Exit scene acess denied detected (#1369)

* Add auth token user to get right in admin and check if user have right Signed-off-by: Gregoire Parant <g.parant@thecodingmachine.com> * Update error show Signed-off-by: Gregoire Parant <g.parant@thecodingmachine.com>
2021-08-15 08:51:35 +02:00 · 2021-08-15 08:51:35 +02:00 · 02a21209ec
commit 02a21209ec
parent f7daf16ac5
7 changed files with 67 additions and 8 deletions
--- a/pusher/src/Controller/BaseController.ts
+++ b/pusher/src/Controller/BaseController.ts
@ -29,7 +29,12 @@ export class BaseController {
        if (e.response) {
            res.writeStatus(e.response.status + " " + e.response.statusText);
            this.addCorsHeaders(res);
-            res.end("An error occurred: " + e.response.status + " " + e.response.statusText);
+            res.end(
+                "An error occurred: " +
+                    e.response.status +
+                    " " +
+                    (e.response.data && e.response.data.message ? e.response.data.message : e.response.statusText)
+            );
        } else {
            res.writeStatus("500 Internal Server Error");
            this.addCorsHeaders(res);
--- a/pusher/src/Controller/MapController.ts
+++ b/pusher/src/Controller/MapController.ts
@ -5,6 +5,8 @@ import { adminApi } from "../Services/AdminApi";
 import { ADMIN_API_URL } from "../Enum/EnvironmentVariable";
 import { GameRoomPolicyTypes } from "../Model/PusherRoom";
 import { MapDetailsData } from "../Services/AdminApi/MapDetailsData";
+import { socketManager } from "../Services/SocketManager";
+import { jwtTokenManager } from "../Services/JWTTokenManager";

 export class MapController extends BaseController {
    constructor(private App: TemplatedApp) {
@ -67,7 +69,12 @@ export class MapController extends BaseController {

            (async () => {
                try {
-                    const mapDetails = await adminApi.fetchMapDetails(query.playUri as string);
+                    let userId: string | undefined = undefined;
+                    if (query.authToken != undefined) {
+                        const authTokenData = jwtTokenManager.decodeJWTToken(query.authToken as string);
+                        userId = authTokenData.identifier;
+                    }
+                    const mapDetails = await adminApi.fetchMapDetails(query.playUri as string, userId);

                    res.writeStatus("200 OK");
                    this.addCorsHeaders(res);
--- a/pusher/src/Services/AdminApi.ts
+++ b/pusher/src/Services/AdminApi.ts
@ -31,13 +31,19 @@ export interface FetchMemberDataByUuidResponse {
 }

 class AdminApi {
-    async fetchMapDetails(playUri: string): Promise<MapDetailsData | RoomRedirect> {
+    /**
+     * @var playUri: is url of the room
+     * @var userId: can to be undefined or email or uuid
+     * @return MapDetailsData|RoomRedirect
+     */
+    async fetchMapDetails(playUri: string, userId?: string): Promise<MapDetailsData | RoomRedirect> {
        if (!ADMIN_API_URL) {
            return Promise.reject(new Error("No admin backoffice set!"));
        }

-        const params: { playUri: string } = {
+        const params: { playUri: string; userId?: string } = {
            playUri,
+            userId,
        };

        const res = await Axios.get(ADMIN_API_URL + "/api/map", {