fixed auth parsing

ref #6

src/app.ts

@@ -4,12 +4,14 @@ import { createExpressServer } from "routing-controllers";
 import consola from "consola";
 import loaders from "./loaders/index";
 import authchecker from "./authchecker";
+import { ErrorHandler } from './middlewares/ErrorHandler';
 // 
 dotenvSafe.config();
 const PORT = process.env.APP_PORT || 4010;
 
 const app = createExpressServer({
     authorizationChecker: authchecker,
+    middlewares: [ErrorHandler],
     development: false,
     controllers: [`${__dirname}/controllers/*.ts`],
 });

src/authchecker.ts

@@ -3,8 +3,8 @@ import { Action, HttpError } from "routing-controllers";
 // -----------
 const sampletoken = jwt.sign({
     "permissions": {
-        // "TRACKS": ["read", "update", "delete", "add"]
-        "TRACKS": []
+        "TRACKS": ["read", "update", "delete", "add"]
+        // "TRACKS": []
     }
 }, process.env.JWT_SECRET || "secretjwtsecret")
 console.log(`sampletoken: ${sampletoken}`);
@@ -18,36 +18,27 @@ const authchecker = async (action: Action, permissions: string | string[]) => {
     }
     // const token = action.request.headers["authorization"];
     const provided_token = action.request.query["auth"];
+    let jwtPayload = undefined
     try {
-        const jwtPayload = <any>jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret");
-        if (jwtPayload.permissions) {
-            action.response.local = {}
-            action.response.local.jwtPayload = jwtPayload.permissions
-            required_permissions.forEach(r => {
-                const permission_key = r.split(":")[0]
-                const actual_accesslevel_for_permission = jwtPayload.permissions[permission_key]
-                console.log(actual_accesslevel_for_permission);
-                const permission_access_level = r.split(":")[1]
-                console.log(permission_key);
-                console.log(permission_access_level);
-                // console.log(permission_key);
-                // console.log(permission_access_level);
-                if (actual_accesslevel_for_permission.includes(permission_access_level)) {
-                    return true;
-                } else {
-                    // TODO: throw/return proper HttpError
-                    throw new HttpError(403, "no")
-                    return false;
-                }
-            });
-        } else {
-            // TODO: throw/return proper HttpError
-            return false;
-        }
+        jwtPayload = <any>jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret");
     } catch (error) {
-        console.log(error);
-        // throw new HttpError(401, "jwt_illegal")
-        return false
+        throw new HttpError(401, "jwt_illegal")
+    }
+    if (jwtPayload.permissions) {
+        action.response.local = {}
+        action.response.local.jwtPayload = jwtPayload.permissions
+        required_permissions.forEach(r => {
+            const permission_key = r.split(":")[0]
+            const actual_accesslevel_for_permission = jwtPayload.permissions[permission_key]
+            const permission_access_level = r.split(":")[1]
+            if (actual_accesslevel_for_permission.includes(permission_access_level)) {
+                return true;
+            } else {
+                throw new HttpError(403, "no")
+            }
+        });
+    } else {
+        throw new HttpError(403, "no")
     }
     return true;
 }

src/middlewares/ErrorHandler.ts

@@ -0,0 +1,20 @@
+import {
+    Middleware,
+    ExpressErrorMiddlewareInterface
+} from "routing-controllers";
+
+@Middleware({ type: "after" })
+export class ErrorHandler implements ExpressErrorMiddlewareInterface {
+    public error(
+        error: any,
+        request: any,
+        response: any,
+        next: (err: any) => any
+    ) {
+        if (response.headersSent) {
+            return;
+        }
+
+        response.json(error);
+    }
+}