drexa/drive
1
0
Fork 0
mirror of https://github.com/get-drexa/drive.git synced 2026-02-02 14:41:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(backend): optional auth for share routes

Browse Source 
Add auth.NewOptionalAuthMiddleware to run auth only when credentials are
present (Authorization header or auth cookies). Use it on share
consumption routes so public shares remain accessible unauthenticated,
while authenticated callers can resolve account-scoped shares. This
prevents a panic in share middleware when accountId was provided but the
request wasn’t authenticated (nil reqctx.AuthenticatedUser type
assertion).
This commit is contained in:
Kenneth
2025-12-29 00:07:44 +00:00
parent 51f1add4f0
commit f4620dff3a
2 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
apps/backend/internal/sharing/http.go
View File

@@ -5,6 +5,7 @@ import (
"time"
"github.com/get-drexa/drexa/internal/account"
"github.com/get-drexa/drexa/internal/auth"
"github.com/get-drexa/drexa/internal/httperr"
"github.com/get-drexa/drexa/internal/nullable"
"github.com/get-drexa/drexa/internal/reqctx"
@@ -50,7 +51,10 @@ func NewHTTPHandler(sharingService *Service, accountService *account.Service, vf
}
func (h *HTTPHandler) RegisterShareConsumeRoutes(r fiber.Router) *virtualfs.ScopedRouter {
g := r.Group("/shares/:shareID", h.shareMiddleware)
// Public shares should be accessible without authentication. However, if the client provides auth
// credentials (cookies or Authorization header), attempt auth so share scopes can be resolved for
// account-scoped shares.
g := r.Group("/shares/:shareID", auth.NewOptionalAuthMiddleware(h.authMiddleware), h.shareMiddleware)
return &virtualfs.ScopedRouter{Router: g}
}