From fa2b610ea6f3e4fc3d6481ed5f5c2090478adbd4 Mon Sep 17 00:00:00 2001
From: Jorrin <jorrinkievit@hotmail.com>
Date: Sun, 14 Jan 2024 22:33:46 +0100
Subject: [PATCH] fix permission check on domain level

---
 src/backend/extension/messaging.ts  |  6 ++----
 src/pages/parts/player/MetaPart.tsx | 10 ++++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/backend/extension/messaging.ts b/src/backend/extension/messaging.ts
index 2e2747c1..b738184a 100644
--- a/src/backend/extension/messaging.ts
+++ b/src/backend/extension/messaging.ts
@@ -10,7 +10,7 @@ let activeExtension = false;
 
 function sendMessage<MessageKey extends keyof MessagesMetadata>(
   message: MessageKey,
-  payload: MessagesMetadata[MessageKey]["req"],
+  payload: MessagesMetadata[MessageKey]["req"] | undefined = undefined,
   timeout: number = -1,
 ) {
   return new Promise<MessagesMetadata[MessageKey]["res"] | null>((resolve) => {
@@ -54,9 +54,7 @@ export async function sendPage(
 export async function extensionInfo(): Promise<
   MessagesMetadata["hello"]["res"] | null
 > {
-  const message = await sendMessage("hello", {}, 300);
-  if (!message?.success) return null;
-  if (!message.allowed) return null;
+  const message = await sendMessage("hello", undefined, 300);
   return message;
 }
 
diff --git a/src/pages/parts/player/MetaPart.tsx b/src/pages/parts/player/MetaPart.tsx
index fb40379a..1e18b6d1 100644
--- a/src/pages/parts/player/MetaPart.tsx
+++ b/src/pages/parts/player/MetaPart.tsx
@@ -45,15 +45,17 @@ export function MetaPart(props: MetaPartProps) {
 
   const { error, value, loading } = useAsync(async () => {
     const info = await extensionInfo();
-    const isAllowed = info?.success && isAllowedExtensionVersion(info.version);
+    const isValidExtension =
+      info?.success && isAllowedExtensionVersion(info.version);
 
-    if (isAllowed) {
-      if (!info.hasPermission) throw new Error("extension-no-permission");
+    if (isValidExtension) {
+      if (!info.allowed || !info.hasPermission)
+        throw new Error("extension-no-permission");
     }
 
     // use api metadata or providers metadata
     const providerApiUrl = getLoadbalancedProviderApiUrl();
-    if (providerApiUrl && !isAllowed) {
+    if (providerApiUrl && !isValidExtension) {
       try {
         await fetchMetadata(providerApiUrl);
       } catch (err) {