@axium/storage 0.2.0 → 0.2.1

package/dist/server.js

@@ -1,8 +1,9 @@
-import { getSessionAndUser } from '@axium/server/auth';
+import { Permission } from '@axium/core';
+import { checkAuthForItem, checkAuthForUser, getSessionAndUser } from '@axium/server/auth';
 import { addConfigDefaults, config } from '@axium/server/config';
 import { connect, database, expectedTypes } from '@axium/server/database';
 import { dirs } from '@axium/server/io';
-import { checkAuth, getToken, parseBody, withError } from '@axium/server/requests';
+import { getToken, parseBody, withError } from '@axium/server/requests';
 import { addRoute } from '@axium/server/routes';
 import { error } from '@sveltejs/kit';
 import { createHash } from 'node:crypto';
@@ -102,10 +103,7 @@ addRoute({
         if (!config.storage.enabled)
             error(503, 'User storage is disabled');
         const itemId = event.params.id;
-        const item = await get(itemId);
-        if (!item)
-            error(404, 'Item not found');
-        await checkAuth(event, item.userId);
+        const { item } = await checkAuthForItem(event, 'storage', itemId, Permission.Read);
         return item;
     },
     async PATCH(event) {
@@ -113,10 +111,7 @@ addRoute({
             error(503, 'User storage is disabled');
         const itemId = event.params.id;
         const body = await parseBody(event, StorageItemUpdate);
-        const item = await get(itemId);
-        if (!item)
-            error(404, 'Item not found');
-        await checkAuth(event, item.userId);
+        await checkAuthForItem(event, 'storage', itemId, Permission.Manage);
         const values = {};
         if ('publicPermission' in body)
             values.publicPermission = body.publicPermission;
@@ -141,10 +136,7 @@ addRoute({
         if (!config.storage.enabled)
             error(503, 'User storage is disabled');
         const itemId = event.params.id;
-        const item = await get(itemId);
-        if (!item)
-            error(404, 'Item not found');
-        await checkAuth(event, item.userId);
+        const { item } = await checkAuthForItem(event, 'storage', itemId, Permission.Manage);
         await database
             .deleteFrom('storage')
             .where('id', '=', itemId)
@@ -168,10 +160,7 @@ addRoute({
         if (!config.storage.enabled)
             error(503, 'User storage is disabled');
         const itemId = event.params.id;
-        const item = await get(itemId);
-        if (!item)
-            error(404, 'Item not found');
-        await checkAuth(event, item.userId);
+        const { item } = await checkAuthForItem(event, 'storage', itemId, Permission.Read);
         if (item.type != 'inode/directory')
             error(409, 'Item is not a directory');
         const items = await database
@@ -257,10 +246,7 @@ addRoute({
         if (!config.storage.enabled)
             error(503, 'User storage is disabled');
         const itemId = event.params.id;
-        const item = await get(itemId);
-        if (!item)
-            error(404, 'Item not found');
-        await checkAuth(event, item.userId);
+        const { item } = await checkAuthForItem(event, 'storage', itemId, Permission.Read);
         if (item.trashedAt)
             error(410, 'Trashed items can not be downloaded');
         const content = new Uint8Array(readFileSync(join(config.storage.data, item.id)));
@@ -275,16 +261,11 @@ addRoute({
         if (!config.storage.enabled)
             error(503, 'User storage is disabled');
         const itemId = event.params.id;
-        const item = await get(itemId);
-        if (!item)
-            error(404, 'Item not found');
-        const { accessor } = await checkAuth(event, item.userId);
+        const { item } = await checkAuthForItem(event, 'storage', itemId, Permission.Edit);
         if (item.immutable)
             error(403, 'Item is immutable');
         if (item.trashedAt)
             error(410, 'Trashed items can not be changed');
-        if (item.userId != accessor.id)
-            error(403, 'Item editing is restricted to the owner');
         const type = event.request.headers.get('content-type') || 'application/octet-stream';
         // @todo: add this to the audit log
         if (type != item.type)
@@ -322,7 +303,7 @@ addRoute({
         if (!config.storage.enabled)
             error(503, 'User storage is disabled');
         const userId = event.params.id;
-        await checkAuth(event, userId);
+        await checkAuthForUser(event, userId);
         const [usage, limits] = await Promise.all([currentUsage(userId), getLimits(userId)]).catch(withError('Could not fetch data'));
         return { usage, limits };
     },
@@ -330,7 +311,7 @@ addRoute({
         if (!config.storage.enabled)
             error(503, 'User storage is disabled');
         const userId = event.params.id;
-        await checkAuth(event, userId);
+        await checkAuthForUser(event, userId);
         const [items, usage, limits] = await Promise.all([
             database.selectFrom('storage').where('userId', '=', userId).selectAll().select(withEncodedHash).execute(),
             currentUsage(userId),

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@axium/storage",
-	"version": "0.2.0",
+	"version": "0.2.1",
 	"author": "James Prevett <axium@jamespre.dev> (https://jamespre.dev)",
 	"description": "User file storage for Axium",
 	"funding": {
@@ -33,7 +33,7 @@
 	"peerDependencies": {
 		"@axium/client": ">=0.1.0",
 		"@axium/core": ">=0.5.0",
-		"@axium/server": ">=0.17.0",
+		"@axium/server": ">=0.18.0",
 		"@sveltejs/kit": "^2.23.0",
 		"utilium": "^2.3.8"
 	},