Added ability to set a moderator via JWT and added a Clear tool for moderators #249
Conversation
There was a problem hiding this comment.
Great, thanks for the PR !
A few remarks :
- It looks like the server accepts "clear" requests without checking the moderator role.
- Can we use the standard role claim in th JWT instead of a custom "moderator" claim ?
- Where does the SVG come from ?
|
Not sure why the build test is failing. It completes all tests when I run locally and even in the test itself it is passing most of the tests, it's just the circle test that is failing, and I've not touched that code. Are you able to re-run the test? In response to your requests
|
There was a problem hiding this comment.
Great ! I'm ready to merge this, but you'll need to change the illustration. You need to have the right of redistributing it under WBO's license.
You can create your own svg icon, or use an existing true open-source icon, such as one from remixicon for example
server/server.js
Outdated
| var payload = jsonwebtoken.verify(token, config.AUTH_SECRET_KEY); | ||
| var roles = payload.roles; | ||
| if(roles) { | ||
| return roles.includes("moderator"); | ||
| } else { | ||
| return false; | ||
| } |
There was a problem hiding this comment.
Ca we avoid code duplication and use isModerator here ?
|
I've made the code change requested and have changed the icon to one I've created |
|
The code is still duplicated between checkUserPermission in server.js and isModerator in board.js, isn't it ? |
|
Sorry, got confused. I've removed the duplication now. Both server.js and boardData.js now reference the new jwtauth.js file |
|
Great, thank you for your contribution! |
|
That's great. Thanks so much for the brilliant whiteboard! Happy to contribute |
|
Will this get published on Docker Hub, @lovasoa? Thanks for the nice feature, @jamesdeacon! |
You can now add a
moderatorkey within the jwt. If this is set to true then the user will have access to a Clear tool, which will wipe the entire contents of the board.This fixes issues #92 and #212
By opening a pull request, I certify that I hold the intellectual property of the code I am submitting, and I am granting the initial authors of WBO a perpetual, worldwide, non-exclusive, royalty-free, and irrevocable license to this code.