ente-io/museum/ente" model "github.com/ente-io/museum/ente/authenticator" "github.com/ente-io/museum/pkg/repo/authenticator" "github.com/ente-io/museum/pkg/utils/auth" "github.com/ente-io/stacktrace" "github.com/google/uuid" + "net/http" "github.com/gin-gonic/gin" ) @@ -33,6 +36,9 @@ func (c *Controller) GetKey(ctx *gin.Context) (*model.Key, error) { // CreateEntity... func (c *Controller) CreateEntity(ctx *gin.Context, req model.CreateEntityRequest) (*model.Entity, error) { + if err := c.validateKey(ctx); err != nil { + return nil, stacktrace.Propagate(err, "failed to validateKey") + } userID := auth.GetUserID(ctx.Request.Header) id, err := c.Repo.Create(ctx, userID, req) if err != nil { @@ -47,10 +53,27 @@ func (c *Controller) CreateEntity(ctx *gin.Context, req model.CreateEntityReques // UpdateEntity... func (c *Controller) UpdateEntity(ctx *gin.Context, req model.UpdateEntityRequest) error { + if err := c.validateKey(ctx); err != nil { + return stacktrace.Propagate(err, "failed to validateKey") + } userID := auth.GetUserID(ctx.Request.Header) + return c.Repo.Update(ctx, userID, req) } +func (c *Controller) validateKey(ctx *gin.Context) error { + userID := auth.GetUserID(ctx.Request.Header) + _, err := c.Repo.GetKey(ctx, userID) + if err != nil && errors.Is(err, &ente.ErrNotFoundError) { + return stacktrace.Propagate(&ente.ApiError{ + Code: ente.AuthKeyNotCreated, + Message: "AuthKey is not created", + HttpStatusCode: http.StatusBadRequest, + }, "") + } + return err +} + // Delete... func (c *Controller) Delete(ctx *gin.Context, entityID uuid.UUID) (bool, error) { userID := auth.GetUserID(ctx.Request.Header) @@ -59,6 +82,9 @@ func (c *Controller) Delete(ctx *gin.Context, entityID uuid.UUID) (bool, error) // GetDiff... func (c *Controller) GetDiff(ctx *gin.Context, req model.GetEntityDiffRequest) ([]model.Entity, error) { + if err := c.validateKey(ctx); err != nil { + return nil, stacktrace.Propagate(err, "failed to validateKey") + } userID := auth.GetUserID(ctx.Request.Header) return c.Repo.GetDiff(ctx, userID, *req.SinceTime, req.Limit) } From 359572f4b2d8713edd38c009acb04d87e600984f Mon Sep 17 00:00:00 2001 From: Neeraj Gupta <254676+ua741@users.noreply.github.com> Date: Wed, 14 Aug 2024 16:05:22 +0530 Subject: [PATCH 2/2] Remove keyValidation from diff --- server/pkg/controller/authenticator/controller.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/server/pkg/controller/authenticator/controller.go b/server/pkg/controller/authenticator/controller.go index f42d2deafd..10b59210cc 100644 --- a/server/pkg/controller/authenticator/controller.go +++ b/server/pkg/controller/authenticator/controller.go @@ -82,9 +82,6 @@ func (c *Controller) Delete(ctx *gin.Context, entityID uuid.UUID) (bool, error) // GetDiff... func (c *Controller) GetDiff(ctx *gin.Context, req model.GetEntityDiffRequest) ([]model.Entity, error) { - if err := c.validateKey(ctx); err != nil { - return nil, stacktrace.Propagate(err, "failed to validateKey") - } userID := auth.GetUserID(ctx.Request.Header) return c.Repo.GetDiff(ctx, userID, *req.SinceTime, req.Limit) }