secure get folders, update and delete

server/src/logic/sync/domain/sync.entity.ts

@@ -1,8 +1,10 @@
-import { catchError, forkJoin, map, Observable, of } from 'rxjs';
+import { catchError, firstValueFrom, forkJoin, map, Observable, of, switchMap } from 'rxjs';
 
 import { z } from 'zod';
 import { FileStatus, IConnector, SearchResults, SyncItem } from '../../connector/domain/connector';
 import { getConnector } from '../../connector/infrastructure/factory';
+import { Nuclia } from '@nuclia/core';
+import { CustomError } from '../../errors';
 
 export type Connector = {
   name: 'gdrive' | 'folder';
@@ -162,4 +164,20 @@ export class SyncEntity {
   hasAuthData() {
     return this.sourceConnector!.hasAuthData();
   }
+
+  async checkNucliaAuth(token: string) {
+    try {
+      const nuclia = new Nuclia({ ...this.kb, apiKey: '' });
+      nuclia.auth.authenticate({ access_token: token, refresh_token: '' });
+      const req = await firstValueFrom(
+        nuclia.knowledgeBox.getConfiguration().pipe(
+          map(() => true),
+          catchError(() => of(false)),
+        ),
+      );
+      return req;
+    } catch (err) {
+      return new CustomError('Error checking Nuclia auth', 500);
+    }
+  }
 }

server/src/logic/sync/presentation/routes.ts

@@ -13,6 +13,7 @@ import { SyncAllFolders } from '../domain/use-cases/sync-all-folders-data.use-ca
 import { UpdateSync } from '../domain/use-cases/update-sync.use-case';
 import { FileSystemSyncDatasource } from '../infrastructure/file-system.sync.datasource';
 import { SyncRepository } from '../infrastructure/sync.repository';
+import { SyncEntity } from '../domain/sync.entity';
 
 export class SyncFileSystemRoutes {
   private readonly basePath: string;
@@ -77,6 +78,7 @@ export class SyncFileSystemRoutes {
     router.get('/:id', async (req, res) => {
       const { id } = req.params;
       try {
+        await this.checkAuth(id, req.headers.token as string, syncRepository);
         const data = await new GetSync(syncRepository).execute(id);
         res.status(200).send(data);
       } catch (error) {
@@ -97,6 +99,7 @@ export class SyncFileSystemRoutes {
     router.get('/:id/folders', async (req, res) => {
       const { id } = req.params;
       try {
+        await this.checkAuth(id, req.headers.token as string, syncRepository);
         const data = await new GetSyncFolders(syncRepository).execute(id);
         res.status(200).send(data);
       } catch (error) {
@@ -110,6 +113,7 @@ export class SyncFileSystemRoutes {
       if (error) return res.status(400).json({ message: error });
 
       try {
+        await this.checkAuth(id, req.headers.token as string, syncRepository);
         await new UpdateSync(syncRepository).execute(updateSyncDto!);
         res.status(204).send(null);
       } catch (error) {
@@ -120,6 +124,7 @@ export class SyncFileSystemRoutes {
     router.delete('/:id', async (req, res) => {
       const { id } = req.params;
       try {
+        await this.checkAuth(id, req.headers.token as string, syncRepository);
         await new DeleteSync(syncRepository).execute(id);
         res.status(200).send(null);
       } catch (error) {
@@ -129,4 +134,19 @@ export class SyncFileSystemRoutes {
 
     return router;
   }
+
+  private async checkAuth(id: string, auth: string, syncRepository: SyncRepository) {
+    if (!auth) {
+      throw new CustomError('Check auth: No auth token provided', 401);
+    }
+    const data = await syncRepository.getSync(id);
+    if (data === null) {
+      throw new CustomError(`Check auth: Sync with id ${id} not found`, 404);
+    }
+    const syncEntity = new SyncEntity(data);
+    const checkAuth = await syncEntity.checkNucliaAuth(auth);
+    if (!checkAuth) {
+      throw new CustomError(`Check auth: Auth for sync with id ${id} not valid`, 401);
+    }
+  }
 }