mirror/papermark
1
0
Fork 0
mirror of https://github.com/mfts/papermark.git synced 2025-12-20 01:03:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: isEmailMatched

Browse Source
This commit is contained in:
Marc Seitz
2025-07-15 14:58:46 +02:00
parent da445d7d2e
commit e2862a81b8
4 changed files with 105 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
app/api/views-dataroom/route.ts
View File

@@ -22,11 +22,11 @@ import { parseSheet } from "@/lib/sheet";
import { recordLinkView } from "@/lib/tracking/record-link-view";
import { CustomUser, WatermarkConfigSchema } from "@/lib/types";
import { checkPassword, decryptEncrpytedPassword, log } from "@/lib/utils";
import { extractEmailDomain, isEmailMatched } from "@/lib/utils/email-domain";
import { generateOTP } from "@/lib/utils/generate-otp";
import { LOCALHOST_IP } from "@/lib/utils/geo";
import { validateEmail } from "@/lib/utils/validate-email";
import { checkGlobalBlockList } from "@/lib/utils/global-block-list";
import { extractEmailDomain, isEmailBlocked } from "@/lib/utils/email-domain";
import { validateEmail } from "@/lib/utils/validate-email";
export async function POST(request: NextRequest) {
try {
@@ -275,7 +275,10 @@ export async function POST(request: NextRequest) {
}
// Check global block list first - this overrides all other access controls
const globalBlockCheck = checkGlobalBlockList(email, link.team?.globalBlockList);
const globalBlockCheck = checkGlobalBlockList(
email,
link.team?.globalBlockList,
);
if (globalBlockCheck.error) {
return NextResponse.json(
{ message: globalBlockCheck.error },
@@ -283,20 +286,14 @@ export async function POST(request: NextRequest) {
);
}
if (globalBlockCheck.isBlocked) {
return NextResponse.json(
{ message: "Access denied" },
{ status: 403 },
);
return NextResponse.json({ message: "Access denied" }, { status: 403 });
}
// Check if email is allowed to visit the link
if (link.allowList && link.allowList.length > 0) {
// Determine if the email or its domain is allowed
const isAllowed = link.allowList.some((allowed) =>
isEmailBlocked(email, allowed) === false && (
allowed === email ||
(allowed.startsWith("@") && extractEmailDomain(email) === allowed)
)
isEmailMatched(email, allowed),
);
// Deny access if the email is not allowed
@@ -312,7 +309,7 @@ export async function POST(request: NextRequest) {
if (link.denyList && link.denyList.length > 0) {
// Determine if the email or its domain is denied
const isDenied = link.denyList.some((denied) =>
isEmailBlocked(email, denied)
isEmailMatched(email, denied),
);
// Deny access if the email is denied
@@ -354,9 +351,9 @@ export async function POST(request: NextRequest) {
// Extract domain from email
const emailDomain = extractEmailDomain(email);
// Check domain access
const hasDomainAccess = emailDomain ? group.domains.some(
(domain) => domain === emailDomain,
) : false;
const hasDomainAccess = emailDomain
? group.domains.some((domain) => domain === emailDomain)
: false;
if (!isMember && !hasDomainAccess) {
return NextResponse.json(
@@ -596,28 +593,28 @@ export async function POST(request: NextRequest) {
...(link.enableAgreement &&
link.agreementId &&
hasConfirmedAgreement && {
agreementResponse: {
create: {
agreementId: link.agreementId,
agreementResponse: {
create: {
agreementId: link.agreementId,
},
},
},
}),
}),
...(link.audienceType === LinkAudienceType.GROUP &&
link.groupId && {
groupId: link.groupId,
}),
groupId: link.groupId,
}),
...(customFields &&
link.customFields.length > 0 && {
customFieldResponse: {
create: {
data: link.customFields.map((field) => ({
identifier: field.identifier,
label: field.label,
response: customFields[field.identifier] || "",
})),
customFieldResponse: {
create: {
data: link.customFields.map((field) => ({
identifier: field.identifier,
label: field.label,
response: customFields[field.identifier] || "",
})),
},
},
},
}),
}),
};
// ** DATAROOM_VIEW **
@@ -921,15 +918,15 @@ export async function POST(request: NextRequest) {
documentVersion.type === "image" ||
documentVersion.type === "zip" ||
documentVersion.type === "video")) ||
(documentVersion && useAdvancedExcelViewer)
(documentVersion && useAdvancedExcelViewer)
? documentVersion.file
: undefined,
pages: documentPages ? documentPages : undefined,
notionData: undefined,
sheetData:
documentVersion &&
documentVersion.type === "sheet" &&
!useAdvancedExcelViewer
documentVersion.type === "sheet" &&
!useAdvancedExcelViewer
? sheetData
: undefined,
fileType: documentVersion
@@ -943,16 +940,16 @@ export async function POST(request: NextRequest) {
viewerEmail: viewer?.email ?? email ?? verifiedEmail ?? null,
ipAddress:
link.enableWatermark &&
link.watermarkConfig &&
WatermarkConfigSchema.parse(link.watermarkConfig).text.includes(
"{{ipAddress}}",
)
link.watermarkConfig &&
WatermarkConfigSchema.parse(link.watermarkConfig).text.includes(
"{{ipAddress}}",
)
? (ipAddress(request) ?? LOCALHOST_IP)
: undefined,
useAdvancedExcelViewer:
documentVersion &&
documentVersion.type === "sheet" &&
useAdvancedExcelViewer
documentVersion.type === "sheet" &&
useAdvancedExcelViewer
? useAdvancedExcelViewer
: undefined,
canDownload: canDownload,

