Prevent file upload in demo workspaces (#4503)

* Build demo env guard * Put guard for auth * Add todo --------- Co-authored-by: Thomas Trompette <thomast@twenty.com>
2024-03-15 19:15:22 +01:00
parent 1cc8edd016
commit 8980cc576c
7 changed files with 65 additions and 49 deletions
--- a/packages/twenty-server/src/engine/guards/demo.env.guard.ts
+++ b/packages/twenty-server/src/engine/guards/demo.env.guard.ts
@ -0,0 +1,36 @@
+import {
+  Injectable,
+  ExecutionContext,
+  UnauthorizedException,
+} from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
+import { getRequest } from 'src/utils/extract-request';
+
+@Injectable()
+export class DemoEnvGuard extends AuthGuard(['jwt']) {
+  constructor(private readonly environmentService: EnvironmentService) {
+    super();
+  }
+
+  getRequest(context: ExecutionContext) {
+    return getRequest(context);
+  }
+
+  // TODO: input should be typed
+  handleRequest(err: any, user: any) {
+    const demoWorkspaceIds = this.environmentService.get('DEMO_WORKSPACE_IDS');
+    const currentUserWorkspaceId = user?.workspace?.id;
+
+    if (!currentUserWorkspaceId) {
+      throw new UnauthorizedException('Unauthorized for not logged in user');
+    }
+
+    if (demoWorkspaceIds.includes(currentUserWorkspaceId)) {
+      throw new UnauthorizedException('Unauthorized for demo workspace');
+    }
+
+    return user;
+  }
+}