Merge branch 'main' of git.odit.services:lfk/backend into main
# Conflicts: # src/controllers/TrackController.ts
This commit is contained in:
commit
624ea6ba33
@ -3,11 +3,15 @@ import * as dotenvSafe from "dotenv-safe";
|
|||||||
import { createExpressServer } from "routing-controllers";
|
import { createExpressServer } from "routing-controllers";
|
||||||
import consola from "consola";
|
import consola from "consola";
|
||||||
import loaders from "./loaders/index";
|
import loaders from "./loaders/index";
|
||||||
|
import authchecker from "./authchecker";
|
||||||
|
import { ErrorHandler } from './middlewares/ErrorHandler';
|
||||||
|
|
||||||
dotenvSafe.config();
|
dotenvSafe.config();
|
||||||
const PORT = process.env.APP_PORT || 4010;
|
const PORT = process.env.APP_PORT || 4010;
|
||||||
|
|
||||||
const app = createExpressServer({
|
const app = createExpressServer({
|
||||||
|
authorizationChecker: authchecker,
|
||||||
|
middlewares: [ErrorHandler],
|
||||||
development: process.env.NODE_ENV === "production",
|
development: process.env.NODE_ENV === "production",
|
||||||
cors: true,
|
cors: true,
|
||||||
routePrefix: "/api",
|
routePrefix: "/api",
|
||||||
|
|||||||
51
src/authchecker.ts
Normal file
51
src/authchecker.ts
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
import * as jwt from "jsonwebtoken";
|
||||||
|
import { Action, HttpError } from "routing-controllers";
|
||||||
|
// -----------
|
||||||
|
const sampletoken = jwt.sign({
|
||||||
|
"permissions": {
|
||||||
|
"TRACKS": ["read", "update", "delete", "add"]
|
||||||
|
// "TRACKS": []
|
||||||
|
}
|
||||||
|
}, process.env.JWT_SECRET || "secretjwtsecret")
|
||||||
|
console.log(`sampletoken: ${sampletoken}`);
|
||||||
|
// -----------
|
||||||
|
const authchecker = async (action: Action, permissions: string | string[]) => {
|
||||||
|
let required_permissions = undefined
|
||||||
|
if (typeof permissions === "string") {
|
||||||
|
required_permissions = [permissions]
|
||||||
|
} else {
|
||||||
|
required_permissions = permissions
|
||||||
|
}
|
||||||
|
// const token = action.request.headers["authorization"];
|
||||||
|
const provided_token = action.request.query["auth"];
|
||||||
|
let jwtPayload = undefined
|
||||||
|
try {
|
||||||
|
jwtPayload = <any>jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret");
|
||||||
|
} catch (error) {
|
||||||
|
throw new HttpError(401, "jwt_illegal")
|
||||||
|
}
|
||||||
|
if (jwtPayload.permissions) {
|
||||||
|
action.response.local = {}
|
||||||
|
action.response.local.jwtPayload = jwtPayload.permissions
|
||||||
|
required_permissions.forEach(r => {
|
||||||
|
const permission_key = r.split(":")[0]
|
||||||
|
const actual_accesslevel_for_permission = jwtPayload.permissions[permission_key]
|
||||||
|
const permission_access_level = r.split(":")[1]
|
||||||
|
if (actual_accesslevel_for_permission.includes(permission_access_level)) {
|
||||||
|
return true;
|
||||||
|
} else {
|
||||||
|
throw new HttpError(403, "no")
|
||||||
|
}
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
throw new HttpError(403, "no")
|
||||||
|
}
|
||||||
|
//
|
||||||
|
try {
|
||||||
|
jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret");
|
||||||
|
return true
|
||||||
|
} catch (error) {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
export default authchecker
|
||||||
@ -1,90 +1,91 @@
