Allow external user to publish private budget simulation

96b852e6 · Toufic Batache · 68f2c77c · 96b852e6
Commit 96b852e6 authored 1 year ago by Toufic Batache
--- a/src/routes/simulations_budget/+server.ts
+++ b/src/routes/simulations_budget/+server.ts
 import { auditRequire, cleanAudit, type Audit } from "@auditors/core"
 import fs from "fs-extra"
+import jwt from "jsonwebtoken"
 import path from "path"
 import { error, json } from "@sveltejs/kit"

 import type { DisplayMode } from "$lib/displays"
 import config from "$lib/server/config"
 import type { CachedSimulation } from "$lib/simulations"
+import type { User } from "$lib/users"

 import type { RequestHandler } from "./$types"

@@ -47,7 +49,20 @@ function auditBody(audit: Audit, dataUnknown: unknown): [unknown, unknown] {
 }

 export const POST: RequestHandler = async ({ locals, request, url }) => {
-  if (locals.user === undefined) {
+  let user = locals.user
+
+  const requestJwtToken = request.headers.get("jwt-token")
+  if (requestJwtToken !== null) {
+    try {
+      user = jwt.verify(requestJwtToken, config.jwtSecret) as User
+    } catch (e) {
+      console.warn(
+        `Invalid JSON Web Token for id_token: ${requestJwtToken}. ${e}`,
+      )
+    }
+  }
+
+  if (user === undefined) {
    throw error(401, "Unauthorized")
  }