parent
d5c6c9238f
commit
e29d59ac02
46
src/app.ts
46
src/app.ts
|
@ -3,55 +3,13 @@ import * as dotenvSafe from "dotenv-safe";
|
|||
import { Action, createExpressServer, HttpError } from "routing-controllers";
|
||||
import consola from "consola";
|
||||
import loaders from "./loaders/index";
|
||||
//
|
||||
import * as jwt from "jsonwebtoken";
|
||||
import authchecker from "./authchecker";
|
||||
//
|
||||
dotenvSafe.config();
|
||||
const PORT = process.env.APP_PORT || 4010;
|
||||
|
||||
const sampletoken = jwt.sign({
|
||||
"permissions": {
|
||||
"TRACKS": ["read", "update", "delete", "add"]
|
||||
}
|
||||
}, process.env.JWT_SECRET || "secretjwtsecret")
|
||||
console.log(`sampletoken: ${sampletoken}`);
|
||||
|
||||
const app = createExpressServer({
|
||||
authorizationChecker: async (action: Action, permissions: string | string[]) => {
|
||||
let required_permissions = permissions
|
||||
if (typeof permissions === "string") {
|
||||
required_permissions = [permissions]
|
||||
}
|
||||
// const token = action.request.headers["authorization"];
|
||||
const provided_token = action.request.query["auth"];
|
||||
try {
|
||||
const jwtPayload = <any>jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret");
|
||||
if (jwtPayload.permissions) {
|
||||
action.response.local = {}
|
||||
action.response.local.jwtPayload = jwtPayload.permissions
|
||||
required_permissions.forEach(r => {
|
||||
const permission_key = r.split(":")[0]
|
||||
const permission_access_level = r.split(":")[1]
|
||||
// console.log(permission_key);
|
||||
// console.log(permission_access_level);
|
||||
if (jwtPayload.permissions[permission_key].indexOf(r) === 1) {
|
||||
return true;
|
||||
} else {
|
||||
// TODO: throw/return proper HttpError
|
||||
return false;
|
||||
}
|
||||
});
|
||||
} else {
|
||||
// TODO: throw/return proper HttpError
|
||||
return false;
|
||||
}
|
||||
} catch (error) {
|
||||
console.log(error);
|
||||
// throw new HttpError(401, "jwt_illegal")
|
||||
return false
|
||||
}
|
||||
return true;
|
||||
},
|
||||
authorizationChecker: authchecker,
|
||||
development: false,
|
||||
controllers: [`${__dirname}/controllers/*.ts`],
|
||||
});
|
||||
|
|
|
@ -0,0 +1,54 @@
|
|||
import * as jwt from "jsonwebtoken";
|
||||
import { Action, createExpressServer, HttpError } from "routing-controllers";
|
||||
// -----------
|
||||
const sampletoken = jwt.sign({
|
||||
"permissions": {
|
||||
// "TRACKS": ["read", "update", "delete", "add"]
|
||||
"TRACKS": []
|
||||
}
|
||||
}, process.env.JWT_SECRET || "secretjwtsecret")
|
||||
console.log(`sampletoken: ${sampletoken}`);
|
||||
// -----------
|
||||
const authchecker = async (action: Action, permissions: string | string[]) => {
|
||||
let required_permissions = undefined
|
||||
if (typeof permissions === "string") {
|
||||
required_permissions = [permissions]
|
||||
} else {
|
||||
required_permissions = permissions
|
||||
}
|
||||
// const token = action.request.headers["authorization"];
|
||||
const provided_token = action.request.query["auth"];
|
||||
try {
|
||||
const jwtPayload = <any>jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret");
|
||||
if (jwtPayload.permissions) {
|
||||
action.response.local = {}
|
||||
action.response.local.jwtPayload = jwtPayload.permissions
|
||||
required_permissions.forEach(r => {
|
||||
const permission_key = r.split(":")[0]
|
||||
const actual_accesslevel_for_permission = jwtPayload.permissions[permission_key]
|
||||
console.log(actual_accesslevel_for_permission);
|
||||
const permission_access_level = r.split(":")[1]
|
||||
console.log(permission_key);
|
||||
console.log(permission_access_level);
|
||||
// console.log(permission_key);
|
||||
// console.log(permission_access_level);
|
||||
if (actual_accesslevel_for_permission.includes(permission_access_level)) {
|
||||
return true;
|
||||
} else {
|
||||
// TODO: throw/return proper HttpError
|
||||
throw new HttpError(403, "no")
|
||||
return false;
|
||||
}
|
||||
});
|
||||
} else {
|
||||
// TODO: throw/return proper HttpError
|
||||
return false;
|
||||
}
|
||||
} catch (error) {
|
||||
console.log(error);
|
||||
// throw new HttpError(401, "jwt_illegal")
|
||||
return false
|
||||
}
|
||||
return true;
|
||||
}
|
||||
export default authchecker
|
Loading…
Reference in New Issue