From 5f4aed2f02b22799d3e043394641bc3ac549caf2 Mon Sep 17 00:00:00 2001 From: Philipp Dormann Date: Fri, 27 Nov 2020 21:16:15 +0100 Subject: [PATCH] fixed auth parsing ref #6 --- src/app.ts | 2 ++ src/authchecker.ts | 51 ++++++++++++++------------------- src/middlewares/ErrorHandler.ts | 20 +++++++++++++ 3 files changed, 43 insertions(+), 30 deletions(-) create mode 100644 src/middlewares/ErrorHandler.ts diff --git a/src/app.ts b/src/app.ts index 16b712e..873ff9f 100644 --- a/src/app.ts +++ b/src/app.ts @@ -4,12 +4,14 @@ import { createExpressServer } from "routing-controllers"; import consola from "consola"; import loaders from "./loaders/index"; import authchecker from "./authchecker"; +import { ErrorHandler } from './middlewares/ErrorHandler'; // dotenvSafe.config(); const PORT = process.env.APP_PORT || 4010; const app = createExpressServer({ authorizationChecker: authchecker, + middlewares: [ErrorHandler], development: false, controllers: [`${__dirname}/controllers/*.ts`], }); diff --git a/src/authchecker.ts b/src/authchecker.ts index c93af9a..0052b68 100644 --- a/src/authchecker.ts +++ b/src/authchecker.ts @@ -3,8 +3,8 @@ import { Action, HttpError } from "routing-controllers"; // ----------- const sampletoken = jwt.sign({ "permissions": { - // "TRACKS": ["read", "update", "delete", "add"] - "TRACKS": [] + "TRACKS": ["read", "update", "delete", "add"] + // "TRACKS": [] } }, process.env.JWT_SECRET || "secretjwtsecret") console.log(`sampletoken: ${sampletoken}`); @@ -18,36 +18,27 @@ const authchecker = async (action: Action, permissions: string | string[]) => { } // const token = action.request.headers["authorization"]; const provided_token = action.request.query["auth"]; + let jwtPayload = undefined try { - const jwtPayload = jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret"); - if (jwtPayload.permissions) { - action.response.local = {} - action.response.local.jwtPayload = jwtPayload.permissions - required_permissions.forEach(r => { - const permission_key = r.split(":")[0] - const actual_accesslevel_for_permission = jwtPayload.permissions[permission_key] - console.log(actual_accesslevel_for_permission); - const permission_access_level = r.split(":")[1] - console.log(permission_key); - console.log(permission_access_level); - // console.log(permission_key); - // console.log(permission_access_level); - if (actual_accesslevel_for_permission.includes(permission_access_level)) { - return true; - } else { - // TODO: throw/return proper HttpError - throw new HttpError(403, "no") - return false; - } - }); - } else { - // TODO: throw/return proper HttpError - return false; - } + jwtPayload = jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret"); } catch (error) { - console.log(error); - // throw new HttpError(401, "jwt_illegal") - return false + throw new HttpError(401, "jwt_illegal") + } + if (jwtPayload.permissions) { + action.response.local = {} + action.response.local.jwtPayload = jwtPayload.permissions + required_permissions.forEach(r => { + const permission_key = r.split(":")[0] + const actual_accesslevel_for_permission = jwtPayload.permissions[permission_key] + const permission_access_level = r.split(":")[1] + if (actual_accesslevel_for_permission.includes(permission_access_level)) { + return true; + } else { + throw new HttpError(403, "no") + } + }); + } else { + throw new HttpError(403, "no") } return true; } diff --git a/src/middlewares/ErrorHandler.ts b/src/middlewares/ErrorHandler.ts new file mode 100644 index 0000000..7f45073 --- /dev/null +++ b/src/middlewares/ErrorHandler.ts @@ -0,0 +1,20 @@ +import { + Middleware, + ExpressErrorMiddlewareInterface +} from "routing-controllers"; + +@Middleware({ type: "after" }) +export class ErrorHandler implements ExpressErrorMiddlewareInterface { + public error( + error: any, + request: any, + response: any, + next: (err: any) => any + ) { + if (response.headersSent) { + return; + } + + response.json(error); + } +}