mirror of
https://github.com/Mintplex-Labs/anything-llm.git
synced 2024-11-19 20:50:09 +01:00
11f6419c3c
* WIP new login screen UI * update prisma schema/create new models for pw recovery * WIP password recovery backend * WIP reset password flow * WIP pw reset flow * password reset logic complete & functional UI * WIP login screen redesign for single and multi user * create placeholder modal to display recovery codes * implement UI for recovery code modals/download recovery codes * multiuser desktop password reset UI/functionality complete * support single user mode for pw reset * mobile styles for all password reset/login flows complete * lint * remove single user password recovery * create PasswordRecovery util file to make more readable * do not drop-replace users table in migration * review pr --------- Co-authored-by: timothycarambat <rambat1010@gmail.com>
88 lines
2.5 KiB
JavaScript
88 lines
2.5 KiB
JavaScript
const { SystemSettings } = require("../../models/systemSettings");
|
|
const { userFromSession } = require("../http");
|
|
const ROLES = {
|
|
all: "<all>",
|
|
admin: "admin",
|
|
manager: "manager",
|
|
default: "default",
|
|
};
|
|
const DEFAULT_ROLES = [ROLES.admin, ROLES.admin];
|
|
|
|
// Explicitly check that multi user mode is enabled as well as that the
|
|
// requesting user has the appropriate role to modify or call the URL.
|
|
function strictMultiUserRoleValid(allowedRoles = DEFAULT_ROLES) {
|
|
return async (request, response, next) => {
|
|
// If the access-control is allowable for all - skip validations and continue;
|
|
if (allowedRoles.includes(ROLES.all)) {
|
|
next();
|
|
return;
|
|
}
|
|
|
|
const multiUserMode =
|
|
response.locals?.multiUserMode ??
|
|
(await SystemSettings.isMultiUserMode());
|
|
if (!multiUserMode) return response.sendStatus(401).end();
|
|
|
|
const user =
|
|
response.locals?.user ?? (await userFromSession(request, response));
|
|
if (allowedRoles.includes(user?.role)) {
|
|
next();
|
|
return;
|
|
}
|
|
return response.sendStatus(401).end();
|
|
};
|
|
}
|
|
|
|
// Apply role permission checks IF the current system is in multi-user mode.
|
|
// This is relevant for routes that are shared between MUM and single-user mode.
|
|
// Checks if the requesting user has the appropriate role to modify or call the URL.
|
|
function flexUserRoleValid(allowedRoles = DEFAULT_ROLES) {
|
|
return async (request, response, next) => {
|
|
// If the access-control is allowable for all - skip validations and continue;
|
|
// It does not matter if multi-user or not.
|
|
if (allowedRoles.includes(ROLES.all)) {
|
|
next();
|
|
return;
|
|
}
|
|
|
|
// Bypass if not in multi-user mode
|
|
const multiUserMode =
|
|
response.locals?.multiUserMode ??
|
|
(await SystemSettings.isMultiUserMode());
|
|
if (!multiUserMode) {
|
|
next();
|
|
return;
|
|
}
|
|
|
|
const user =
|
|
response.locals?.user ?? (await userFromSession(request, response));
|
|
if (allowedRoles.includes(user?.role)) {
|
|
next();
|
|
return;
|
|
}
|
|
return response.sendStatus(401).end();
|
|
};
|
|
}
|
|
|
|
// Middleware check on a public route if the instance is in a valid
|
|
// multi-user set up.
|
|
async function isMultiUserSetup(_request, response, next) {
|
|
const multiUserMode = await SystemSettings.isMultiUserMode();
|
|
if (!multiUserMode) {
|
|
response.status(403).json({
|
|
error: "Invalid request",
|
|
});
|
|
return;
|
|
}
|
|
|
|
next();
|
|
return;
|
|
}
|
|
|
|
module.exports = {
|
|
ROLES,
|
|
strictMultiUserRoleValid,
|
|
flexUserRoleValid,
|
|
isMultiUserSetup,
|
|
};
|