Skip to content

Commit

Permalink
fix(static): 增添普通用户对COS upload的下载权限
Browse files Browse the repository at this point in the history
  • Loading branch information
xiangmy21 committed Oct 2, 2023
1 parent 1e8bbae commit bd7e438
Showing 1 changed file with 10 additions and 3 deletions.
13 changes: 10 additions & 3 deletions src/routes/static.ts
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,11 @@ const generalActions = [
"name/cos:DeleteObject",
"name/cos:GetBucket",
];
const viewActions = [
"name/cos:HeadObject",
"name/cos:GetObject",
"name/cos:GetBucket",
]

router.get("/team_code", async (req, res) => {
try{
Expand Down Expand Up @@ -153,7 +158,6 @@ router.get("/chat_record", async (req, res) => {
//General Template
router.get("/", async (req, res) => {
try{
const action = generalActions;
const authHeader = req.get("Authorization");
if (!authHeader) {
return res.status(401).send("401 Unauthorized: Missing token");
Expand All @@ -168,10 +172,13 @@ router.get("/", async (req, res) => {
}
const payload = decoded as JwtPayload;
if (payload.role == 'counselor' || payload.role == 'root' || payload.role == 'admin') {
const sts = await getSTS(action, "*");
const sts = await getSTS(generalActions, "*");
return res.status(200).send(sts);
}
else {
const sts = await getSTS(viewActions, "upload/*");
return res.status(200).send(sts);
}
else return res.status(401).send("401 Unauthorized");
} catch (err) {
return res.status(500).send(err);
}
Expand Down

0 comments on commit bd7e438

Please sign in to comment.