wieerwill/platform
1
0
Fork 0
mirror of https://github.com/hcengineering/platform.git synced 2025-05-11 18:01:59 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
e9d8da460a
platform/server/middleware/src/identity.ts
Kristina e9d8da460a
Add exception to rules for ai bot in identity (#8397) 
Signed-off-by: Kristina Fefelova <kristin.fefelova@gmail.com>
2025-03-31 12:51:59 +07:00

66 lines
2.4 KiB
TypeScript
Raw Blame History

//
// Copyright © 2025 Hardcore Engineering Inc.
//
// Licensed under the Eclipse Public License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License. You may
// obtain a copy of the License at https://www.eclipse.org/legal/epl-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//
// See the License for the specific language governing permissions and
// limitations under the License.
//
import { aiBotAccountEmail } from '@hcengineering/ai-bot'
import core, { MeasureContext, Tx, systemAccountUuid, type SessionData, type TxApplyIf } from '@hcengineering/core'
import platform, { PlatformError, Severity, Status } from '@hcengineering/platform'
import { BaseMiddleware, Middleware, TxMiddlewareResult, type PipelineContext } from '@hcengineering/server-core'
/**
* @public
*/
export class IdentityMiddleware extends BaseMiddleware implements Middleware {
private constructor (context: PipelineContext, next?: Middleware) {
super(context, next)
}
static async create (
ctx: MeasureContext,
context: PipelineContext,
next: Middleware | undefined
): Promise<IdentityMiddleware> {
return new IdentityMiddleware(context, next)
}
tx (ctx: MeasureContext<SessionData>, txes: Tx[]): Promise<TxMiddlewareResult> {
const account = ctx.contextData.account
if (account.uuid === systemAccountUuid || account.fullSocialIds.some((it) => it.value === aiBotAccountEmail)) {
// TODO: We need to enhance allowed list in case of user service, on behalf of user activities.
// We pass for system accounts and services.
return this.provideTx(ctx, txes)
}
function checkTx (tx: Tx): void {
const mxAccount = ctx.contextData.socialStringsToUsers.get(tx.modifiedBy)
if (mxAccount === undefined || mxAccount !== account.uuid) {
throw new PlatformError(
new Status(Severity.ERROR, platform.status.AccountMismatch, {
account: account.uuid,
requiredAccount: mxAccount
})
)
}
}
for (const tx of txes) {
checkTx(tx)
if (tx._class === core.class.TxApplyIf) {
const atx = tx as TxApplyIf
atx.txes.forEach(checkTx)
}
}
return this.provideTx(ctx, txes)
}
}
Reference in New Issue View Git Blame Copy Permalink