Use request-scoped PocketBase auth for task endpoints
This commit is contained in:
@@ -50,6 +50,13 @@ async function validatePbToken(token: string): Promise<void> {
|
|||||||
await pb.collection(PB_AUTH_COLLECTION).authRefresh();
|
await pb.collection(PB_AUTH_COLLECTION).authRefresh();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async function createValidatedPbClient(token: string): Promise<PocketBase> {
|
||||||
|
const client = new PocketBase(PB_BASE_URL);
|
||||||
|
client.authStore.save(token, null);
|
||||||
|
await client.collection(PB_AUTH_COLLECTION).authRefresh();
|
||||||
|
return client;
|
||||||
|
}
|
||||||
|
|
||||||
// ---------------------------------------------------------------------------
|
// ---------------------------------------------------------------------------
|
||||||
// Shared helpers
|
// Shared helpers
|
||||||
// ---------------------------------------------------------------------------
|
// ---------------------------------------------------------------------------
|
||||||
@@ -439,20 +446,21 @@ app.get('/api/tasks/users', async (c) => {
|
|||||||
const pbToken = c.req.header('x-pb-token');
|
const pbToken = c.req.header('x-pb-token');
|
||||||
if (!pbToken) return c.json({ success: false, message: 'Missing x-pb-token' }, 401);
|
if (!pbToken) return c.json({ success: false, message: 'Missing x-pb-token' }, 401);
|
||||||
|
|
||||||
|
let taskPb: PocketBase;
|
||||||
try {
|
try {
|
||||||
await validatePbToken(pbToken);
|
taskPb = await createValidatedPbClient(pbToken);
|
||||||
} catch {
|
} catch {
|
||||||
return c.json({ success: false, message: 'Invalid PocketBase token' }, 401);
|
return c.json({ success: false, message: 'Invalid PocketBase token' }, 401);
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
const me = pb.authStore.model;
|
const me = taskPb.authStore.model;
|
||||||
let meRecord: any = me;
|
let meRecord: any = me;
|
||||||
let users: any[] = [];
|
let users: any[] = [];
|
||||||
let warning = '';
|
let warning = '';
|
||||||
if (me?.id) {
|
if (me?.id) {
|
||||||
try {
|
try {
|
||||||
meRecord = await pb.collection(PB_AUTH_COLLECTION).getOne(String(me.id), {
|
meRecord = await taskPb.collection(PB_AUTH_COLLECTION).getOne(String(me.id), {
|
||||||
fields: 'id,email,name,username',
|
fields: 'id,email,name,username',
|
||||||
});
|
});
|
||||||
} catch {
|
} catch {
|
||||||
@@ -460,7 +468,7 @@ app.get('/api/tasks/users', async (c) => {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
users = await pb.collection(PB_AUTH_COLLECTION).getFullList({
|
users = await taskPb.collection(PB_AUTH_COLLECTION).getFullList({
|
||||||
sort: 'email',
|
sort: 'email',
|
||||||
fields: 'id,email,name,username',
|
fields: 'id,email,name,username',
|
||||||
});
|
});
|
||||||
@@ -487,8 +495,6 @@ app.get('/api/tasks/users', async (c) => {
|
|||||||
});
|
});
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
return c.json({ success: false, message: (e as Error)?.message || 'Failed to load users' }, 500);
|
return c.json({ success: false, message: (e as Error)?.message || 'Failed to load users' }, 500);
|
||||||
} finally {
|
|
||||||
clearPbToken();
|
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
@@ -498,19 +504,20 @@ app.get('/api/tasks/list', async (c) => {
|
|||||||
const pbToken = c.req.header('x-pb-token');
|
const pbToken = c.req.header('x-pb-token');
|
||||||
if (!pbToken) return c.json({ success: false, message: 'Missing x-pb-token' }, 401);
|
if (!pbToken) return c.json({ success: false, message: 'Missing x-pb-token' }, 401);
|
||||||
|
|
||||||
|
let taskPb: PocketBase;
|
||||||
try {
|
try {
|
||||||
await validatePbToken(pbToken);
|
taskPb = await createValidatedPbClient(pbToken);
|
||||||
} catch {
|
} catch {
|
||||||
return c.json({ success: false, message: 'Invalid PocketBase token' }, 401);
|
return c.json({ success: false, message: 'Invalid PocketBase token' }, 401);
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
const me = pb.authStore.model;
|
const me = taskPb.authStore.model;
|
||||||
const meId = String(me?.id || '').trim();
|
const meId = String(me?.id || '').trim();
|
||||||
let meRecord: any = me;
|
let meRecord: any = me;
|
||||||
if (meId) {
|
if (meId) {
|
||||||
try {
|
try {
|
||||||
meRecord = await pb.collection(PB_AUTH_COLLECTION).getOne(meId, {
|
meRecord = await taskPb.collection(PB_AUTH_COLLECTION).getOne(meId, {
|
||||||
fields: 'id,email,name,username',
|
fields: 'id,email,name,username',
|
||||||
});
|
});
|
||||||
} catch {
|
} catch {
|
||||||
@@ -527,7 +534,7 @@ app.get('/api/tasks/list', async (c) => {
|
|||||||
|
|
||||||
const baseFields = 'id,user,title,startDate,dueDate,priority,completed,content,size,status,expand.user.id,expand.user.email,expand.user.name,expand.user.username';
|
const baseFields = 'id,user,title,startDate,dueDate,priority,completed,content,size,status,expand.user.id,expand.user.email,expand.user.name,expand.user.username';
|
||||||
const fetchTasksWithFilter = async (filter: string) => {
|
const fetchTasksWithFilter = async (filter: string) => {
|
||||||
return pb.collection(PB_TASKS_COLLECTION).getFullList({
|
return taskPb.collection(PB_TASKS_COLLECTION).getFullList({
|
||||||
filter,
|
filter,
|
||||||
sort: '-startDate,-created',
|
sort: '-startDate,-created',
|
||||||
expand: 'user',
|
expand: 'user',
|
||||||
@@ -536,7 +543,7 @@ app.get('/api/tasks/list', async (c) => {
|
|||||||
};
|
};
|
||||||
|
|
||||||
const fetchAllTasks = async () => {
|
const fetchAllTasks = async () => {
|
||||||
return pb.collection(PB_TASKS_COLLECTION).getFullList({
|
return taskPb.collection(PB_TASKS_COLLECTION).getFullList({
|
||||||
sort: '-startDate,-created',
|
sort: '-startDate,-created',
|
||||||
expand: 'user',
|
expand: 'user',
|
||||||
fields: baseFields,
|
fields: baseFields,
|
||||||
@@ -637,8 +644,6 @@ app.get('/api/tasks/list', async (c) => {
|
|||||||
});
|
});
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
return c.json({ success: false, message: (e as Error)?.message || 'Failed to load tasks' }, 500);
|
return c.json({ success: false, message: (e as Error)?.message || 'Failed to load tasks' }, 500);
|
||||||
} finally {
|
|
||||||
clearPbToken();
|
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user