|
|||||||
import { JsonController, Param, Body, Get, Post, Put, Delete, OnUndefined, NotAcceptableError } from 'routing-controllers';
|
import { JsonController, Param, Body, Get, Post, Put, Delete, NotFoundError, OnUndefined, NotAcceptableError, Authorized } from 'routing-controllers';
|
||||||
import { getConnectionManager, Repository } from 'typeorm';
|
import { getConnectionManager, Repository } from 'typeorm';
|
||||||
import { EntityFromBody } from 'typeorm-routing-controllers-extensions';
|
import { EntityFromBody } from 'typeorm-routing-controllers-extensions';
|
||||||
import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
|
import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
|
||||||
import { Track } from '../models/Track';
|
import { Track } from '../models/Track';
|
||||||
import { IsInt, IsNotEmpty, IsPositive, IsString } from 'class-validator';
|
import { IsInt, IsNotEmpty, IsPositive, IsString } from 'class-validator';
|
||||||
import {TrackIdChangeNotAllowedError, TrackNotFoundError} from "../errors/TrackErrors";
|
import {TrackIdChangeNotAllowedError, TrackNotFoundError} from "../errors/TrackErrors";
|
||||||
|
|
||||||
class CreateTrack {
|
class CreateTrack {
|
||||||
@IsString()
|
@IsString()
|
||||||
@IsNotEmpty()
|
@IsNotEmpty()
|
||||||
name: string;
|
name: string;
|
||||||
|
|
||||||
@IsInt()
|
@IsInt()
|
||||||
@IsPositive()
|
@IsPositive()
|
||||||
length: number;
|
length: number;
|
||||||
}
|
}
|
||||||
|
|
||||||
@JsonController('/tracks')
|
@JsonController('/tracks')
|
||||||
export class TrackController {
|
@Authorized("TRACKS:read")
|
||||||
private trackRepository: Repository<Track>;
|
export class TrackController {
|
||||||
|
private trackRepository: Repository<Track>;
|
||||||
/**
|
|
||||||
* Gets the repository of this controller's model/entity.
|
/**
|
||||||
*/
|
* Gets the repository of this controller's model/entity.
|
||||||
constructor() {
|
*/
|
||||||
this.trackRepository = getConnectionManager().get().getRepository(Track);
|
constructor() {
|
||||||
}
|
this.trackRepository = getConnectionManager().get().getRepository(Track);
|
||||||
|
}
|
||||||
@Get()
|
|
||||||
@ResponseSchema(Track, { isArray: true })
|
@Get()
|
||||||
@OpenAPI({description: "Lists all tracks."})
|
@ResponseSchema(Track, { isArray: true })
|
||||||
getAll() {
|
@OpenAPI({ description: "Lists all tracks." })
|
||||||
return this.trackRepository.find();
|
getAll() {
|
||||||
}
|
return this.trackRepository.find();
|
||||||
|
}
|
||||||
@Get('/:id')
|
|
||||||
@ResponseSchema(Track)
|
@Get('/:id')
|
||||||
@ResponseSchema(TrackNotFoundError, {statusCode: 404})
|
@ResponseSchema(Track)
|
||||||
@OnUndefined(TrackNotFoundError)
|
@ResponseSchema(TrackNotFoundError, {statusCode: 404})
|
||||||
@OpenAPI({description: "Returns a track of a specified id (if it exists)"})
|
@OnUndefined(TrackNotFoundError)
|
||||||
getOne(@Param('id') id: number) {
|
@OpenAPI({ description: "Returns a track of a specified id (if it exists)" })
|
||||||
return this.trackRepository.findOne({ id: id });
|
getOne(@Param('id') id: number) {
|
||||||
}
|
return this.trackRepository.findOne({ id: id });
|
||||||
|
}
|
||||||
@Post()
|
|
||||||
@ResponseSchema(Track)
|
@Post()
|
||||||
@OpenAPI({description: "Create a new track object (id will be generated automagicly)."})
|
@ResponseSchema(Track)
|
||||||
