Cleaned up the auth checker a little bit

2020-12-18 17:11:44 +01:00 · 2020-12-18 17:11:44 +01:00 · b9e91502cd
parent 9dc336f0bb
commit b9e91502cd
1 changed files with 12 additions and 26 deletions
--- a/src/authchecker.ts
+++ b/src/authchecker.ts
@ -4,43 +4,29 @@ import { getConnectionManager } from 'typeorm';
 import { config } from './config';
 import { IllegalJWTError, NoPermissionError, UserNonexistantOrRefreshtokenInvalidError } from './errors/AuthError';
 import { User } from './models/entities/User';
-// -----------
-const authchecker = async (action: Action, permissions: string | string[]) => {
-    let required_permissions = undefined
+
+const authchecker = async (action: Action, permissions: string[] | string) => {
+    let required_permissions = undefined;
    if (typeof permissions === "string") {
        required_permissions = [permissions]
    } else {
        required_permissions = permissions
    }
-    // const token = action.request.headers["authorization"];
-    const provided_token = action.request.query["auth"];
+
+    const provided_token = action.request.headers["authorization"].replace("Bearer ", "");
    let jwtPayload = undefined
    try {
        jwtPayload = <any>jwt.verify(provided_token, config.jwt_secret);
    } catch (error) {
        throw new IllegalJWTError()
    }
-    const count = await getConnectionManager().get().getRepository(User).count({ id: jwtPayload["userdetails"]["id"], refreshTokenCount: jwtPayload["userdetails"]["refreshTokenCount"] })
-    if (count !== 1) {
-        throw new UserNonexistantOrRefreshtokenInvalidError()
-    }
-    if (jwtPayload.permissions) {
-        action.response.local = {}
-        action.response.local.jwtPayload = jwtPayload.permissions
-        required_permissions.forEach(r => {
-            const permission_key = r.split(":")[0]
-            const actual_accesslevel_for_permission = jwtPayload.permissions[permission_key]
-            const permission_access_level = r.split(":")[1]
-            if (actual_accesslevel_for_permission.includes(permission_access_level)) {
-                return true;
-            } else {
-                throw new NoPermissionError()
-            }
-        });
-    } else {
-        throw new NoPermissionError()
-    }
-    // 
+    const user = await getConnectionManager().get().getRepository(User).findOne({ id: jwtPayload["userdetails"]["id"], refreshTokenCount: jwtPayload["userdetails"]["refreshTokenCount"] }, { relations: ['permissions'] })
+    if (!user) { throw new UserNonexistantOrRefreshtokenInvalidError() }
+    if (!jwtPayload.permissions) { throw new NoPermissionError(); }
+
+    action.response.local = {}
+    action.response.local.jwtPayload = jwtPayload.permissions
+    //TODO: Check Permissions
    try {
        jwt.verify(provided_token, config.jwt_secret);
        return true