From 77967b2535aa127bf7364811f12c32d1912bfa4d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Minelli?= <git@minelli.me>
Date: Tue, 30 Apr 2024 13:21:32 +0200
Subject: [PATCH] SecurityMiddleware => Add assignment secret check

---
 ExpressAPI/src/middlewares/SecurityMiddleware.ts | 3 +++
 ExpressAPI/src/types/SecurityCheckType.ts        | 1 +
 2 files changed, 4 insertions(+)

diff --git a/ExpressAPI/src/middlewares/SecurityMiddleware.ts b/ExpressAPI/src/middlewares/SecurityMiddleware.ts
index 37e6e4a..347fad4 100644
--- a/ExpressAPI/src/middlewares/SecurityMiddleware.ts
+++ b/ExpressAPI/src/middlewares/SecurityMiddleware.ts
@@ -33,6 +33,9 @@ class SecurityMiddleware {
                             case SecurityCheckType.EXERCISE_SECRET:
                                 isAllowed = isAllowed || (req.headers.exercisesecret as string | undefined) === req.boundParams.exercise!.secret;
                                 break;
+                            case SecurityCheckType.ASSIGNMENT_SECRET:
+                                isAllowed = isAllowed || (req.headers.assignmentsecret as string | undefined) === req.boundParams.assignment!.secret;
+                                break;
                             default:
                                 break;
                         }
diff --git a/ExpressAPI/src/types/SecurityCheckType.ts b/ExpressAPI/src/types/SecurityCheckType.ts
index 3a0b733..8b1df51 100644
--- a/ExpressAPI/src/types/SecurityCheckType.ts
+++ b/ExpressAPI/src/types/SecurityCheckType.ts
@@ -3,6 +3,7 @@ enum SecurityCheckType {
     ASSIGNMENT_STAFF        = 'assignmentStaff',
     ASSIGNMENT_IS_PUBLISHED = 'assignmentIsPublished',
     EXERCISE_SECRET         = 'exerciseSecret',
+    ASSIGNMENT_SECRET       = 'assignmentSecret',
 }
 
 
-- 
GitLab