fixes
Build And Push Image / docker (push) Successful in 1m39s
Details
Build And Push Image / docker (push) Successful in 1m39s
Details
This commit is contained in:
parent
a0e9643880
commit
3da5a64dbb
|
|
@ -5,52 +5,48 @@ import {
|
|||
updateMemberProfileImageUrl,
|
||||
validateImageFile
|
||||
} from '~/server/utils/profile-images';
|
||||
import { createSessionManager } from '~/server/utils/session';
|
||||
|
||||
// Authentication utility - we'll need to check if it exists
|
||||
async function requireAuth(event: any) {
|
||||
// Check for session-based authentication
|
||||
const sessionCookie = getCookie(event, 'auth-token') || getCookie(event, 'nuxt-oidc-auth-session');
|
||||
|
||||
if (!sessionCookie) {
|
||||
throw createError({
|
||||
statusCode: 401,
|
||||
statusMessage: 'Authentication required',
|
||||
});
|
||||
}
|
||||
|
||||
// For now, return a basic user object - this should integrate with your existing auth system
|
||||
const user = event.context.user;
|
||||
if (!user) {
|
||||
throw createError({
|
||||
statusCode: 401,
|
||||
statusMessage: 'Invalid authentication',
|
||||
});
|
||||
}
|
||||
|
||||
return user;
|
||||
}
|
||||
|
||||
// Role-based access control
|
||||
// Role-based access control using consistent session structure
|
||||
function canEditMember(user: any, targetMemberId: string): boolean {
|
||||
// Admin can edit anyone
|
||||
if (user.tier === 'admin' || user.groups?.includes('admin') || user.groups?.includes('monaco-admin')) {
|
||||
if (user.tier === 'admin') {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Board members can edit anyone
|
||||
if (user.tier === 'board' || user.groups?.includes('board') || user.groups?.includes('monaco-board')) {
|
||||
if (user.tier === 'board') {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Users can only edit their own profile
|
||||
// We'll need to match by email or keycloak ID since users might not know their member_id
|
||||
return user.email === targetMemberId || user.member_id === targetMemberId;
|
||||
// Match by email, member_id, or user ID
|
||||
return user.email === targetMemberId ||
|
||||
user.member_id === targetMemberId ||
|
||||
user.id === targetMemberId;
|
||||
}
|
||||
|
||||
export default defineEventHandler(async (event) => {
|
||||
console.log('[profile-upload] =========================');
|
||||
console.log('[profile-upload] POST /api/profile/upload-image');
|
||||
console.log('[profile-upload] Request from:', getClientIP(event));
|
||||
|
||||
try {
|
||||
// Check authentication
|
||||
const user = await requireAuth(event);
|
||||
// Get user session using the working session manager
|
||||
const sessionManager = createSessionManager();
|
||||
const cookieHeader = getHeader(event, 'cookie');
|
||||
const session = sessionManager.getSession(cookieHeader);
|
||||
|
||||
if (!session || !session.user) {
|
||||
console.log('[profile-upload] ❌ No valid session found');
|
||||
throw createError({
|
||||
statusCode: 401,
|
||||
statusMessage: 'Authentication required'
|
||||
});
|
||||
}
|
||||
|
||||
console.log('[profile-upload] ✅ Valid session found for user:', session.user.email);
|
||||
console.log('[profile-upload] User tier:', session.user.tier);
|
||||
|
||||
// Get query parameters
|
||||
const query = getQuery(event);
|
||||
|
|
@ -64,7 +60,8 @@ export default defineEventHandler(async (event) => {
|
|||
}
|
||||
|
||||
// Check permissions
|
||||
if (!canEditMember(user, targetMemberId)) {
|
||||
if (!canEditMember(session.user, targetMemberId)) {
|
||||
console.log('[profile-upload] ❌ Permission denied for user:', session.user.email, 'target:', targetMemberId);
|
||||
throw createError({
|
||||
statusCode: 403,
|
||||
statusMessage: 'You can only upload images for your own profile',
|
||||
|
|
|
|||
Loading…
Reference in New Issue