sample implementation of authorizationChecker

2020-11-27 19:45:44 +01:00 · 2020-11-27 19:45:44 +01:00 · d5c6c9238f
parent f7d7f5e75f
commit d5c6c9238f
1 changed files with 50 additions and 6 deletions
--- a/src/app.ts
+++ b/src/app.ts
@ -1,22 +1,66 @@
 import "reflect-metadata";
 import * as dotenvSafe from "dotenv-safe";
-import { createExpressServer } from "routing-controllers";
+import { Action, createExpressServer, HttpError } from "routing-controllers";
 import consola from "consola";
 import loaders from "./loaders/index";
-
+// 
+import * as jwt from "jsonwebtoken";
+// 
 dotenvSafe.config();
 const PORT = process.env.APP_PORT || 4010;

+const sampletoken = jwt.sign({
+    "permissions": {
+        "TRACKS": ["read", "update", "delete", "add"]
+    }
+}, process.env.JWT_SECRET || "secretjwtsecret")
+console.log(`sampletoken: ${sampletoken}`);
+
 const app = createExpressServer({
-    controllers: [__dirname + "/controllers/*.ts"],
+    authorizationChecker: async (action: Action, permissions: string | string[]) => {
+        let required_permissions = permissions
+        if (typeof permissions === "string") {
+            required_permissions = [permissions]
+        }
+        // const token = action.request.headers["authorization"];
+        const provided_token = action.request.query["auth"];
+        try {
+            const jwtPayload = <any>jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret");
+            if (jwtPayload.permissions) {
+                action.response.local = {}
+                action.response.local.jwtPayload = jwtPayload.permissions
+                required_permissions.forEach(r => {
+                    const permission_key = r.split(":")[0]
+                    const permission_access_level = r.split(":")[1]
+                    // console.log(permission_key);
+                    // console.log(permission_access_level);
+                    if (jwtPayload.permissions[permission_key].indexOf(r) === 1) {
+                        return true;
+                    } else {
+                        // TODO: throw/return proper HttpError
+                        return false;
+                    }
+                });
+            } else {
+                // TODO: throw/return proper HttpError
+                return false;
+            }
+        } catch (error) {
+            console.log(error);
+            // throw new HttpError(401, "jwt_illegal")
+            return false
+        }
+        return true;
+    },
+    development: false,
+    controllers: [`${__dirname}/controllers/*.ts`],
 });

-async function main() {
+(async () => {
    await loaders(app);
    app.listen(PORT, () => {
        consola.success(
            `⚡️[server]: Server is running at http://localhost:${PORT}`
        );
    });
-}
-main();
+})();