IT4Change/Ocelot-Social
3
0
Fork 0
mirror of https://github.com/IT4Change/Ocelot-Social.git synced 2025-12-13 07:45:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6621 from Ocelot-Social-Community/fix-security-subscriptions

Browse Source 
fix(backend): security subscriptions
This commit is contained in:
Hannes Heine 2023-07-20 18:38:16 +02:00 committed by GitHub
commit 3352dbd1fd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 15 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
backend/src/schema/resolvers/messages.ts
View File

@ -25,8 +25,8 @@ export default {
chatMessageAdded: {
subscribe: withFilter(
() => pubsub.asyncIterator(CHAT_MESSAGE_ADDED),
(payload, variables) => {
return payload.userId === variables.userId
(payload, variables, context) => {
return payload.userId === context.user?.id
},
),
},

4
backend/src/schema/resolvers/notifications.ts
View File

@ -7,8 +7,8 @@ export default {
notificationAdded: {
subscribe: withFilter(
() => pubsub.asyncIterator(NOTIFICATION_ADDED),
(payload, variables) => {
return payload.notificationAdded.to.id === variables.userId
(payload, variables, context) => {
return payload.notificationAdded.to.id === context.user?.id
},
),
},

4
backend/src/schema/resolvers/rooms.ts
View File

@ -20,8 +20,8 @@ export default {
roomCountUpdated: {
subscribe: withFilter(
() => pubsub.asyncIterator(ROOM_COUNT_UPDATED),
(payload, variables) => {
return payload.userId === variables.userId
(payload, variables, context) => {
return payload.userId === context.user?.id
},
),
},

2
backend/src/schema/types/type/Message.gql
View File

@ -46,5 +46,5 @@ type Query {
}
type Subscription {
chatMessageAdded(userId: ID!): Message
chatMessageAdded: Message
}

2
backend/src/schema/types/type/NOTIFIED.gql
View File

@ -38,5 +38,5 @@ type Mutation {
}
type Subscription {
notificationAdded(userId: ID!): NOTIFIED
notificationAdded: NOTIFIED
}

2
backend/src/schema/types/type/Room.gql
View File

@ -58,5 +58,5 @@ type Query {
}
type Subscription {
roomCountUpdated(userId: ID!): Int
roomCountUpdated: Int
}

3
webapp/components/Chat/Chat.vue
View File

@ -181,9 +181,6 @@ export default {
// Subscriptions
const observer = this.$apollo.subscribe({
query: chatMessageAdded(),
variables: {
userId: this.currentUser.id,
},
})
observer.subscribe({

5
webapp/components/ChatNotificationMenu/ChatNotificationMenu.vue
View File

@ -44,11 +44,6 @@ export default {
},
subscribeToMore: {
document: roomCountUpdated(),
variables() {
return {
userId: this.user.id,
}
},
updateQuery: (previousResult, { subscriptionData }) => {
return { UnreadRooms: subscriptionData.data.roomCountUpdated }
},

5
webapp/components/NotificationMenu/NotificationMenu.vue
View File

@ -137,11 +137,6 @@ export default {
},
subscribeToMore: {
document: notificationAdded(),
variables() {
return {
userId: this.user.id,
}
},
updateQuery: (previousResult, { subscriptionData }) => {
const {
data: { notificationAdded: newNotification },

4
webapp/graphql/Messages.js
View File

@ -54,8 +54,8 @@ export const messageQuery = () => {
export const chatMessageAdded = () => {
return gql`
subscription chatMessageAdded($userId: ID!) {
chatMessageAdded(userId: $userId) {
subscription chatMessageAdded {
chatMessageAdded {
_id
id
indexId

4
webapp/graphql/Rooms.js
View File

@ -66,8 +66,8 @@ export const unreadRoomsQuery = () => {
export const roomCountUpdated = () => {
return gql`
subscription roomCountUpdated($userId: ID!) {
roomCountUpdated(userId: $userId)
subscription roomCountUpdated {
roomCountUpdated
}
`
}

4
webapp/graphql/User.js
View File

@ -245,8 +245,8 @@ export const notificationAdded = () => {
${postFragment}
${groupFragment}
subscription notifications($userId: ID!) {
notificationAdded(userId: $userId) {
subscription notifications {
notificationAdded {
id
read
reason