admin/3dtours
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Lỗi có thể di chuyển tù sharedlink sang public nhưng không có hotspot quay lại

Browse Source
This commit is contained in:
Lộc Phạm
2026-06-11 16:27:37 +07:00
parent be149f26ca
commit 0434837026
7 changed files with 1055 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/routes/hotspotRoutes.js
+34 -2
View File
@@ -2,15 +2,47 @@ const express = require('express');
const router = express.Router();
const Hotspot = require('../models/Hotspot');
const Scene = require('../models/Scene');
const { protect } = require('../middlewares/authMiddleware');
const { protect, optionalAuth } = require('../middlewares/authMiddleware');
const { calculateReverseYaw } = require('../utils/hotspotHelper');
const Tour = require('../models/Tour');
/**
* @route GET /api/hotspots/:scene_id
* @desc Lấy toàn bộ danh sách hotspot của một cảnh
*/
router.get('/:scene_id', async (req, res) => {
router.get('/:scene_id', optionalAuth, async (req, res) => {
try {
// [SECURITY] Kiểm tra quyền xem hotspots dựa trên quyền truy cập cảnh cha
const scene = await Scene.findById(req.params.scene_id).populate('tourId');
if (!scene) return res.status(404).json({ message: 'Scene not found' });
const tour = scene.tourId;
const isOwner = req.user && req.user._id && tour?.createdBy?.toString() === req.user._id.toString();
const isAdmin = req.user && req.user.role === 'admin';
const isSceneTokenValid = scene.shareToken && (!scene.shareTokenExpires || new Date() < scene.shareTokenExpires);
const isTourTokenValid = tour?.shareToken && (!tour.shareTokenExpires || new Date() < tour.shareTokenExpires);
let hasAccess = (tour?.privacy === 'public') || (scene.privacy === 'public') || isOwner || isAdmin ||
(scene.privacy === 'shared' && req.query.token === scene.shareToken && isSceneTokenValid) ||
(tour?.privacy === 'shared' && req.query.token === tour.shareToken && isTourTokenValid) ||
(tour?.privacy === 'member' && req.user && req.user._id && req.user.role !== 'guest');
// Bridge Access cho Hotspots
if (!hasAccess && req.query.token) {
const potentialParents = await Hotspot.find({ target_scene_id: scene._id }).distinct('parent_scene_id');
const authorizedParentExists = await Scene.exists({
_id: { $in: potentialParents },
shareToken: req.query.token,
$or: [{ shareTokenExpires: null }, { shareTokenExpires: { $gt: new Date() } }]
});
if (authorizedParentExists) hasAccess = true;
}
if (!hasAccess) {
console.warn(`[Backend-Hotspots-Denied] Scene: ${req.params.scene_id}`);
return res.status(403).json({ message: 'Bạn không có quyền xem các điểm điều hướng của cảnh này.' });
}
const hotspots = await Hotspot.find({ parent_scene_id: req.params.scene_id })
.populate({
path: 'target_scene_id',