From 93dac5913e7a8e2e201068a40a3db3a5d05437ae Mon Sep 17 00:00:00 2001 From: Matheus-Aguilar Date: Wed, 10 Jul 2024 15:29:02 -0300 Subject: [PATCH] fix: allow api token --- node/directives/checkAdminAccess.ts | 8 ++++++-- node/directives/checkUserAccess.ts | 8 +++++++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/node/directives/checkAdminAccess.ts b/node/directives/checkAdminAccess.ts index a65f3f0..03ac72b 100644 --- a/node/directives/checkAdminAccess.ts +++ b/node/directives/checkAdminAccess.ts @@ -65,7 +65,7 @@ export class CheckAdminAccess extends SchemaDirectiveVisitor { sendAuthMetric(logger, auditMetric) - if (!hasAdminToken && !hasAdminTokenOnHeader) { + if (!hasAdminToken && !hasApiToken && !hasAdminTokenOnHeader) { logger.warn({ message: 'CheckAdminAccess: No token provided', userAgent, @@ -83,7 +83,11 @@ export class CheckAdminAccess extends SchemaDirectiveVisitor { throw new AuthenticationError('No token was provided') } - if (!hasCurrentValidAdminToken && !hasCurrentValidAdminTokenOnHeader) { + if ( + !hasCurrentValidAdminToken && + !hasValidApiToken && + !hasCurrentValidAdminTokenOnHeader + ) { logger.warn({ message: 'CheckAdminAccess: Invalid token', userAgent, diff --git a/node/directives/checkUserAccess.ts b/node/directives/checkUserAccess.ts index 17fd9cc..958894f 100644 --- a/node/directives/checkUserAccess.ts +++ b/node/directives/checkUserAccess.ts @@ -68,7 +68,12 @@ export class CheckUserAccess extends SchemaDirectiveVisitor { sendAuthMetric(logger, auditMetric) - if (!hasAdminToken && !hasStoreToken && !hasAdminTokenOnHeader) { + if ( + !hasAdminToken && + !hasApiToken && + !hasStoreToken && + !hasAdminTokenOnHeader + ) { logger.warn({ message: 'CheckUserAccess: No token provided', userAgent, @@ -88,6 +93,7 @@ export class CheckUserAccess extends SchemaDirectiveVisitor { if ( !hasCurrentValidAdminToken && + !hasValidApiToken && !hasCurrentValidStoreToken && !hasCurrentValidAdminTokenOnHeader ) {