[WEB-2603] fix: remove validation of roles from the live server (#5761)

* fix: remove validation of roles from the live server * chore: remove the service * fix: remove all validation of authorization * fix: props updated
2026-02-14 01:59:28 -06:00 · 2024-10-08 16:55:26 +05:30
parent f73a603226
commit be092ac99f
4 changed files with 3 additions and 102 deletions
--- a/live/src/ce/lib/authentication.ts
+++ b/live/src/ce/lib/authentication.ts
@@ -1,15 +0,0 @@
-import { ConnectionConfiguration } from "@hocuspocus/server";
-// types
-import { TDocumentTypes } from "@/core/types/common.js";
-
-type TArgs = {
-  connection: ConnectionConfiguration
-  cookie: string;
-  documentType: TDocumentTypes | undefined;
-  params: URLSearchParams;
-}
-
-export const authenticateUser = async (args: TArgs): Promise<void> => {
-  const { documentType } = args;
-  throw Error(`Authentication failed: Invalid document type ${documentType} provided.`);
-}
--- a/live/src/core/hocuspocus-server.ts
+++ b/live/src/core/hocuspocus-server.ts
@@ -12,15 +12,11 @@ export const getHocusPocusServer = async () => {
    name: serverName,
    onAuthenticate: async ({
      requestHeaders,
-      requestParameters,
-      connection,
      // user id used as token for authentication
      token,
    }) => {
      // request headers
      const cookie = requestHeaders.cookie?.toString();
-      // params
-      const params = requestParameters;

      if (!cookie) {
        throw Error("Credentials not provided");
@@ -28,9 +24,7 @@ export const getHocusPocusServer = async () => {

      try {
        await handleAuthentication({
-          connection,
          cookie,
-          params,
          token,
        });
      } catch (error) {
@@ -38,6 +32,6 @@ export const getHocusPocusServer = async () => {
      }
    },
    extensions,
-    debounce: 10000
+    debounce: 10000,
  });
 };
--- a/live/src/core/lib/authentication.ts
+++ b/live/src/core/lib/authentication.ts
@@ -1,28 +1,17 @@
-import { ConnectionConfiguration } from "@hocuspocus/server";
 // services
 import { UserService } from "@/core/services/user.service.js";
-// types
-import { TDocumentTypes } from "@/core/types/common.js";
-// plane live lib
-import { authenticateUser } from "@/plane-live/lib/authentication.js";
 // core helpers
 import { manualLogger } from "@/core/helpers/logger.js";

 const userService = new UserService();

 type Props = {
-  connection: ConnectionConfiguration;
  cookie: string;
-  params: URLSearchParams;
  token: string;
 };

 export const handleAuthentication = async (props: Props) => {
-  const { connection, cookie, params, token } = props;
-  // params
-  const documentType = params.get("documentType")?.toString() as
-    | TDocumentTypes
-    | undefined;
+  const { cookie, token } = props;
  // fetch current user info
  let response;
  try {
@@ -35,40 +24,6 @@ export const handleAuthentication = async (props: Props) => {
    throw Error("Authentication failed: Token doesn't match the current user.");
  }

-  if (documentType === "project_page") {
-    // params
-    const workspaceSlug = params.get("workspaceSlug")?.toString();
-    const projectId = params.get("projectId")?.toString();
-    if (!workspaceSlug || !projectId) {
-      throw Error(
-        "Authentication failed: Incomplete query params. Either workspaceSlug or projectId is missing."
-      );
-    }
-    // fetch current user's project membership info
-    try {
-      const projectMembershipInfo = await userService.getUserProjectMembership(
-        workspaceSlug,
-        projectId,
-        cookie
-      );
-      const projectRole = projectMembershipInfo.role;
-      // make the connection read only for roles lower than a member
-      if (projectRole < 15) {
-        connection.readOnly = true;
-      }
-    } catch (error) {
-      manualLogger.error("Failed to fetch project membership info:", error);
-      throw error;
-    }
-  } else {
-    await authenticateUser({
-      connection,
-      cookie,
-      documentType,
-      params,
-    });
-  }
-
  return {
    user: {
      id: response.id,
--- a/live/src/core/services/user.service.ts
+++ b/live/src/core/services/user.service.ts
@@ -1,5 +1,5 @@
 // types
-import type { IProjectMember, IUser } from "@plane/types";
+import type { IUser } from "@plane/types";
 // services
 import { API_BASE_URL, APIService } from "@/core/services/api.service.js";

@@ -25,37 +25,4 @@ export class UserService extends APIService {
        throw error;
      });
  }
-
-  async getUserWorkspaceMembership(
-    workspaceSlug: string,
-    cookie: string
-  ): Promise<IProjectMember> {
-    return this.get(`/api/workspaces/${workspaceSlug}/workspace-members/me/`,
-      {
-        headers: {
-          Cookie: cookie,
-        },
-      })
-      .then((response) => response?.data)
-      .catch((error) => {
-        throw error?.response;
-      });
-  }
-
-  async getUserProjectMembership(
-    workspaceSlug: string,
-    projectId: string,
-    cookie: string
-  ): Promise<IProjectMember> {
-    return this.get(`/api/workspaces/${workspaceSlug}/projects/${projectId}/project-members/me/`,
-      {
-        headers: {
-          Cookie: cookie,
-        },
-      })
-      .then((response) => response?.data)
-      .catch((error) => {
-        throw error?.response;
-      });
-  }
 }