tomas/pocketbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

allowed specifying non-context auth model for the file token endpoint

Browse Source
This commit is contained in:
Gani Georgiev
2023-04-17 22:04:58 +03:00
parent c937c06688
commit a7d5a0640c
2 changed files with 28 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apis/file.go
+2 -2
View File
@@ -28,7 +28,7 @@ func bindFileApi(app core.App, rg *echo.Group) {
api := fileApi{app: app}
subGroup := rg.Group("/files", ActivityLogger(app))
subGroup.POST("/token", api.fileToken, RequireAdminOrRecordAuth())
subGroup.POST("/token", api.fileToken)
subGroup.HEAD("/:collection/:recordId/:filename", api.download, LoadCollectionContext(api.app))
subGroup.GET("/:collection/:recordId/:filename", api.download, LoadCollectionContext(api.app))
}
@@ -50,7 +50,7 @@ func (api *fileApi) fileToken(c echo.Context) error {
}
handlerErr := api.app.OnFileBeforeTokenRequest().Trigger(event, func(e *core.FileTokenEvent) error {
if e.Token == "" {
if e.Model == nil || e.Token == "" {
return NewBadRequestError("Failed to generate file token.", nil)
}