web3-storage · e-schneid · Jun 1, 2022 · May 31, 2022
@@ -1,6 +1,7 @@
 import * as JWT from './utils/jwt.js'
 import {
   AccountRestrictedError,
+  DeleteRestrictedError,
   MagicTokenRequiredError,
   NoTokenError,
   PinningUnauthorizedError,
@@ -102,6 +103,23 @@ export function withAccountNotRestricted (handler) {
   }
 }
 
+/**
+ * Middleware: verify that the authenticated request is for a user whose
+ * ability to delete is not restricted.
+ *
+ * @param {import('itty-router').RouteHandler} handler
+ * @returns {import('itty-router').RouteHandler}
+ */
+export function withDeleteNotRestricted (handler) {
+  return async (request, env, ctx) => {
+    const isDeleteRestricted = request.auth.userTags.find(v => (v.tag === USER_TAGS.DELETE_RESTRICTION && v.value === 'true'))
+    if (!isDeleteRestricted) {
+      return handler(request, env, ctx)
+    }
+    throw new DeleteRestrictedError()
+  }
+}
+
 /**
  * Middleware: verify that the authenticated request is for a user who is
  * authorized to pin.

@@ -7,5 +7,6 @@ export const UPLOAD_TYPES = ['Car', 'Blob', 'Multipart', 'Upload']
 export const PIN_STATUSES = ['PinQueued', 'Pinning', 'Pinned', 'PinError']
 export const USER_TAGS = {
   ACCOUNT_RESTRICTION: 'HasAccountRestriction',
+  DELETE_RESTRICTION: 'HasDeleteRestriction',
   PSA_ACCESS: 'HasPsaAccess'
 }
@@ -49,6 +49,15 @@ export class AccountRestrictedError extends HTTPError {
 }
 AccountRestrictedError.CODE = 'ERROR_ACCOUNT_RESTRICTED'
 
+export class DeleteRestrictedError extends HTTPError {
+  constructor (msg = 'Delete operations restricted.') {
+    super(msg, 403)
+    this.name = 'DeleteRestrictedError'
+    this.code = DeleteRestrictedError.CODE
+  }
+}
+DeleteRestrictedError.CODE = 'ERROR_DELETE_RESTRICTED'
+
 export class TokenNotFoundError extends HTTPError {
   constructor (msg = 'API token no longer valid') {
     super(msg, 401)

@@ -2,7 +2,7 @@
 import { Router } from 'itty-router'
 import { errorHandler } from './error-handler.js'
 import { addCorsHeaders, withCorsHeaders, corsOptions } from './cors.js'
-import { withAccountNotRestricted, withApiOrMagicToken, withMagicToken, withPinningAuthorized } from './auth.js'
+import { withAccountNotRestricted, withDeleteNotRestricted, withApiOrMagicToken, withMagicToken, withPinningAuthorized } from './auth.js'
 import { envAll } from './env.js'
 import { statusGet } from './status.js'
 import { carHead, carGet, carPut, carPost } from './car.js'
@@ -48,9 +48,15 @@ const auth = {
   // must be a logged in user
   '👤': compose(withCorsHeaders, withMagicToken),
 
+  // must be a logged in user with no delete restriction
+  '👤🗑️': compose(withCorsHeaders, withMagicToken, withDeleteNotRestricted),
+
   // needs PSA & restricted users allowed
   '📌⚠️': compose(withCorsHeaders, withApiOrMagicToken, withPinningAuthorized),
 
+  // needs PSA & restricted users with no delete restriction allowed
+  '📌⚠️🗑️': compose(withCorsHeaders, withApiOrMagicToken, withDeleteNotRestricted, withPinningAuthorized),
+
   // needs PSA
   '📌': compose(withCorsHeaders, withApiOrMagicToken, withAccountNotRestricted, withPinningAuthorized) // needs PSA
 }
@@ -70,17 +76,17 @@ router.post('/pins',                auth['📌'](pinPost))
 router.post('/pins/:requestId',     auth['📌'](pinPost))
 router.get('/pins/:requestId',      auth['📌⚠️'](pinGet))
 router.get('/pins',                 auth['📌⚠️'](pinsGet))
-router.delete('/pins/:requestId',   auth['📌⚠️'](pinDelete))
+router.delete('/pins/:requestId',   auth['📌⚠️🗑️'](pinDelete))
 
 router.get('/name/:key',            auth['🌍'](nameGet))
 router.get('/name/:key/watch',      auth['🌍'](nameWatchGet))
 router.post('/name/:key',           auth['🔑'](namePost))
 
-router.delete('/user/uploads/:cid',      auth['👤'](userUploadsDelete))
+router.delete('/user/uploads/:cid',      auth['👤🗑️'](userUploadsDelete))
 router.post('/user/uploads/:cid/rename', auth['👤'](userUploadsRename))
 router.get('/user/tokens',               auth['👤'](userTokensGet))
 router.post('/user/tokens',              auth['👤'](userTokensPost))
-router.delete('/user/tokens/:id',        auth['👤'](userTokensDelete))
+router.delete('/user/tokens/:id',        auth['👤🗑️'](userTokensDelete))
 router.get('/user/account',              auth['👤'](userAccountGet))
 router.get('/user/info',                 auth['👤'](userInfoGet))
 /* eslint-enable no-multi-spaces */

@@ -135,6 +135,7 @@ export async function userInfoGet (request, env) {
       ...user,
       tags: {
         HasAccountRestriction: hasTag(user, 'HasAccountRestriction', 'true'),
+        HasDeleteRestriction: hasTag(user, 'HasDeleteRestriction', 'true'),
         HasPsaAccess: hasTag(user, 'HasPsaAccess', 'true'),
         HasSuperHotAccess: hasTag(user, 'HasSuperHotAccess', 'true'),
         StorageLimitBytes: getTagValue(user, 'StorageLimitBytes', '')

@@ -0,0 +1 @@
+ALTER TYPE user_tag_type ADD VALUE 'HasDeleteRestriction';
@@ -1,4 +1,4 @@
-DO 
+DO
 $$
 BEGIN
   -- Auth key blocked status type is the type of blocking that has occurred on the api
@@ -19,14 +19,15 @@ BEGIN
     CREATE TYPE user_tag_type AS ENUM
     (
       'HasAccountRestriction',
+      'HasDeleteRestriction',
       'HasPsaAccess',
       'StorageLimitBytes'
     );
   END IF;
 
   -- Types for notification emails
   IF NOT EXISTS (SELECT 1 FROM pg_type WHERE typname = 'email_type') THEN
-    CREATE TYPE email_type AS ENUM 
+    CREATE TYPE email_type AS ENUM
       (
         'User75PercentStorage',
         'User80PercentStorage',
@@ -310,7 +311,7 @@ CREATE TABLE IF NOT EXISTS metric
     updated_at  TIMESTAMP WITH TIME ZONE DEFAULT timezone('utc'::text, now()) NOT NULL
 );
 
-CREATE TABLE IF NOT EXISTS email_history 
+CREATE TABLE IF NOT EXISTS email_history
 (
   id              BIGSERIAL PRIMARY KEY,
   -- the id of the user being notified