fixes

Author: oscartbeaumont

apps/web/app/api/upload/[...route]/multipart.ts

@@ -5,12 +5,14 @@ import {
 import { updateIfDefined } from "@cap/database";
 import * as Db from "@cap/database/schema";
 import { serverEnv } from "@cap/env";
+import { HttpApiError } from "@effect/platform";
 import {
 	AwsCredentials,
 	Database,
 	provideOptionalAuth,
 	S3Buckets,
 	Videos,
+	VideosRepo,
 } from "@cap/web-backend";
 import { CurrentUser, Video } from "@cap/web-domain";
 import { zValidator } from "@hono/zod-validator";
@@ -52,11 +54,14 @@ app.post(
 		const videoId = Video.VideoId.make(videoIdRaw);
 
 		const resp = await Effect.gen(function* () {
-			const videos = yield* Videos;
+			const user = yield* CurrentUser;
+			const repo = yield* VideosRepo;
 			const db = yield* Database;
 
-			const video = yield* videos.getByIdForOwner(videoId);
+			const video = yield* repo.getById(videoId);
 			if (Option.isNone(video)) return yield* new Video.NotFoundError();
+			if (video.value[0].ownerId !== user.id)
+				return yield* new HttpApiError.Unauthorized();
 
 			yield* db.use((db) =>
 				db
@@ -71,6 +76,11 @@ app.post(
 				if (e._tag === "VideoNotFoundError")
 					return Effect.succeed<Response>(c.text("Video not found", 404));
 
+				if (e._tag === "Unauthorized")
+					return Effect.succeed<Response>(
+						c.text("User not authenticated", 401),
+					);
+
 				return Effect.succeed<Response>(
 					c.json({ error: "Error initiating multipart upload" }, 500),
 				);
@@ -471,10 +481,6 @@ app.post(
 					);
 				}),
 			);
-		}).pipe(
-			provideOptionalAuth,
-			Effect.provideService(CurrentUser, user),
-			runPromise,
-		);
+		}).pipe(Effect.provideService(CurrentUser, user), runPromise);
 	},
 );

apps/web/lib/server.ts

@@ -14,18 +14,18 @@ import {
 	Videos,
 	VideosPolicy,
 	Workflows,
+	VideosRepo,
 } from "@cap/web-backend";
 import { type HttpAuthMiddleware, Video } from "@cap/web-domain";
 import {
 	FetchHttpClient,
 	Headers,
 	type HttpApi,
 	HttpApiBuilder,
-	HttpApiClient,
 	HttpMiddleware,
 	HttpServer,
 } from "@effect/platform";
-import { RpcClient, RpcMessage, RpcMiddleware } from "@effect/rpc";
+import { RpcClient, RpcMiddleware } from "@effect/rpc";
 import {
 	Cause,
 	Config,
@@ -100,6 +100,7 @@ export const Dependencies = Layer.mergeAll(
 	S3Buckets.Default,
 	Videos.Default,
 	VideosPolicy.Default,
+	VideosRepo.Default,
 	Folders.Default,
 	SpacesPolicy.Default,
 	OrganisationsPolicy.Default,

packages/web-backend/src/index.ts

@@ -11,4 +11,5 @@ export { Spaces } from "./Spaces/index.ts";
 export { SpacesPolicy } from "./Spaces/SpacesPolicy.ts";
 export { Videos } from "./Videos/index.ts";
 export { VideosPolicy } from "./Videos/VideosPolicy.ts";
+export { VideosRepo } from "./Videos/VideosRepo.ts";
 export * as Workflows from "./Workflows.ts";