drexa/drive
1
0
Fork 0
mirror of https://github.com/get-drexa/drive.git synced 2025-11-30 21:41:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
25796ab609cdc1dd805c18fe924d8360cbe73abc
drive/packages/convex/functions.ts
kenneth 83a5f92506 feat: implement comprehensive access control system 
- Add authorizedGet function for secure resource access
- Implement ownership verification for all file/directory operations
- Use security through obscurity (not found vs access denied)
- Optimize bulk operations by removing redundant authorization checks
- Move generateFileUrl to filesystem.ts as fetchFileUrl with proper auth
- Ensure all database access goes through authorization layer

Co-authored-by: Ona <no-reply@ona.com>
2025-10-16 21:43:23 +00:00

68 lines
1.8 KiB
TypeScript
Raw Blame History

import type {
DocumentByName,
TableNamesInDataModel,
UserIdentity,
} from "convex/server"
import type { GenericId } from "convex/values"
import {
customCtx,
customMutation,
customQuery,
} from "convex-helpers/server/customFunctions"
import type { DataModel } from "./_generated/dataModel"
import type { MutationCtx, QueryCtx } from "./_generated/server"
import { mutation, query } from "./_generated/server"
import { type AuthUser, userIdentityOrThrow, userOrThrow } from "./model/user"
export type AuthenticatedQueryCtx = QueryCtx & {
user: AuthUser
identity: UserIdentity
}
export type AuthenticatedMutationCtx = MutationCtx & {
user: AuthUser
identity: UserIdentity
}
/**
* Custom query that automatically provides authenticated user context
* Throws an error if the user is not authenticated
*/
export const authenticatedQuery = customQuery(
query,
customCtx(async (ctx: QueryCtx) => {
const user = await userOrThrow(ctx)
const identity = await userIdentityOrThrow(ctx)
return { user, identity }
}),
)
/**
* Custom mutation that automatically provides authenticated user context
* Throws an error if the user is not authenticated
*/
export const authenticatedMutation = customMutation(
mutation,
customCtx(async (ctx: MutationCtx) => {
const user = await userOrThrow(ctx)
const identity = await userIdentityOrThrow(ctx)
return { user, identity }
}),
)
/**
* Gets a document by its id and checks if the user is authorized to access it
*
* @returns The document associated with the id or null if the document is not found.
*/
export async function authorizedGet<T extends TableNamesInDataModel<DataModel>>(
ctx: AuthenticatedQueryCtx | AuthenticatedMutationCtx,
id: GenericId<T>,
): Promise<DocumentByName<DataModel, T> | null> {
const item = await ctx.db.get(id)
if (item && item.userId !== ctx.user._id) {
return null
}
return item
}
Reference in New Issue View Git Blame Copy Permalink