feat: restrict access to private packages based on user session (#1170)

* feat: restrict access to private packages based on user session

* feat: enhance private package access control with NotFound page redirection

* fix

* wtf

* fkd

* final try

* chore

Author: ArnavK-09

fake-snippets-api/routes/api/packages/get.ts

@@ -34,6 +34,18 @@ export default withRouteSpec({
     })
   }
 
+  if (
+    foundPackage.is_private &&
+    auth?.github_username !== foundPackage.owner_github_username
+  ) {
+    return ctx.error(404, {
+      error_code: "package_not_found",
+      message: `Package not found (searched using ${JSON.stringify(
+        req.commonParams,
+      )})`,
+    })
+  }
+
   return ctx.json({
     ok: true,
     package: {

src/pages/package-editor.tsx

@@ -10,13 +10,14 @@ import { useGetFsMapHashForPackage } from "@/hooks/use-get-fsmap-hash-for-packag
 
 export const EditorPage = () => {
   const { packageId } = useCurrentPackageId()
-  const { data: pkg, isLoading, error } = usePackage(packageId)
+  const { data: pkg, error } = usePackage(packageId)
   const fsMapHash = useGetFsMapHashForPackage(
     pkg?.latest_package_release_id ?? "",
   )
   const uuid4RegExp = new RegExp(
     /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$/,
   )
+
   return (
     <div className="overflow-x-hidden">
       <Helmet>

src/pages/view-package.tsx

@@ -1,18 +1,22 @@
 import RepoPageContent from "@/components/ViewPackagePage/components/repo-page-content"
-import { useCurrentPackageInfo } from "@/hooks/use-current-package-info"
 import { usePackageFiles } from "@/hooks/use-package-files"
 import { usePackageRelease } from "@/hooks/use-package-release"
 import { useLocation, useParams } from "wouter"
 import { Helmet } from "react-helmet-async"
 import { useEffect, useState } from "react"
 import NotFoundPage from "./404"
+import { useCurrentPackageId } from "@/hooks/use-current-package-id"
+import { usePackage } from "@/hooks/use-package"
 
 export const ViewPackagePage = () => {
-  const { packageInfo } = useCurrentPackageInfo()
+  const {
+    packageId,
+    error: packageIdError,
+    isLoading: isLoadingPackageId,
+  } = useCurrentPackageId()
+  const { data: packageInfo } = usePackage(packageId)
   const { author, packageName } = useParams()
   const [, setLocation] = useLocation()
-  const [isNotFound, setIsNotFound] = useState(false)
-
   const {
     data: packageRelease,
     error: packageReleaseError,
@@ -25,14 +29,12 @@ export const ViewPackagePage = () => {
   const { data: packageFiles } = usePackageFiles(
     packageRelease?.package_release_id,
   )
-  useEffect(() => {
-    if (isLoadingPackageRelease) return
-    if (packageReleaseError?.status == 404) {
-      setIsNotFound(true)
-    }
-  }, [isLoadingPackageRelease, packageReleaseError])
 
-  if (isNotFound) {
+  if (!isLoadingPackageId && packageIdError) {
+    return <NotFoundPage heading="Package Not Found" />
+  }
+
+  if (!isLoadingPackageRelease && packageReleaseError?.status == 404) {
     return <NotFoundPage heading="Package Not Found" />
   }