21
app/api/views/route.ts
View File

@@ -19,11 +19,11 @@ import { parseSheet } from "@/lib/sheet";
import { recordLinkView } from "@/lib/tracking/record-link-view";
import { CustomUser, WatermarkConfigSchema } from "@/lib/types";
import { checkPassword, decryptEncrpytedPassword, log } from "@/lib/utils";
import { extractEmailDomain, isEmailMatched } from "@/lib/utils/email-domain";
import { generateOTP } from "@/lib/utils/generate-otp";
import { LOCALHOST_IP } from "@/lib/utils/geo";
import { validateEmail } from "@/lib/utils/validate-email";
import { checkGlobalBlockList } from "@/lib/utils/global-block-list";
import { extractEmailDomain, isEmailBlocked } from "@/lib/utils/email-domain";
import { validateEmail } from "@/lib/utils/validate-email";
export async function POST(request: NextRequest) {
try {
@@ -210,7 +210,10 @@ export async function POST(request: NextRequest) {
}
// Check global block list first - this overrides all other access controls
const globalBlockCheck = checkGlobalBlockList(email, link.team?.globalBlockList);
const globalBlockCheck = checkGlobalBlockList(
email,
link.team?.globalBlockList,
);
if (globalBlockCheck.error) {
return NextResponse.json(
{ message: globalBlockCheck.error },
@@ -218,20 +221,14 @@ export async function POST(request: NextRequest) {
);
}
if (globalBlockCheck.isBlocked) {
return NextResponse.json(
{ message: "Access denied" },
{ status: 403 },
);
return NextResponse.json({ message: "Access denied" }, { status: 403 });
}
// Check if email is allowed to visit the link
if (link.allowList && link.allowList.length > 0) {
// Determine if the email or its domain is allowed
const isAllowed = link.allowList.some((allowed) =>
isEmailBlocked(email, allowed) === false && (
allowed === email ||
(allowed.startsWith("@") && extractEmailDomain(email) === allowed)
)
isEmailMatched(email, allowed),
);
// Deny access if the email is not allowed
@@ -247,7 +244,7 @@ export async function POST(request: NextRequest) {
if (link.denyList && link.denyList.length > 0) {
// Determine if the email or its domain is denied
const isDenied = link.denyList.some((denied) =>
isEmailBlocked(email, denied)
isEmailMatched(email, denied),
);
// Deny access if the email is denied