From 08082f41ba5a5e71d73b0870be91cf9b9baf21c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Minelli?= <git@minelli.me>
Date: Tue, 30 Apr 2024 13:21:32 +0200
Subject: [PATCH] SecurityMiddleware => Add assignment secret check

---
 ExpressAPI/src/middlewares/SecurityMiddleware.ts | 2 ++
 ExpressAPI/src/types/SecurityCheckType.ts        | 1 +
 2 files changed, 3 insertions(+)

diff --git a/ExpressAPI/src/middlewares/SecurityMiddleware.ts b/ExpressAPI/src/middlewares/SecurityMiddleware.ts
index bfe307e..1b7edc4 100644
--- a/ExpressAPI/src/middlewares/SecurityMiddleware.ts
+++ b/ExpressAPI/src/middlewares/SecurityMiddleware.ts
@@ -26,6 +26,8 @@ class SecurityMiddleware {
                     return req.boundParams.assignment?.published ?? false;
                 case SecurityCheckType.EXERCISE_SECRET.valueOf():
                     return (req.headers.exercisesecret as string | undefined) === req.boundParams.exercise!.secret;
+                case SecurityCheckType.ASSIGNMENT_SECRET:
+                    return (req.headers.assignmentsecret as string | undefined) === req.boundParams.assignment!.secret;
                 default:
                     return false;
             }
diff --git a/ExpressAPI/src/types/SecurityCheckType.ts b/ExpressAPI/src/types/SecurityCheckType.ts
index e6f122b..9cbb61b 100644
--- a/ExpressAPI/src/types/SecurityCheckType.ts
+++ b/ExpressAPI/src/types/SecurityCheckType.ts
@@ -5,6 +5,7 @@ enum SecurityCheckType {
     ASSIGNMENT_STAFF        = 'assignmentStaff',
     ASSIGNMENT_IS_PUBLISHED = 'assignmentIsPublished',
     EXERCISE_SECRET         = 'exerciseSecret',
+    ASSIGNMENT_SECRET       = 'assignmentSecret',
 }
 
 
-- 
GitLab