env + perms + tools
This commit is contained in:
@ -2,7 +2,6 @@ import { ErrorRequestHandler, Request, RequestHandler } from 'express';
|
||||
import { randomUUID } from 'crypto';
|
||||
import { validationResult } from 'express-validator';
|
||||
import { UserInfo, UserRoles } from '@core';
|
||||
import permissions from './permissions';
|
||||
|
||||
declare module 'express-session' {
|
||||
interface SessionData {
|
||||
@ -21,62 +20,42 @@ export function RequestId(): RequestHandler {
|
||||
};
|
||||
}
|
||||
|
||||
export function checkPermissions(): RequestHandler {
|
||||
const getRoute = (url: string): string => {
|
||||
for (const route in permissions) {
|
||||
if (url.startsWith(route)) return route;
|
||||
}
|
||||
return '';
|
||||
};
|
||||
|
||||
const canAccess = (req: Request): boolean => {
|
||||
const user = req.session.user;
|
||||
if (!user) return false;
|
||||
|
||||
//Logout
|
||||
if (req.url === '/user/logout') {
|
||||
return true;
|
||||
}
|
||||
|
||||
//User Imself
|
||||
if (req.params.uuid === user.uuid) {
|
||||
return true;
|
||||
}
|
||||
export function CheckPermissions(): RequestHandler {
|
||||
function getResourceId(req: Request): string | null {
|
||||
console.log(req.url);
|
||||
if (req.params.uuid) return req.params.uuid;
|
||||
if (req.body.uuid) return req.body.uuid;
|
||||
return null;
|
||||
}
|
||||
|
||||
function canAccessRessource(user: UserInfo, uuid: string): boolean {
|
||||
if (user.uuid === uuid) return true;
|
||||
return false;
|
||||
};
|
||||
}
|
||||
|
||||
return (req, res, next) => {
|
||||
const route = getRoute(req.url);
|
||||
console.log(canAccess(req));
|
||||
console.log(route);
|
||||
|
||||
if (!req.session.user && req.url === '/user/login') {
|
||||
next();
|
||||
return;
|
||||
}
|
||||
|
||||
if (!req.session.user) {
|
||||
next({ status: 401, messsage: 'Unauthorized' });
|
||||
return;
|
||||
}
|
||||
|
||||
if (
|
||||
!(route in permissions) ||
|
||||
(req.session.user.role !== permissions[route] &&
|
||||
req.session.user.role !== UserRoles.ADMIN) ||
|
||||
(!canAccess(req) && req.session.user.role !== UserRoles.ADMIN)
|
||||
) {
|
||||
next({ status: 401, messsage: 'Unauthorized' });
|
||||
if (req.session.user.role === UserRoles.ADMIN) {
|
||||
next();
|
||||
return;
|
||||
}
|
||||
|
||||
if (
|
||||
req.session.user.role === UserRoles.ADMIN ||
|
||||
(req.session.user.role === permissions[route] && canAccess(req))
|
||||
) {
|
||||
const ressourceId = getResourceId(req);
|
||||
console.log(ressourceId);
|
||||
if (!ressourceId) {
|
||||
next({ status: 403, messsage: 'Forbidden' });
|
||||
return;
|
||||
}
|
||||
if (canAccessRessource(req.session.user, ressourceId)) {
|
||||
next();
|
||||
return;
|
||||
} else {
|
||||
next({ status: 403, messsage: 'Forbidden' });
|
||||
return;
|
||||
}
|
||||
|
||||
next({ status: 401, messsage: 'Unauthorized' });
|
||||
|
||||
Reference in New Issue
Block a user