Skip to content

Commit 797421f

Browse files
orangecodingorangecoding
committed
hardening demo handling
1 parent 0b2b42f commit 797421f

File tree

1 file changed

+22
-0
lines changed

1 file changed

+22
-0
lines changed

lib/api/routes/jobRouter.js

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,10 +11,13 @@ import logger from '../../services/logger.js';
1111
import { bus } from '../../services/events/event-bus.js';
1212
import { isRunning as isJobRunning } from '../../services/jobs/run-state.js';
1313
import { addClient as addSseClient, removeClient } from '../../services/sse/sse-broker.js';
14+
import { getSettings } from '../../services/storage/settingsStorage.js';
1415

1516
const service = restana();
1617
const jobRouter = service.newRouter();
1718

19+
const DEMO_JOB_NAME = 'Demo-Job';
20+
1821
function doesJobBelongsToUser(job, req) {
1922
const userId = req.session.currentUser;
2023
if (userId == null) {
@@ -161,6 +164,7 @@ jobRouter.post('/:jobId/run', async (req, res) => {
161164

162165
jobRouter.post('/', async (req, res) => {
163166
const { provider, notificationAdapter, name, blacklist = [], jobId, enabled, shareWithUsers = [] } = req.body;
167+
const settings = await getSettings();
164168
try {
165169
let jobFromDb = jobStorage.getJob(jobId);
166170

@@ -169,6 +173,11 @@ jobRouter.post('/', async (req, res) => {
169173
return;
170174
}
171175

176+
if (settings.demoMode && jobFromDb.name === DEMO_JOB_NAME) {
177+
res.send(new Error('Sorry, but you cannot change the Status of our Demo Job ;)'));
178+
return;
179+
}
180+
172181
jobStorage.upsertJob({
173182
userId: req.session.currentUser,
174183
jobId,
@@ -188,8 +197,14 @@ jobRouter.post('/', async (req, res) => {
188197

189198
jobRouter.delete('', async (req, res) => {
190199
const { jobId } = req.body;
200+
const settings = await getSettings();
191201
try {
192202
const job = jobStorage.getJob(jobId);
203+
if (settings.demoMode && job.name === DEMO_JOB_NAME) {
204+
res.send(new Error('Sorry, but you cannot remove the Demo Job ;)'));
205+
return;
206+
}
207+
193208
if (!doesJobBelongsToUser(job, req)) {
194209
res.send(new Error('You are trying to remove a job that is not associated to your user'));
195210
} else {
@@ -204,8 +219,15 @@ jobRouter.delete('', async (req, res) => {
204219
jobRouter.put('/:jobId/status', async (req, res) => {
205220
const { status } = req.body;
206221
const { jobId } = req.params;
222+
const settings = await getSettings();
207223
try {
208224
const job = jobStorage.getJob(jobId);
225+
226+
if (settings.demoMode && job.name === DEMO_JOB_NAME) {
227+
res.send(new Error('Sorry, but you cannot change the Status of our Demo Job ;)'));
228+
return;
229+
}
230+
209231
if (!doesJobBelongsToUser(job, req)) {
210232
res.send(new Error('You are trying change a job that is not associated to your user'));
211233
} else {

0 commit comments

Comments
 (0)