use resource guid in url closes #1517

2026-02-22 21:06:37 +00:00 · 2025-09-28 16:22:26 -07:00
parent 1a13694843
commit 8851156f23
9 changed files with 144 additions and 53 deletions
--- a/server/routers/badger/verifySession.ts
+++ b/server/routers/badger/verifySession.ts
@@ -206,7 +206,7 @@ export async function verifyResourceSession(
            endpoint = config.getRawConfig().app.dashboard_url!;
        }
        const redirectUrl = `${endpoint}/auth/resource/${encodeURIComponent(
-            resource.resourceId
+            resource.resourceGuid
        )}?redirect=${encodeURIComponent(originalRequestURL)}`;

        // check for access token in headers
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@@ -540,7 +540,7 @@ authenticated.post(
 );
 authenticated.post(`/supporter-key/hide`, supporterKey.hideSupporterKey);

-unauthenticated.get("/resource/:resourceId/auth", resource.getResourceAuthInfo);
+unauthenticated.get("/resource/:resourceGuid/auth", resource.getResourceAuthInfo);

 // authenticated.get(
 //     "/role/:roleId/resources",
--- a/server/routers/resource/getResourceAuthInfo.ts
+++ b/server/routers/resource/getResourceAuthInfo.ts
@@ -15,16 +15,15 @@ import logger from "@server/logger";

 const getResourceAuthInfoSchema = z
    .object({
-        resourceId: z
-            .string()
-            .transform(Number)
-            .pipe(z.number().int().positive())
+        resourceGuid: z.string()
    })
    .strict();

 export type GetResourceAuthInfoResponse = {
    resourceId: number;
+    resourceGuid: string;
    resourceName: string;
+    niceId: string;
    password: boolean;
    pincode: boolean;
    sso: boolean;
@@ -51,7 +50,7 @@ export async function getResourceAuthInfo(
            );
        }

-        const { resourceId } = parsedParams.data;
+        const { resourceGuid } = parsedParams.data;

        const [result] = await db
            .select()
@@ -64,7 +63,7 @@ export async function getResourceAuthInfo(
                resourcePassword,
                eq(resourcePassword.resourceId, resources.resourceId)
            )
-            .where(eq(resources.resourceId, resourceId))
+            .where(eq(resources.resourceGuid, resourceGuid))
            .limit(1);

        const resource = result?.resources;
@@ -81,6 +80,8 @@ export async function getResourceAuthInfo(

        return response<GetResourceAuthInfoResponse>(res, {
            data: {
+                niceId: resource.niceId,
+                resourceGuid: resource.resourceGuid,
                resourceId: resource.resourceId,
                resourceName: resource.name,
                password: password !== null,