matt
/
monacousa-portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixes
Build And Push Image / docker (push) Successful in 1m39s Details

This commit is contained in:
Matt 2025-08-14 15:39:30 +02:00
parent a0e9643880
commit 3da5a64dbb
1 changed files with 29 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
server/api/profile/upload-image.post.ts
View File

@ -5,52 +5,48 @@ import {
updateMemberProfileImageUrl, updateMemberProfileImageUrl,
validateImageFile validateImageFile
} from '~/server/utils/profile-images'; } from '~/server/utils/profile-images';
import { createSessionManager } from '~/server/utils/session';
// Authentication utility - we'll need to check if it exists // Role-based access control using consistent session structure
async function requireAuth(event: any) {
// Check for session-based authentication
const sessionCookie = getCookie(event, 'auth-token') || getCookie(event, 'nuxt-oidc-auth-session');
if (!sessionCookie) {
throw createError({
statusCode: 401,
statusMessage: 'Authentication required',
});
}
// For now, return a basic user object - this should integrate with your existing auth system
const user = event.context.user;
if (!user) {
throw createError({
statusCode: 401,
statusMessage: 'Invalid authentication',
});
}
return user;
}
// Role-based access control
function canEditMember(user: any, targetMemberId: string): boolean { function canEditMember(user: any, targetMemberId: string): boolean {
// Admin can edit anyone // Admin can edit anyone
if (user.tier === 'admin' || user.groups?.includes('admin') || user.groups?.includes('monaco-admin')) { if (user.tier === 'admin') {
return true; return true;
} }
// Board members can edit anyone // Board members can edit anyone
if (user.tier === 'board' || user.groups?.includes('board') || user.groups?.includes('monaco-board')) { if (user.tier === 'board') {
return true; return true;
} }
// Users can only edit their own profile // Users can only edit their own profile
// We'll need to match by email or keycloak ID since users might not know their member_id // Match by email, member_id, or user ID
return user.email === targetMemberId || user.member_id === targetMemberId; return user.email === targetMemberId ||
user.member_id === targetMemberId ||
user.id === targetMemberId;
} }
export default defineEventHandler(async (event) => { export default defineEventHandler(async (event) => {
console.log('[profile-upload] =========================');
console.log('[profile-upload] POST /api/profile/upload-image');
console.log('[profile-upload] Request from:', getClientIP(event));
try { try {
// Check authentication // Get user session using the working session manager
const user = await requireAuth(event); const sessionManager = createSessionManager();
const cookieHeader = getHeader(event, 'cookie');
const session = sessionManager.getSession(cookieHeader);
if (!session || !session.user) {
console.log('[profile-upload] ❌ No valid session found');
throw createError({
statusCode: 401,
statusMessage: 'Authentication required'
});
}
console.log('[profile-upload] ✅ Valid session found for user:', session.user.email);
console.log('[profile-upload] User tier:', session.user.tier);
// Get query parameters // Get query parameters
const query = getQuery(event); const query = getQuery(event);
@ -64,7 +60,8 @@ export default defineEventHandler(async (event) => {
} }
// Check permissions // Check permissions
if (!canEditMember(user, targetMemberId)) { if (!canEditMember(session.user, targetMemberId)) {
console.log('[profile-upload] ❌ Permission denied for user:', session.user.email, 'target:', targetMemberId);
throw createError({ throw createError({
statusCode: 403, statusCode: 403,
statusMessage: 'You can only upload images for your own profile', statusMessage: 'You can only upload images for your own profile',