github/umami
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Fixed share token check.

Browse Source
This commit is contained in:
Mike Cao
2022-11-16 11:44:36 -08:00
parent 091716e037
commit 8722b794d9
2 changed files with 6 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/auth.js
View File

@@ -50,12 +50,9 @@ export function isValidToken(token, validation) {
export async function allowQuery(req, type) {
const { id } = req.query;
const {
user: { id: userId, isAdmin },
shareToken,
} = req.auth;
const { user, shareToken } = req.auth;
if (isAdmin) {
if (user?.isAdmin) {
return true;
}
@@ -63,11 +60,11 @@ export async function allowQuery(req, type) {
return isValidToken(shareToken, { id });
}
if (userId) {
if (user?.id) {
if (type === TYPE_WEBSITE) {
const website = await getWebsite({ id });
return website && website.userId === userId;
return website && website.userId === user.id;
} else if (type === TYPE_USER) {
const user = await getUser({ id });