From e36e5823cd9bcf7de74f5399010a47e099731618 Mon Sep 17 00:00:00 2001 From: Alexandr Tumaykin Date: Mon, 17 Jul 2023 04:12:53 +0300 Subject: [PATCH] feat(security): disable access for anonymous users, when disablePublicMemos is true (#1966) --- web/src/components/Header.tsx | 28 ++++++++++-------- web/src/router/index.tsx | 54 ++++++++++++++++++++++++----------- 2 files changed, 53 insertions(+), 29 deletions(-) diff --git a/web/src/components/Header.tsx b/web/src/components/Header.tsx index 56dd7686b..b8da9338a 100644 --- a/web/src/components/Header.tsx +++ b/web/src/components/Header.tsx @@ -95,20 +95,24 @@ const Header = () => { )} - - classNames( - "px-4 pr-5 py-2 rounded-full border flex flex-row items-center text-lg text-gray-800 dark:text-gray-300 hover:bg-white hover:border-gray-200 dark:hover:border-zinc-600 dark:hover:bg-zinc-700", - isActive ? "bg-white dark:bg-zinc-700 border-gray-200 dark:border-zinc-600" : "border-transparent" - ) - } - > + {!isVisitorMode && ( <> - {t("common.explore")} + + classNames( + "px-4 pr-5 py-2 rounded-full border flex flex-row items-center text-lg text-gray-800 dark:text-gray-300 hover:bg-white hover:border-gray-200 dark:hover:border-zinc-600 dark:hover:bg-zinc-700", + isActive ? "bg-white dark:bg-zinc-700 border-gray-200 dark:border-zinc-600" : "border-transparent" + ) + } + > + <> + {t("common.explore")} + + - + )} {!isVisitorMode && ( <> diff --git a/web/src/router/index.tsx b/web/src/router/index.tsx index 3929dd079..256bb0ed8 100644 --- a/web/src/router/index.tsx +++ b/web/src/router/index.tsx @@ -64,10 +64,14 @@ const router = createBrowserRouter([ } const { host, user } = store.getState().user; + const { systemStatus } = store.getState().global; + if (isNullorUndefined(host)) { return redirect("/auth"); - } else if (isNullorUndefined(user)) { + } else if (isNullorUndefined(user) && !systemStatus.disablePublicMemos) { return redirect("/explore"); + } else if (isNullorUndefined(user) && systemStatus.disablePublicMemos) { + return redirect("/auth"); } return null; }, @@ -84,8 +88,10 @@ const router = createBrowserRouter([ // do nth } - const { host } = store.getState().user; - if (isNullorUndefined(host)) { + const { host, user } = store.getState().user; + const { systemStatus } = store.getState().global; + + if (isNullorUndefined(host) || (isNullorUndefined(user) && systemStatus.disablePublicMemos)) { return redirect("/auth"); } return null; @@ -103,8 +109,10 @@ const router = createBrowserRouter([ // do nth } - const { host } = store.getState().user; - if (isNullorUndefined(host)) { + const { host, user } = store.getState().user; + const { systemStatus } = store.getState().global; + + if (isNullorUndefined(host) || (isNullorUndefined(user) && systemStatus.disablePublicMemos)) { return redirect("/auth"); } return null; @@ -122,8 +130,10 @@ const router = createBrowserRouter([ // do nth } - const { host } = store.getState().user; - if (isNullorUndefined(host)) { + const { host, user } = store.getState().user; + const { systemStatus } = store.getState().global; + + if (isNullorUndefined(host) || (isNullorUndefined(user) && systemStatus.disablePublicMemos)) { return redirect("/auth"); } return null; @@ -141,8 +151,10 @@ const router = createBrowserRouter([ // do nth } - const { host } = store.getState().user; - if (isNullorUndefined(host)) { + const { host, user } = store.getState().user; + const { systemStatus } = store.getState().global; + + if (isNullorUndefined(host) || (isNullorUndefined(user) && systemStatus.disablePublicMemos)) { return redirect("/auth"); } return null; @@ -160,8 +172,10 @@ const router = createBrowserRouter([ // do nth } - const { host } = store.getState().user; - if (isNullorUndefined(host)) { + const { host, user } = store.getState().user; + const { systemStatus } = store.getState().global; + + if (isNullorUndefined(host) || (isNullorUndefined(user) && systemStatus.disablePublicMemos)) { return redirect("/auth"); } return null; @@ -180,8 +194,10 @@ const router = createBrowserRouter([ // do nth } - const { host } = store.getState().user; - if (isNullorUndefined(host)) { + const { host, user } = store.getState().user; + const { systemStatus } = store.getState().global; + + if (isNullorUndefined(host) || (isNullorUndefined(user) && systemStatus.disablePublicMemos)) { return redirect("/auth"); } return null; @@ -199,8 +215,10 @@ const router = createBrowserRouter([ // do nth } - const { host } = store.getState().user; - if (isNullorUndefined(host)) { + const { host, user } = store.getState().user; + const { systemStatus } = store.getState().global; + + if (isNullorUndefined(host) || (isNullorUndefined(user) && systemStatus.disablePublicMemos)) { return redirect("/auth"); } return null; @@ -220,8 +238,10 @@ const router = createBrowserRouter([ // do nth } - const { host } = store.getState().user; - if (isNullorUndefined(host)) { + const { host, user } = store.getState().user; + const { systemStatus } = store.getState().global; + + if (isNullorUndefined(host) || (isNullorUndefined(user) && systemStatus.disablePublicMemos)) { return redirect("/auth"); } return null;