Merge pull request #3000 from specklesystems/previews-ioc-4

chore(server): previews IoC 4 - checkStreamPermissionsFactory
2024-09-17 09:48:48 +02:00 · 2024-09-17 09:48:48 +02:00 · e462d5dc7a
--- a/packages/server/modules/previews/domain/operations.ts
+++ b/packages/server/modules/previews/domain/operations.ts
@ -36,3 +36,7 @@ export type SendObjectPreview = (
  objectId: string,
  angle: string
 ) => Promise<void>
+
+export type CheckStreamPermissions = (
+  req: express.Request
+) => Promise<{ hasPermissions: boolean; httpErrorCode: number }>
--- a/packages/server/modules/previews/index.js
+++ b/packages/server/modules/previews/index.js
@ -1,7 +1,6 @@
 /* istanbul ignore file */
 'use strict'
 const { validateScopes, authorizeResolver } = require('@/modules/shared')
-const { getStream } = require('../core/services/streams')
 const {
  getCommitsByStreamId,
  getCommitsByBranchName,
@ -13,7 +12,6 @@ const { moduleLogger } = require('@/logging/logging')
 const {
  listenForPreviewGenerationUpdates
 } = require('@/modules/previews/services/resultListener')
-const { Scopes, Roles } = require('@speckle/shared')

 const httpErrorImage = (httpErrorCode) =>
  require.resolve(`#/assets/previews/images/preview_${httpErrorCode}.png`)
@ -22,7 +20,8 @@ const cors = require('cors')
 const { db } = require('@/db/knex')
 const {
  getObjectPreviewBufferOrFilepathFactory,
-  sendObjectPreviewFactory
+  sendObjectPreviewFactory,
+  checkStreamPermissionsFactory
 } = require('@/modules/previews/services/management')
 const { getObject } = require('@/modules/core/services/objects')
 const {
@ -51,41 +50,10 @@ exports.init = (app, isInitial) => {
    getObjectPreviewBufferOrFilepath,
    makeOgImage
  })
-
-  const checkStreamPermissions = async (req) => {
-    const stream = await getStream({
-      streamId: req.params.streamId,
-      userId: req.context.userId
-    })
-
-    if (!stream) {
-      return { hasPermissions: false, httpErrorCode: 404 }
-    }
-
-    if (!stream.isPublic && req.context.auth === false) {
-      return { hasPermissions: false, httpErrorCode: 401 }
-    }
-
-    if (!stream.isPublic) {
-      try {
-        await validateScopes(req.context.scopes, Scopes.Streams.Read)
-      } catch {
-        return { hasPermissions: false, httpErrorCode: 401 }
-      }
-
-      try {
-        await authorizeResolver(
-          req.context.userId,
-          req.params.streamId,
-          Roles.Stream.Reviewer,
-          req.context.resourceAccessRules
-        )
-      } catch {
-        return { hasPermissions: false, httpErrorCode: 401 }
-      }
-    }
-    return { hasPermissions: true, httpErrorCode: 200 }
-  }
+  const checkStreamPermissions = checkStreamPermissionsFactory({
+    validateScopes,
+    authorizeResolver
+  })

  app.options('/preview/:streamId/:angle?', cors())
  app.get('/preview/:streamId/:angle?', cors(), async (req, res) => {
--- a/packages/server/modules/previews/services/management.ts
+++ b/packages/server/modules/previews/services/management.ts
@ -2,6 +2,7 @@ import { logger } from '@/logging/logging'
 import { getStream } from '@/modules/core/repositories/streams'
 import { getObject } from '@/modules/core/services/objects'
 import {
+  CheckStreamPermissions,
  CreateObjectPreview,
  GetObjectPreviewBufferOrFilepath,
  GetObjectPreviewInfo,
@ -9,6 +10,8 @@ import {
  SendObjectPreview
 } from '@/modules/previews/domain/operations'
 import { makeOgImage } from '@/modules/previews/ogImage'
+import { authorizeResolver, validateScopes } from '@/modules/shared'
+import { Roles, Scopes } from '@speckle/shared'

 const noPreviewImage = require.resolve('#/assets/previews/images/no_preview.png')
 const previewErrorImage = require.resolve('#/assets/previews/images/preview_error.png')
@ -128,3 +131,43 @@ export const sendObjectPreviewFactory =
      res.send(previewBufferOrFile.buffer)
    }
  }
+
+export const checkStreamPermissionsFactory =
+  (deps: {
+    validateScopes: typeof validateScopes
+    authorizeResolver: typeof authorizeResolver
+  }): CheckStreamPermissions =>
+  async (req) => {
+    const stream = await getStream({
+      streamId: req.params.streamId,
+      userId: req.context.userId
+    })
+
+    if (!stream) {
+      return { hasPermissions: false, httpErrorCode: 404 }
+    }
+
+    if (!stream.isPublic && req.context.auth === false) {
+      return { hasPermissions: false, httpErrorCode: 401 }
+    }
+
+    if (!stream.isPublic) {
+      try {
+        await deps.validateScopes(req.context.scopes, Scopes.Streams.Read)
+      } catch {
+        return { hasPermissions: false, httpErrorCode: 401 }
+      }
+
+      try {
+        await deps.authorizeResolver(
+          req.context.userId,
+          req.params.streamId,
+          Roles.Stream.Reviewer,
+          req.context.resourceAccessRules
+        )
+      } catch {
+        return { hasPermissions: false, httpErrorCode: 401 }
+      }
+    }
+    return { hasPermissions: true, httpErrorCode: 200 }
+  }