feat: react zitadel
This commit is contained in:
@@ -2,7 +2,6 @@ import { logger } from "@platform/logger";
|
||||
import {
|
||||
BadRequestError,
|
||||
context,
|
||||
ForbiddenError,
|
||||
InternalServerError,
|
||||
NotFoundError,
|
||||
NotImplementedError,
|
||||
@@ -13,7 +12,6 @@ import {
|
||||
UnauthorizedError,
|
||||
ValidationError,
|
||||
} from "@platform/relay";
|
||||
import { decrypt } from "@platform/vault";
|
||||
|
||||
const SUPPORTED_MEHODS = ["GET", "POST", "PUT", "PATCH", "DELETE"];
|
||||
|
||||
@@ -98,7 +96,7 @@ export class Api {
|
||||
// Execute request and return a response.
|
||||
|
||||
const response = await this.#getRouteResponse(resolved, request).catch((error) =>
|
||||
this.#getErrorResponse(error, resolved.route, request),
|
||||
this.#getErrorResponse(error, request),
|
||||
);
|
||||
|
||||
return response;
|
||||
@@ -164,31 +162,10 @@ export class Api {
|
||||
);
|
||||
}
|
||||
|
||||
if (route.state.access === "session" && context.isAuthenticated === false) {
|
||||
if (route.state.access === "authenticated" && context.isAuthenticated === false) {
|
||||
return toResponse(new UnauthorizedError(), request);
|
||||
}
|
||||
|
||||
if (Array.isArray(route.state.access)) {
|
||||
const [access, privateKey] = route.state.access;
|
||||
const value = request.headers.get("x-internal");
|
||||
if (value === null) {
|
||||
return toResponse(
|
||||
new ForbiddenError(`Route '${route.method} ${route.path}' is missing 'x-internal' token.`),
|
||||
request,
|
||||
);
|
||||
}
|
||||
const decrypted = await decrypt<string>(value, privateKey);
|
||||
if (decrypted !== "internal") {
|
||||
return toResponse(
|
||||
new ForbiddenError(`Route '${route.method} ${route.path}' has invalid 'x-internal' token.`),
|
||||
request,
|
||||
);
|
||||
}
|
||||
if (access === "internal:session" && context.isAuthenticated === false) {
|
||||
return toResponse(new UnauthorizedError(), request);
|
||||
}
|
||||
}
|
||||
|
||||
// ### Params
|
||||
// If the route has params we want to coerce the values to the expected types.
|
||||
|
||||
@@ -242,10 +219,7 @@ export class Api {
|
||||
return toResponse(await route.state.handle(...args), request);
|
||||
}
|
||||
|
||||
#getErrorResponse(error: unknown, route: Route, request: Request): Response {
|
||||
if (route?.state.hooks?.onError !== undefined) {
|
||||
return route.state.hooks.onError(error);
|
||||
}
|
||||
#getErrorResponse(error: unknown, request: Request): Response {
|
||||
if (error instanceof ServerError) {
|
||||
return toResponse(error, request);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user