Merge branch 'main' of git.odit.services:lfk/backend into main

# Conflicts: # src/controllers/TrackController.ts
2020-11-27 21:38:47 +01:00 · 2020-11-27 21:38:47 +01:00 · 624ea6ba33
commit 624ea6ba33
parent 01542ae6a8 d85c126c27
4 changed files with 166 additions and 90 deletions
--- a/src/app.ts
+++ b/src/app.ts
@ -3,11 +3,15 @@ import * as dotenvSafe from "dotenv-safe";
 import { createExpressServer } from "routing-controllers";
 import consola from "consola";
 import loaders from "./loaders/index";
+import authchecker from "./authchecker";
+import { ErrorHandler } from './middlewares/ErrorHandler';

 dotenvSafe.config();
 const PORT = process.env.APP_PORT || 4010;

 const app = createExpressServer({
+  authorizationChecker: authchecker,
+  middlewares: [ErrorHandler],
  development: process.env.NODE_ENV === "production",
  cors: true,
  routePrefix: "/api",
--- a/src/authchecker.ts
+++ b/src/authchecker.ts
@ -0,0 +1,51 @@
+import * as jwt from "jsonwebtoken";
+import { Action, HttpError } from "routing-controllers";
+// -----------
+const sampletoken = jwt.sign({
+    "permissions": {
+        "TRACKS": ["read", "update", "delete", "add"]
+        // "TRACKS": []
+    }
+}, process.env.JWT_SECRET || "secretjwtsecret")
+console.log(`sampletoken: ${sampletoken}`);
+// -----------
+const authchecker = async (action: Action, permissions: string | string[]) => {
+    let required_permissions = undefined
+    if (typeof permissions === "string") {
+        required_permissions = [permissions]
+    } else {
+        required_permissions = permissions
+    }
+    // const token = action.request.headers["authorization"];
+    const provided_token = action.request.query["auth"];
+    let jwtPayload = undefined
+    try {
+        jwtPayload = <any>jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret");
+    } catch (error) {
+        throw new HttpError(401, "jwt_illegal")
+    }
+    if (jwtPayload.permissions) {
+        action.response.local = {}
+        action.response.local.jwtPayload = jwtPayload.permissions
+        required_permissions.forEach(r => {
+            const permission_key = r.split(":")[0]
+            const actual_accesslevel_for_permission = jwtPayload.permissions[permission_key]
+            const permission_access_level = r.split(":")[1]
+            if (actual_accesslevel_for_permission.includes(permission_access_level)) {
+                return true;
+            } else {
+                throw new HttpError(403, "no")
+            }
+        });
+    } else {
+        throw new HttpError(403, "no")
+    }
+    // 
+    try {
+        jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret");
+        return true
+    } catch (error) {
+        return false
+    }
+}
+export default authchecker
--- a/src/controllers/TrackController.ts
+++ b/src/controllers/TrackController.ts
@ -1,4 +1,4 @@
-import { JsonController, Param, Body, Get, Post, Put, Delete, OnUndefined, NotAcceptableError } from 'routing-controllers';
+import { JsonController, Param, Body, Get, Post, Put, Delete, NotFoundError, OnUndefined, NotAcceptableError, Authorized } from 'routing-controllers';
 import { getConnectionManager, Repository } from 'typeorm';
 import { EntityFromBody } from 'typeorm-routing-controllers-extensions';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
@ -17,6 +17,7 @@ class CreateTrack {
 }

@JsonController('/tracks')
+@Authorized("TRACKS:read")
 export class TrackController {
 	private trackRepository: Repository<Track>;

@ -29,7 +30,7 @@ export class TrackController {

 	@Get()
 	@ResponseSchema(Track, { isArray: true })
-	@OpenAPI({description: "Lists all tracks."})
+	@OpenAPI({ description: "Lists all tracks." })
 	getAll() {
 		return this.trackRepository.find();
 	}
@ -38,14 +39,14 @@ export class TrackController {
 	@ResponseSchema(Track)
 	@ResponseSchema(TrackNotFoundError, {statusCode: 404})
 	@OnUndefined(TrackNotFoundError)
-	@OpenAPI({description: "Returns a track of a specified id (if it exists)"})
+	@OpenAPI({ description: "Returns a track of a specified id (if it exists)" })
 	getOne(@Param('id') id: number) {
 		return this.trackRepository.findOne({ id: id });
 	}

 	@Post()
 	@ResponseSchema(Track)
-	@OpenAPI({description: "Create a new track object (id will be generated automagicly)."})
+	@OpenAPI({ description: "Create a new track object (id will be generated automagicly)." })
 	post(
 		@Body({ validate: true })
 		track: CreateTrack
--- a/src/middlewares/ErrorHandler.ts
+++ b/src/middlewares/ErrorHandler.ts
@ -0,0 +1,20 @@
+import {
+    Middleware,
+    ExpressErrorMiddlewareInterface
+} from "routing-controllers";
+
+@Middleware({ type: "after" })
+export class ErrorHandler implements ExpressErrorMiddlewareInterface {
+    public error(
+        error: any,
+        request: any,
+        response: any,
+        next: (err: any) => any
+    ) {
+        if (response.headersSent) {
+            return;
+        }
+
+        response.json(error);
+    }
+}