Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 | 16x | import Crowi from 'server/crowi'
export default (crowi: Crowi) => {
return async function(req, res, next) {
try {
const Attachment = crowi.model('Attachment')
const Share = crowi.model('Share')
const attachment = await Attachment.findById(req.params.id)
if (!attachment) {
return res.sendStatus(404)
}
const { uuid, secretKeyword } = await Share.findShareByPageId(attachment.page, { status: Share.STATUS_ACTIVE })
const { shareIds = [], secretKeywords = {} } = req.session
const isNoExistKeyword = !secretKeyword
const hasCorrectKeyword = secretKeywords[uuid] === secretKeyword
const isAccessedSharedPage = shareIds.includes(uuid)
const hasAccessRight = (isNoExistKeyword || hasCorrectKeyword) && isAccessedSharedPage
if (hasAccessRight) {
return next()
}
} catch (err) {
// share url not found, but its okay
// debug(err)
}
return crowi.middlewares.LoginRequired(req, res, next)
}
}
|