github/context-mod
1
1
Fork 0
mirror of https://github.com/FoxxMD/context-mod.git synced 2026-05-11 03:00:42 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix access bug and allow specifying invite code

Browse Source 
* Fix any authenticated user being able to access dashboard (condition flipped)
* User can specify invite code so urls are friendly and can be recreated on instance restart
This commit is contained in:
FoxxMD
2021-08-19 11:12:41 -04:00
parent ce87285283
commit f27b4a03e9
2 changed files with 8 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/Web/Client/index.ts
View File

@@ -411,6 +411,7 @@ const webClient = async (options: OperatorConfig) => {
redirect: redir,
instance,
subreddit,
code,
} = req.body as any;
const cid = ci || clientId;
@@ -427,7 +428,7 @@ const webClient = async (options: OperatorConfig) => {
return res.status(400).send('redirectUrl is required');
}
const inviteId = randomId();
const inviteId = code || randomId();
invites.set(inviteId, {
permissions,
clientId: (ci || clientId).trim(),
@@ -581,8 +582,8 @@ const webClient = async (options: OperatorConfig) => {
const user = req.user as Express.User;
const isOperator = instance.operators.includes(user.name);
const canAccessBot = isOperator || intersect(user.subreddits, instance.subreddits).length === 0;
if (user.isOperator && !canAccessBot) {
const canAccessBot = isOperator || intersect(user.subreddits, instance.subreddits).length > 0;
if (!user.isOperator && !canAccessBot) {
return res.status(404).render('error', {error: msg});
}

18
src/Web/assets/views/helper.ejs
View File

@@ -171,6 +171,8 @@
<div class="text-lg text-semibold my-3">4. <a id="doAuth" href="">Create Authorization Invite</a>
</div>
<div class="ml-5 mb-4">
<input id="inviteCode" style="min-width:500px;"
class="text-black placeholder-gray-500 rounded mt-2 mb-3 p-2" placeholder="Invite code value to use. Leave blank to generate a random one."/>
<div class="space-y-3">
<div>A unique link will be generated that you (or someone) will use to authorize a Reddit account with this application.</div>
<div id="inviteLink"></div>
@@ -189,24 +191,11 @@
document.querySelector('#doAuth').addEventListener('click', e => {
e.preventDefault()
const currParams = new URLSearchParams(document.location.search);
const params = new URLSearchParams();
params.append('redirect', document.querySelector('#redirectUri').value);
params.append('clientId', document.querySelector('#clientId').value);
params.append('clientSecret', document.querySelector('#clientSecret').value);
const permissions = {};
document.querySelectorAll('.permissionToggle').forEach((el) => {
permissions[el.id] = el.checked;
params.append(el.id, el.checked ? 1 : 0);
});
if (currParams.has('token')) {
params.append('token', currParams.get('token'));
}
fetch(`${document.location.origin}/auth/create`, {
method: 'POST',
headers: {
@@ -216,8 +205,8 @@
redirect: document.querySelector('#redirectUri').value,
clientId: document.querySelector('#clientId').value,
clientSecret: document.querySelector('#clientSecret').value,
code: document.querySelector("#inviteCode").value === '' ? undefined : document.querySelector("#inviteCode").value,
permissions,
token: currParams.get('token'),
})
}).then((resp) => {
if(!resp.ok) {
@@ -227,6 +216,7 @@
});
} else {
document.querySelector("#errorWrapper").classList.add('hidden');
document.querySelector("#inviteCode").value = '';
resp.text().then(t => {
document.querySelector("#inviteLink").innerHTML = `Invite Link: <a class="font-semibold" href="${document.location.origin}/auth/invite?invite=${t}">${document.location.origin}/auth/invite?invite=${t}</a>`;
});