post(
|
@OpenAPI({ description: "Create a new track object (id will be generated automagicly)." })
|
||||||
@Body({ validate: true })
|
post(
|
||||||
track: CreateTrack
|
@Body({ validate: true })
|
||||||
) {
|
track: CreateTrack
|
||||||
return this.trackRepository.save(track);
|
) {
|
||||||
}
|
return this.trackRepository.save(track);
|
||||||
|
}
|
||||||
@Put('/:id')
|
|
||||||
@ResponseSchema(Track)
|
@Put('/:id')
|
||||||
@ResponseSchema(TrackNotFoundError, {statusCode: 404})
|
@ResponseSchema(Track)
|
||||||
@ResponseSchema(TrackIdChangeNotAllowedError, {statusCode: 406})
|
@ResponseSchema(TrackNotFoundError, {statusCode: 404})
|
||||||
@OpenAPI({description: "Update a track object (id can't be changed)."})
|
@ResponseSchema(TrackIdChangeNotAllowedError, {statusCode: 406})
|
||||||
async put(@Param('id') id: number, @EntityFromBody() track: Track) {
|
@OpenAPI({description: "Update a track object (id can't be changed)."})
|
||||||
let oldTrack = await this.trackRepository.findOne({ id: id });
|
async put(@Param('id') id: number, @EntityFromBody() track: Track) {
|
||||||
|
let oldTrack = await this.trackRepository.findOne({ id: id });
|
||||||
if (!oldTrack) {
|
|
||||||
throw new TrackNotFoundError();
|
if (!oldTrack) {
|
||||||
}
|
throw new TrackNotFoundError();
|
||||||
|
}
|
||||||
if(oldTrack.id != track.id){
|
|
||||||
throw new TrackIdChangeNotAllowedError();
|
if(oldTrack.id != track.id){
|
||||||
}
|
throw new TrackIdChangeNotAllowedError();
|
||||||
|
}
|
||||||
await this.trackRepository.update(oldTrack, track);
|
|
||||||
return track;
|
await this.trackRepository.update(oldTrack, track);
|
||||||
}
|
return track;
|
||||||
|
}
|
||||||
@Delete('/:id')
|
|
||||||
@ResponseSchema(Track)
|
@Delete('/:id')
|
||||||
@ResponseSchema(TrackNotFoundError, {statusCode: 404})
|
@ResponseSchema(Track)
|
||||||
@OpenAPI({description: "Delete a specified track (if it exists)."})
|
@ResponseSchema(TrackNotFoundError, {statusCode: 404})
|
||||||
async remove(@Param('id') id: number) {
|
@OpenAPI({description: "Delete a specified track (if it exists)."})
|
||||||
let track = await this.trackRepository.findOne({ id: id });
|
async remove(@Param('id') id: number) {
|
||||||
|
let track = await this.trackRepository.findOne({ id: id });
|
||||||
if (!track) {
|
|
||||||
throw new TrackNotFoundError();
|
if (!track) {
|
||||||
}
|
throw new TrackNotFoundError();
|
||||||
|
}
|
||||||
await this.trackRepository.delete(track);
|
|
||||||
return track;
|
await this.trackRepository.delete(track);
|
||||||
}
|
return track;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|||||||
20
src/middlewares/ErrorHandler.ts
Normal file
20
src/middlewares/ErrorHandler.ts
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
import {
|
||||||
|
Middleware,
|
||||||
|
ExpressErrorMiddlewareInterface
|
||||||
|
} from "routing-controllers";
|
||||||
|
|
||||||
|
@Middleware({ type: "after" })
|
||||||
|
export class ErrorHandler implements ExpressErrorMiddlewareInterface {
|
||||||
|
public error(
|
||||||
|
error: any,
|
||||||
|
request: any,
|
||||||
|
response: any,
|
||||||
|
next: (err: any) => any
|
||||||
|
) {
|
||||||
|
if (response.headersSent) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
response.json(error);
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
x
Reference in New Issue
Block a user