@anteros/core 0.0.1-alpha.6 → 0.0.1-alpha.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/server/api.ts +11 -7
package/package.json
CHANGED
package/server/api.ts
CHANGED
|
@@ -69,6 +69,15 @@ async function checkFileAccess(
|
|
|
69
69
|
throw new AppError('Access denied', { status: 401, code: 'ACCESS_DENIED' });
|
|
70
70
|
}
|
|
71
71
|
|
|
72
|
+
// Boolean `true` → allow without requiring a token
|
|
73
|
+
if (typeof rule === 'boolean') {
|
|
74
|
+
if (!rule) {
|
|
75
|
+
throw new AppError(`${operation} not allowed`, { status: 401, code: 'ACCESS_DENIED' });
|
|
76
|
+
}
|
|
77
|
+
return;
|
|
78
|
+
}
|
|
79
|
+
|
|
80
|
+
// Function → requires a valid token
|
|
72
81
|
const t = c.get('token');
|
|
73
82
|
const accessToken = { value: t?.value ?? null, decoded: t?.decoded ?? null, provided: t?.provided ?? false, expired: t?.expired ?? false };
|
|
74
83
|
|
|
@@ -79,13 +88,8 @@ async function checkFileAccess(
|
|
|
79
88
|
throw new AppError('Authentication required', { status: 401, code: 'AUTH_REQUIRED' });
|
|
80
89
|
}
|
|
81
90
|
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
const rest = new useRest({ internal: false, tenant_id });
|
|
85
|
-
allowed = await rule({ rest, error: fn.error, jwt: func.jwt, token: accessToken });
|
|
86
|
-
} else {
|
|
87
|
-
allowed = rule;
|
|
88
|
-
}
|
|
91
|
+
const rest = new useRest({ internal: false, tenant_id });
|
|
92
|
+
const allowed = await (rule as Function)({ rest, error: fn.error, jwt: func.jwt, token: accessToken });
|
|
89
93
|
if (!allowed) {
|
|
90
94
|
throw new AppError(`${operation} not allowed`, { status: 401, code: 'ACCESS_DENIED' });
|
|
91
95
|
}
|