fixed auth parsing

ref #6

src/app.ts

@@ -4,12 +4,14 @@ import { createExpressServer } from "routing-controllers";
 import consola from "consola";
 import loaders from "./loaders/index";
 import authchecker from "./authchecker";
+import { ErrorHandler } from './middlewares/ErrorHandler';
 // 
 dotenvSafe.config();
 const PORT = process.env.APP_PORT || 4010;
 
 const app = createExpressServer({
     authorizationChecker: authchecker,
+    middlewares: [ErrorHandler],
     development: false,
     controllers: [`${__dirname}/controllers/*.ts`],
 });

src/authchecker.ts

@@ -3,8 +3,8 @@ import { Action, HttpError } from "routing-controllers";
 // -----------
 const sampletoken = jwt.sign({
     "permissions": {
-        // "TRACKS": ["read", "update", "delete", "add"]
+        "TRACKS": ["read", "update", "delete", "add"]
-        "TRACKS": []
+        // "TRACKS": []
     }
 }, process.env.JWT_SECRET || "secretjwtsecret")
 console.log(`sampletoken: ${sampletoken}`);
@@ -18,36 +18,27 @@ const authchecker = async (action: Action, permissions: string | string[]) => {
     }
     // const token = action.request.headers["authorization"];
     const provided_token = action.request.query["auth"];
+    let jwtPayload = undefined
     try {
-        const jwtPayload = <any>jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret");
+        jwtPayload = <any>jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret");
+    } catch (error) {
+        throw new HttpError(401, "jwt_illegal")
+    }
     if (jwtPayload.permissions) {
         action.response.local = {}
         action.response.local.jwtPayload = jwtPayload.permissions
         required_permissions.forEach(r => {
             const permission_key = r.split(":")[0]
             const actual_accesslevel_for_permission = jwtPayload.permissions[permission_key]
-                console.log(actual_accesslevel_for_permission);
             const permission_access_level = r.split(":")[1]
-                console.log(permission_key);
-                console.log(permission_access_level);
-                // console.log(permission_key);
-                // console.log(permission_access_level);
             if (actual_accesslevel_for_permission.includes(permission_access_level)) {
                 return true;
             } else {
-                    // TODO: throw/return proper HttpError
                 throw new HttpError(403, "no")
-                    return false;
             }
         });
     } else {
-            // TODO: throw/return proper HttpError
+        throw new HttpError(403, "no")
-            return false;
-        }
-    } catch (error) {
-        console.log(error);
-        // throw new HttpError(401, "jwt_illegal")
-        return false
     }
     return true;
 }

src/middlewares/ErrorHandler.ts

@@ -0,0 +1,20 @@
+import {
+    Middleware,
+    ExpressErrorMiddlewareInterface
+} from "routing-controllers";
+
+@Middleware({ type: "after" })
+export class ErrorHandler implements ExpressErrorMiddlewareInterface {
+    public error(
+        error: any,
+        request: any,
+        response: any,
+        next: (err: any) => any
+    ) {
+        if (response.headersSent) {
+            return;
+        }
+
+        response.json(error);
+    }
+}