mirror of
https://github.com/logto-io/logto.git
synced 2024-12-16 20:26:19 -05:00
fix(core): disable bring your ui feature for admin tenant (#6300)
This commit is contained in:
parent
3cb3e5f14d
commit
27e0d36e64
2 changed files with 6 additions and 4 deletions
|
@ -1,6 +1,6 @@
|
||||||
import { readFile } from 'node:fs/promises';
|
import { readFile } from 'node:fs/promises';
|
||||||
|
|
||||||
import { uploadFileGuard, maxUploadFileSize } from '@logto/schemas';
|
import { uploadFileGuard, maxUploadFileSize, adminTenantId } from '@logto/schemas';
|
||||||
import { generateStandardId } from '@logto/shared';
|
import { generateStandardId } from '@logto/shared';
|
||||||
import pRetry, { AbortError } from 'p-retry';
|
import pRetry, { AbortError } from 'p-retry';
|
||||||
import { object, z } from 'zod';
|
import { object, z } from 'zod';
|
||||||
|
@ -53,6 +53,10 @@ export default function customUiAssetsRoutes<T extends ManagementApiRouter>(
|
||||||
assertThat(file.size <= maxUploadFileSize, 'guard.file_size_exceeded');
|
assertThat(file.size <= maxUploadFileSize, 'guard.file_size_exceeded');
|
||||||
assertThat(file.mimetype === 'application/zip', 'guard.mime_type_not_allowed');
|
assertThat(file.mimetype === 'application/zip', 'guard.mime_type_not_allowed');
|
||||||
|
|
||||||
|
const [tenantId] = await getTenantId(ctx.URL);
|
||||||
|
assertThat(tenantId, 'guard.can_not_get_tenant_id');
|
||||||
|
assertThat(tenantId !== adminTenantId, 'guard.not_allowed_for_admin_tenant');
|
||||||
|
|
||||||
const { experienceZipsProviderConfig } = SystemContext.shared;
|
const { experienceZipsProviderConfig } = SystemContext.shared;
|
||||||
assertThat(
|
assertThat(
|
||||||
experienceZipsProviderConfig?.provider === 'AzureStorage',
|
experienceZipsProviderConfig?.provider === 'AzureStorage',
|
||||||
|
@ -65,9 +69,6 @@ export default function customUiAssetsRoutes<T extends ManagementApiRouter>(
|
||||||
container
|
container
|
||||||
);
|
);
|
||||||
|
|
||||||
const [tenantId] = await getTenantId(ctx.URL);
|
|
||||||
assertThat(tenantId, 'guard.can_not_get_tenant_id');
|
|
||||||
|
|
||||||
const customUiAssetId = generateStandardId(8);
|
const customUiAssetId = generateStandardId(8);
|
||||||
const objectKey = `${tenantId}/${customUiAssetId}/assets.zip`;
|
const objectKey = `${tenantId}/${customUiAssetId}/assets.zip`;
|
||||||
const errorLogObjectKey = `${tenantId}/${customUiAssetId}/error.log`;
|
const errorLogObjectKey = `${tenantId}/${customUiAssetId}/error.log`;
|
||||||
|
|
|
@ -4,6 +4,7 @@ const guard = {
|
||||||
can_not_get_tenant_id: 'Unable to get tenant id from request.',
|
can_not_get_tenant_id: 'Unable to get tenant id from request.',
|
||||||
file_size_exceeded: 'File size exceeded.',
|
file_size_exceeded: 'File size exceeded.',
|
||||||
mime_type_not_allowed: 'MIME type is not allowed.',
|
mime_type_not_allowed: 'MIME type is not allowed.',
|
||||||
|
not_allowed_for_admin_tenant: 'Not allowed for admin tenant.',
|
||||||
};
|
};
|
||||||
|
|
||||||
export default Object.freeze(guard);
|
export default Object.freeze(guard);
|
||||||
|
|
Loading…
Reference in a new issue