allow downloading job candidate resume by direct link without token

maxceem · maxceem · commit d3ae6671e5c8 · 2021-08-18T11:18:21.000+03:00
diff --git a/src/routes/JobCandidateRoutes.js b/src/routes/JobCandidateRoutes.js
@@ -47,9 +47,13 @@ module.exports = {
   '/jobCandidates/:id/resume': {
     get: {
       controller: 'JobCandidateController',
-      method: 'downloadJobCandidateResume',
-      auth: 'jwt',
-      scopes: [constants.Scopes.READ_JOB_CANDIDATE, constants.Scopes.ALL_JOB_CANDIDATE]
+      method: 'downloadJobCandidateResume'
+      // TODO: we have to protect this endpoint somehow
+      //       but at the moment in the client app we are clicking this link
+      //       as a regular download link and we cannot pass JWT token to it
+      //       how to deal with it?
+      // auth: 'jwt',
+      // scopes: [constants.Scopes.READ_JOB_CANDIDATE, constants.Scopes.ALL_JOB_CANDIDATE]
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -47,9 +47,13 @@ module.exports = {`
`47`	`47`	`'/jobCandidates/:id/resume': {`
`48`	`48`	`get: {`
`49`	`49`	`controller: 'JobCandidateController',`
`50`		`- method: 'downloadJobCandidateResume',`
`51`		`- auth: 'jwt',`
`52`		`- scopes: [constants.Scopes.READ_JOB_CANDIDATE, constants.Scopes.ALL_JOB_CANDIDATE]`
	`50`	`+ method: 'downloadJobCandidateResume'`
	`51`	`+ // TODO: we have to protect this endpoint somehow`
	`52`	`+ // but at the moment in the client app we are clicking this link`
	`53`	`+ // as a regular download link and we cannot pass JWT token to it`
	`54`	`+ // how to deal with it?`
	`55`	`+ // auth: 'jwt',`
	`56`	`+ // scopes: [constants.Scopes.READ_JOB_CANDIDATE, constants.Scopes.ALL_JOB_CANDIDATE]`
`53`	`57`	`}`
`54`	`58`	`}`
`55`	`59`	`}`