Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00
Code Issues Activity

fix(core): disable bring your ui feature for admin tenant (#6300)

Browse source
This commit is contained in:
Charles Zhao 2024-07-23 10:57:12 +08:00 committed by GitHub
parent 3cb3e5f14d
commit 27e0d36e64
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
packages/core/src/routes/sign-in-experience/custom-ui-assets/index.ts
View file

@ -1,6 +1,6 @@
import { readFile } from 'node:fs/promises';
import { uploadFileGuard, maxUploadFileSize } from '@logto/schemas';
import { uploadFileGuard, maxUploadFileSize, adminTenantId } from '@logto/schemas';
import { generateStandardId } from '@logto/shared';
import pRetry, { AbortError } from 'p-retry';
import { object, z } from 'zod';
@ -53,6 +53,10 @@ export default function customUiAssetsRoutes<T extends ManagementApiRouter>(
assertThat(file.size <= maxUploadFileSize, 'guard.file_size_exceeded');
assertThat(file.mimetype === 'application/zip', 'guard.mime_type_not_allowed');
const [tenantId] = await getTenantId(ctx.URL);
assertThat(tenantId, 'guard.can_not_get_tenant_id');
assertThat(tenantId !== adminTenantId, 'guard.not_allowed_for_admin_tenant');
const { experienceZipsProviderConfig } = SystemContext.shared;
assertThat(
experienceZipsProviderConfig?.provider === 'AzureStorage',
@ -65,9 +69,6 @@ export default function customUiAssetsRoutes<T extends ManagementApiRouter>(
container
);
const [tenantId] = await getTenantId(ctx.URL);
assertThat(tenantId, 'guard.can_not_get_tenant_id');
const customUiAssetId = generateStandardId(8);
const objectKey = `${tenantId}/${customUiAssetId}/assets.zip`;
const errorLogObjectKey = `${tenantId}/${customUiAssetId}/error.log`;

1
packages/phrases/src/locales/en/errors/guard.ts
View file

@ -4,6 +4,7 @@ const guard = {
can_not_get_tenant_id: 'Unable to get tenant id from request.',
file_size_exceeded: 'File size exceeded.',
mime_type_not_allowed: 'MIME type is not allowed.',
not_allowed_for_admin_tenant: 'Not allowed for admin tenant.',
};
export default Object.freeze(guard);