✨ Upload attachment requires permission check

2024-05-17 20:36:00 +08:00
parent 8b71ec2e3f
commit 145c5563a5
10 changed files with 100 additions and 91 deletions
--- a/pkg/grpc/client.go
+++ b/pkg/grpc/client.go
@ -8,9 +8,6 @@ import (
 	"google.golang.org/grpc"
 )

-var Realms idpb.RealmsClient
-var Friendships idpb.FriendshipsClient
-var Notify idpb.NotifyClient
 var Auth idpb.AuthClient

 func ConnectPassport() error {
@ -18,9 +15,6 @@ func ConnectPassport() error {
 	if conn, err := grpc.Dial(addr, grpc.WithTransportCredentials(insecure.NewCredentials())); err != nil {
 		return err
 	} else {
-		Realms = idpb.NewRealmsClient(conn)
-		Friendships = idpb.NewFriendshipsClient(conn)
-		Notify = idpb.NewNotifyClient(conn)
 		Auth = idpb.NewAuthClient(conn)
 	}

--- a/pkg/server/attachments_api.go
+++ b/pkg/server/attachments_api.go
@ -1,7 +1,10 @@
 package server

 import (
+	"context"
 	"fmt"
+	"git.solsynth.dev/hydrogen/paperclip/pkg/grpc"
+	"git.solsynth.dev/hydrogen/passport/pkg/grpc/proto"
 	"net/url"
 	"path/filepath"

@ -79,13 +82,25 @@ func createAttachment(c *fiber.Ctx) error {
 		return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("disallowed usage: %s", usage))
 	}

-	// TODO Add file size check with user permissions (BLOCKED BY Passport#3)
-
 	file, err := c.FormFile("file")
 	if err != nil {
 		return err
 	}

+	requiredPerm, _ := jsoniter.Marshal(file.Size)
+	if result, err := grpc.Auth.CheckPerm(context.Background(), &proto.CheckPermRequest{
+		Token: c.Locals("token").(string),
+		Key:   "CreatePaperclipAttachments",
+		Value: requiredPerm,
+	}); err != nil {
+		return fiber.NewError(fiber.StatusInternalServerError, fmt.Sprintf("failed to check permission: %v", err))
+	} else if !result.GetIsValid() {
+		return fiber.NewError(
+			fiber.StatusForbidden,
+			fmt.Sprintf("requires permission CreatePaperclipAttachments equals or greater than %d", file.Size),
+		)
+	}
+
 	var usermeta = make(map[string]any)
 	_ = jsoniter.UnmarshalFromString(c.FormValue("metadata"), &usermeta)

--- a/pkg/services/accounts.go
+++ b/pkg/services/accounts.go
@ -1,56 +0,0 @@
-package services
-
-import (
-	"context"
-	"time"
-
-	"git.solsynth.dev/hydrogen/paperclip/pkg/database"
-	"git.solsynth.dev/hydrogen/paperclip/pkg/grpc"
-	"git.solsynth.dev/hydrogen/paperclip/pkg/models"
-	"git.solsynth.dev/hydrogen/passport/pkg/grpc/proto"
-	"github.com/rs/zerolog/log"
-	"github.com/spf13/viper"
-)
-
-func GetAccountFriend(userId, relatedId uint, status int) (*proto.FriendshipResponse, error) {
-	var user models.Account
-	if err := database.C.Where("id = ?", userId).First(&user).Error; err != nil {
-		return nil, err
-	}
-	var related models.Account
-	if err := database.C.Where("id = ?", relatedId).First(&related).Error; err != nil {
-		return nil, err
-	}
-
-	ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
-	defer cancel()
-
-	return grpc.Friendships.GetFriendship(ctx, &proto.FriendshipTwoSideLookupRequest{
-		AccountId: uint64(user.ExternalID),
-		RelatedId: uint64(related.ExternalID),
-		Status:    uint32(status),
-	})
-}
-
-func NotifyAccount(user models.Account, subject, content string, realtime bool, links ...*proto.NotifyLink) error {
-	ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
-	defer cancel()
-
-	_, err := grpc.Notify.NotifyUser(ctx, &proto.NotifyRequest{
-		ClientId:     viper.GetString("passport.client_id"),
-		ClientSecret: viper.GetString("passport.client_secret"),
-		Subject:      subject,
-		Content:      content,
-		Links:        links,
-		RecipientId:  uint64(user.ExternalID),
-		IsRealtime:   realtime,
-		IsImportant:  false,
-	})
-	if err != nil {
-		log.Warn().Err(err).Msg("An error occurred when notify account...")
-	} else {
-		log.Debug().Uint("external", user.ExternalID).Msg("Notified account.")
-	}
-
-	return err
-}