drexa/drive
1
0
Fork 0
mirror of https://github.com/get-drexa/drive.git synced 2025-11-30 21:41:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: implement comprehensive access control system

Browse Source 
- Add authorizedGet function for secure resource access
- Implement ownership verification for all file/directory operations
- Use security through obscurity (not found vs access denied)
- Optimize bulk operations by removing redundant authorization checks
- Move generateFileUrl to filesystem.ts as fetchFileUrl with proper auth
- Ensure all database access goes through authorization layer

Co-authored-by: Ona <no-reply@ona.com>
This commit is contained in:
Kenneth
2025-10-16 21:43:23 +00:00
parent b802cb5aec
commit 83a5f92506
7 changed files with 99 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
packages/convex/model/files.ts
View File

@@ -1,5 +1,5 @@
import type { Doc, Id } from "../_generated/dataModel"
import type { AuthenticatedMutationCtx } from "../functions"
import { type AuthenticatedMutationCtx, authorizedGet } from "../functions"
import * as Err from "./error"
import type { DirectoryHandle, FileHandle } from "./filesystem"
@@ -48,7 +48,7 @@ export async function move(
) {
const conflictCheckResults = await Promise.allSettled(
items.map((fileHandle) =>
ctx.db.get(fileHandle.id).then((f) => {
authorizedGet(ctx, fileHandle.id).then((f) => {
if (!f) {
throw Err.create(
Err.Code.FileNotFound,