v3: added a roles/permissions system, added user management tab on user profile
All checks were successful
Build and Publish Docker Image / build-and-push (push) Successful in 42s

This commit is contained in:
khannurien
2026-06-28 06:21:23 +00:00
parent b567e390d9
commit 810faaf21a
22 changed files with 341 additions and 60 deletions

View File

@@ -11,6 +11,7 @@ import {
} from "../model/interfaces.ts";
import { authMiddleware } from "../middleware/auth.ts";
import { can } from "../lib/permissions.ts";
import { parseOptionalAuth } from "../lib/auth.ts";
import { parsePagination } from "../lib/pagination.ts";
import { validateImageUpload } from "../lib/upload.ts";
@@ -126,10 +127,10 @@ router.get("/", async (ctx) => {
router.put("/:dumpId/file", authMiddleware, async (ctx) => {
const dumpId = ctx.params.dumpId;
const userId = ctx.state.user?.userId;
const userId = ctx.state.user.userId;
const dump = getDump(dumpId, userId);
if (userId !== dump.userId && !ctx.state.user?.isAdmin) {
if (userId !== dump.userId && !can(ctx.state.user, "dump:moderate")) {
throw new APIException(
APIErrorCode.UNAUTHORIZED,
403,
@@ -162,7 +163,7 @@ router.put("/:dumpId/file", authMiddleware, async (ctx) => {
router.put("/:dumpId", authMiddleware, async (ctx) => {
const dumpId = ctx.params.dumpId;
const userId = ctx.state.user?.userId;
const userId = ctx.state.user.userId;
const body = await ctx.request.body.json();
if (!isUpdateDumpRequest(body)) {
@@ -175,7 +176,7 @@ router.put("/:dumpId", authMiddleware, async (ctx) => {
const dump = getDump(dumpId, userId);
if (userId !== dump.userId && !ctx.state.user?.isAdmin) {
if (userId !== dump.userId && !can(ctx.state.user, "dump:moderate")) {
throw new APIException(
APIErrorCode.UNAUTHORIZED,
403,
@@ -190,10 +191,10 @@ router.put("/:dumpId", authMiddleware, async (ctx) => {
router.put("/:dumpId/thumbnail", authMiddleware, async (ctx) => {
const dumpId = ctx.params.dumpId;
const userId = ctx.state.user?.userId;
const userId = ctx.state.user.userId;
const dump = getDump(dumpId, userId);
if (userId !== dump.userId && !ctx.state.user?.isAdmin) {
if (userId !== dump.userId && !can(ctx.state.user, "dump:moderate")) {
throw new APIException(
APIErrorCode.UNAUTHORIZED,
403,
@@ -232,10 +233,10 @@ router.put("/:dumpId/thumbnail", authMiddleware, async (ctx) => {
router.delete("/:dumpId/thumbnail", authMiddleware, async (ctx) => {
const dumpId = ctx.params.dumpId;
const userId = ctx.state.user?.userId;
const userId = ctx.state.user.userId;
const dump = getDump(dumpId, userId);
if (userId !== dump.userId && !ctx.state.user?.isAdmin) {
if (userId !== dump.userId && !can(ctx.state.user, "dump:moderate")) {
throw new APIException(
APIErrorCode.UNAUTHORIZED,
403,
@@ -250,10 +251,10 @@ router.delete("/:dumpId/thumbnail", authMiddleware, async (ctx) => {
router.post("/:dumpId/refresh-metadata", authMiddleware, async (ctx) => {
const dumpId = ctx.params.dumpId;
const userId = ctx.state.user?.userId;
const userId = ctx.state.user.userId;
const dump = getDump(dumpId, userId);
if (userId !== dump.userId && !ctx.state.user?.isAdmin) {
if (userId !== dump.userId && !can(ctx.state.user, "dump:moderate")) {
throw new APIException(
APIErrorCode.UNAUTHORIZED,
403,
@@ -268,10 +269,10 @@ router.post("/:dumpId/refresh-metadata", authMiddleware, async (ctx) => {
router.delete("/:dumpId", authMiddleware, async (ctx) => {
const dumpId = ctx.params.dumpId;
const userId = ctx.state.user?.userId;
const userId = ctx.state.user.userId;
const dump = getDump(dumpId, userId);
if (userId !== dump.userId && !ctx.state.user?.isAdmin) {
if (userId !== dump.userId && !can(ctx.state.user, "dump:moderate")) {
throw new APIException(
APIErrorCode.UNAUTHORIZED,
403,