fix permission check on domain level

2 years ago · fa2b610ea6
2 changed files with 8 additions and 8 deletions
--- a/src/backend/extension/messaging.ts
+++ b/src/backend/extension/messaging.ts
@ -10,7 +10,7 @@ let activeExtension = false;
 function sendMessage<MessageKey extends keyof MessagesMetadata>(
  message: MessageKey,
-  payload: MessagesMetadata[MessageKey]["req"],
+  payload: MessagesMetadata[MessageKey]["req"] | undefined = undefined,
  timeout: number = -1,
 ) {
  return new Promise<MessagesMetadata[MessageKey]["res"] | null>((resolve) => {
@ -54,9 +54,7 @@ export async function sendPage(
 export async function extensionInfo(): Promise<
  MessagesMetadata["hello"]["res"] | null
 > {
-  const message = await sendMessage("hello", {}, 300);
+  const message = await sendMessage("hello", undefined, 300);
  if (!message?.success) return null;
  if (!message.allowed) return null;
  return message;
 }
--- a/src/pages/parts/player/MetaPart.tsx
+++ b/src/pages/parts/player/MetaPart.tsx
@ -45,15 +45,17 @@ export function MetaPart(props: MetaPartProps) {
  const { error, value, loading } = useAsync(async () => {
    const info = await extensionInfo();
-    const isAllowed = info?.success && isAllowedExtensionVersion(info.version);
+    const isValidExtension =
      info?.success && isAllowedExtensionVersion(info.version);
-    if (isAllowed) {
+    if (isValidExtension) {
-      if (!info.hasPermission) throw new Error("extension-no-permission");
+      if (!info.allowed || !info.hasPermission)
        throw new Error("extension-no-permission");
    }
    // use api metadata or providers metadata
    const providerApiUrl = getLoadbalancedProviderApiUrl();
-    if (providerApiUrl && !isAllowed) {
+    if (providerApiUrl && !isValidExtension) {
      try {
        await fetchMetadata(providerApiUrl);
      } catch (err) {