Cleaned up the auth checker a little bit
This commit is contained in:
parent
9dc336f0bb
commit
b9e91502cd
|
|
@ -4,43 +4,29 @@ import { getConnectionManager } from 'typeorm';
|
||||||
import { config } from './config';
|
import { config } from './config';
|
||||||
import { IllegalJWTError, NoPermissionError, UserNonexistantOrRefreshtokenInvalidError } from './errors/AuthError';
|
import { IllegalJWTError, NoPermissionError, UserNonexistantOrRefreshtokenInvalidError } from './errors/AuthError';
|
||||||
import { User } from './models/entities/User';
|
import { User } from './models/entities/User';
|
||||||
// -----------
|
|
||||||
const authchecker = async (action: Action, permissions: string | string[]) => {
|
const authchecker = async (action: Action, permissions: string[] | string) => {
|
||||||
let required_permissions = undefined
|
let required_permissions = undefined;
|
||||||
if (typeof permissions === "string") {
|
if (typeof permissions === "string") {
|
||||||
required_permissions = [permissions]
|
required_permissions = [permissions]
|
||||||
} else {
|
} else {
|
||||||
required_permissions = permissions
|
required_permissions = permissions
|
||||||
}
|
}
|
||||||
// const token = action.request.headers["authorization"];
|
|
||||||
const provided_token = action.request.query["auth"];
|
const provided_token = action.request.headers["authorization"].replace("Bearer ", "");
|
||||||
let jwtPayload = undefined
|
let jwtPayload = undefined
|
||||||
try {
|
try {
|
||||||
jwtPayload = <any>jwt.verify(provided_token, config.jwt_secret);
|
jwtPayload = <any>jwt.verify(provided_token, config.jwt_secret);
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
throw new IllegalJWTError()
|
throw new IllegalJWTError()
|
||||||
}
|
}
|
||||||
const count = await getConnectionManager().get().getRepository(User).count({ id: jwtPayload["userdetails"]["id"], refreshTokenCount: jwtPayload["userdetails"]["refreshTokenCount"] })
|
const user = await getConnectionManager().get().getRepository(User).findOne({ id: jwtPayload["userdetails"]["id"], refreshTokenCount: jwtPayload["userdetails"]["refreshTokenCount"] }, { relations: ['permissions'] })
|
||||||
if (count !== 1) {
|
if (!user) { throw new UserNonexistantOrRefreshtokenInvalidError() }
|
||||||
throw new UserNonexistantOrRefreshtokenInvalidError()
|
if (!jwtPayload.permissions) { throw new NoPermissionError(); }
|
||||||
}
|
|
||||||
if (jwtPayload.permissions) {
|
action.response.local = {}
|
||||||
action.response.local = {}
|
action.response.local.jwtPayload = jwtPayload.permissions
|
||||||
action.response.local.jwtPayload = jwtPayload.permissions
|
//TODO: Check Permissions
|
||||||
required_permissions.forEach(r => {
|
|
||||||
const permission_key = r.split(":")[0]
|
|
||||||
const actual_accesslevel_for_permission = jwtPayload.permissions[permission_key]
|
|
||||||
const permission_access_level = r.split(":")[1]
|
|
||||||
if (actual_accesslevel_for_permission.includes(permission_access_level)) {
|
|
||||||
return true;
|
|
||||||
} else {
|
|
||||||
throw new NoPermissionError()
|
|
||||||
}
|
|
||||||
});
|
|
||||||
} else {
|
|
||||||
throw new NoPermissionError()
|
|
||||||
}
|
|
||||||
//
|
|
||||||
try {
|
try {
|
||||||
jwt.verify(provided_token, config.jwt_secret);
|
jwt.verify(provided_token, config.jwt_secret);
|
||||||
return true
|
return true
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue