user permissions WIP
This commit is contained in:
@ -1,17 +1,100 @@
|
||||
import { ErrorRequestHandler, Request, RequestHandler } from 'express';
|
||||
import { randomUUID } from 'crypto';
|
||||
import { validationResult } from 'express-validator';
|
||||
import { UserInfo, UserRoles } from '@core';
|
||||
import permissions from './permissions';
|
||||
|
||||
export function getId(req: Request): string {
|
||||
return req.get('request-id') || 'unknown';
|
||||
declare module 'express-session' {
|
||||
interface SessionData {
|
||||
user: UserInfo | null;
|
||||
}
|
||||
}
|
||||
|
||||
export function BeforeEach(): RequestHandler {
|
||||
export function getId(req: Request): string {
|
||||
return req.header('request-id') || 'unknown';
|
||||
}
|
||||
|
||||
export function RequestId(): RequestHandler {
|
||||
return (req, res, next) => {
|
||||
req.headers['request-id'] = randomUUID();
|
||||
next();
|
||||
};
|
||||
}
|
||||
|
||||
export function checkPermissions(): RequestHandler {
|
||||
const getRoute = (url: string): string => {
|
||||
for (const route in permissions) {
|
||||
if (url.startsWith(route)) return route;
|
||||
}
|
||||
return '';
|
||||
};
|
||||
|
||||
const canAccess = (req: Request): boolean => {
|
||||
const user = req.session.user;
|
||||
if (!user) return false;
|
||||
|
||||
//Logout
|
||||
if (req.url === '/user/logout') {
|
||||
return true;
|
||||
}
|
||||
|
||||
//User Imself
|
||||
if (req.params.uuid === user.uuid) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
};
|
||||
|
||||
return (req, res, next) => {
|
||||
const route = getRoute(req.url);
|
||||
console.log(canAccess(req));
|
||||
console.log(route);
|
||||
|
||||
if (!req.session.user && req.url === '/user/login') {
|
||||
next();
|
||||
return;
|
||||
}
|
||||
|
||||
if (!req.session.user) {
|
||||
next({ status: 403, messsage: 'Forbidden' });
|
||||
return;
|
||||
}
|
||||
|
||||
if (
|
||||
!(route in permissions) ||
|
||||
(req.session.user.role !== permissions[route] &&
|
||||
req.session.user.role !== UserRoles.ADMIN) ||
|
||||
(!canAccess(req) && req.session.user.role !== UserRoles.ADMIN)
|
||||
) {
|
||||
next({ status: 403, messsage: 'Forbidden' });
|
||||
return;
|
||||
}
|
||||
|
||||
if (
|
||||
req.session.user.role === UserRoles.ADMIN ||
|
||||
(req.session.user.role === permissions[route] && canAccess(req))
|
||||
) {
|
||||
next();
|
||||
return;
|
||||
}
|
||||
|
||||
next({ status: 403, messsage: 'Forbidden' });
|
||||
};
|
||||
}
|
||||
|
||||
export function SchemaValidator(): RequestHandler {
|
||||
return (req, res, next) => {
|
||||
const error = validationResult(req);
|
||||
error.isEmpty()
|
||||
? next()
|
||||
: next({
|
||||
status: 400,
|
||||
...error,
|
||||
});
|
||||
};
|
||||
}
|
||||
|
||||
export function ErrorHandler(): ErrorRequestHandler {
|
||||
return (error, req, res, next) => {
|
||||
error.status
|
||||
|
||||
Reference in New Issue
Block a user