Skip to content

Commit 569eeb4

Browse files
feat: update server routes to use visibility field for access control
Allow public+unlisted configs for install/view/OG, block only private. Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-opencode) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
1 parent abae017 commit 569eeb4

File tree

5 files changed

+17
-18
lines changed

5 files changed

+17
-18
lines changed

src/hooks.server.ts

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -48,8 +48,8 @@ export const handle: Handle = async ({ event, resolve }) => {
4848
const env = event.platform?.env;
4949

5050
if (env) {
51-
const config = await env.DB.prepare('SELECT c.slug, c.custom_script, c.dotfiles_repo, u.username FROM configs c JOIN users u ON c.user_id = u.id WHERE c.alias = ? AND c.is_public = 1')
52-
.bind(alias)
51+
const config = await env.DB.prepare('SELECT c.slug, c.custom_script, c.dotfiles_repo, u.username FROM configs c JOIN users u ON c.user_id = u.id WHERE c.alias = ? AND c.visibility IN (?, ?)')
52+
.bind(alias, 'public', 'unlisted')
5353
.first<{ slug: string; username: string; custom_script: string; dotfiles_repo: string }>();
5454

5555
if (config) {
@@ -88,11 +88,11 @@ export const handle: Handle = async ({ event, resolve }) => {
8888

8989
const user = await env.DB.prepare('SELECT id FROM users WHERE username = ?').bind(username).first<{ id: string }>();
9090
if (user) {
91-
const config = await env.DB.prepare('SELECT custom_script, is_public, dotfiles_repo FROM configs WHERE user_id = ? AND slug = ?')
92-
.bind(user.id, slug)
93-
.first<{ custom_script: string; is_public: number; dotfiles_repo: string }>();
91+
const config = await env.DB.prepare('SELECT custom_script, visibility, dotfiles_repo FROM configs WHERE user_id = ? AND slug = ?')
92+
.bind(user.id, slug)
93+
.first<{ custom_script: string; visibility: string; dotfiles_repo: string }>();
9494

95-
if (config && config.is_public) {
95+
if (config && config.visibility !== 'private') {
9696
const script = generateInstallScript(username, slug, config.custom_script, config.dotfiles_repo || '');
9797

9898
env.DB.prepare('UPDATE configs SET install_count = install_count + 1 WHERE user_id = ? AND slug = ?').bind(user.id, slug).run().catch(() => {});

src/routes/[username]/[slug]/+page.server.ts

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -23,11 +23,10 @@ export const load: PageServerLoad = async ({ params, platform, request, cookies
2323

2424
if (!config) throw error(404, 'Configuration not found');
2525

26-
// 3. Check visibility
27-
if (!config.is_public) {
26+
if (config.visibility === 'private') {
2827
const currentUser = await getCurrentUser(request, cookies, env.DB, env.JWT_SECRET);
2928
if (!currentUser || currentUser.id !== targetUser.id) {
30-
throw error(404, 'Configuration not found'); // Hide private configs
29+
throw error(404, 'Configuration not found');
3130
}
3231
}
3332

src/routes/[username]/[slug]/config/+server.ts

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,16 +16,16 @@ export const GET: RequestHandler = async ({ platform, params }) => {
1616
}
1717

1818
const config = await env.DB.prepare(
19-
'SELECT slug, name, base_preset, packages, snapshot, is_public, dotfiles_repo FROM configs WHERE user_id = ? AND slug = ?'
19+
'SELECT slug, name, base_preset, packages, snapshot, visibility, dotfiles_repo FROM configs WHERE user_id = ? AND slug = ?'
2020
)
2121
.bind(user.id, params.slug)
22-
.first<{ slug: string; name: string; base_preset: string; packages: string; snapshot: string; is_public: number; dotfiles_repo: string }>();
22+
.first<{ slug: string; name: string; base_preset: string; packages: string; snapshot: string; visibility: string; dotfiles_repo: string }>();
2323

2424
if (!config) {
2525
return json({ error: 'Config not found' }, { status: 404 });
2626
}
2727

28-
if (!config.is_public) {
28+
if (config.visibility === 'private') {
2929
return json({ error: 'Config is private' }, { status: 403 });
3030
}
3131

src/routes/[username]/[slug]/install/+server.ts

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,15 +12,15 @@ export const GET: RequestHandler = async ({ platform, params }) => {
1212
return new Response('User not found', { status: 404 });
1313
}
1414

15-
const config = await env.DB.prepare('SELECT custom_script, is_public, dotfiles_repo FROM configs WHERE user_id = ? AND slug = ?')
15+
const config = await env.DB.prepare('SELECT custom_script, visibility, dotfiles_repo FROM configs WHERE user_id = ? AND slug = ?')
1616
.bind(user.id, params.slug)
17-
.first<{ custom_script: string; is_public: number; dotfiles_repo: string }>();
17+
.first<{ custom_script: string; visibility: string; dotfiles_repo: string }>();
1818

1919
if (!config) {
2020
return new Response('Config not found', { status: 404 });
2121
}
2222

23-
if (!config.is_public) {
23+
if (config.visibility === 'private') {
2424
return new Response('Config is private', { status: 403 });
2525
}
2626

src/routes/[username]/[slug]/og/+server.ts

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -145,18 +145,18 @@ export const GET: RequestHandler = async ({ params, platform }) => {
145145
if (!targetUser) return new Response('Not found', { status: 404 });
146146

147147
const config = await env.DB.prepare(
148-
'SELECT name, description, packages, is_public, base_preset FROM configs WHERE user_id = ? AND slug = ?'
148+
'SELECT name, description, packages, visibility, base_preset FROM configs WHERE user_id = ? AND slug = ?'
149149
)
150150
.bind(targetUser.id, slug)
151151
.first<{
152152
name: string;
153153
description: string;
154154
packages: string;
155-
is_public: number;
155+
visibility: string;
156156
base_preset: string;
157157
}>();
158158

159-
if (!config || !config.is_public) return new Response('Not found', { status: 404 });
159+
if (!config || config.visibility === 'private') return new Response('Not found', { status: 404 });
160160

161161
const rawPkgs: { name: string; type: string }[] = (() => {
162162
try {

0 commit comments

Comments
 (0)