diff --git a/src/app.ts b/src/app.ts index 53f7723..06a8a52 100644 --- a/src/app.ts +++ b/src/app.ts @@ -3,55 +3,13 @@ import * as dotenvSafe from "dotenv-safe"; import { Action, createExpressServer, HttpError } from "routing-controllers"; import consola from "consola"; import loaders from "./loaders/index"; -// -import * as jwt from "jsonwebtoken"; +import authchecker from "./authchecker"; // dotenvSafe.config(); const PORT = process.env.APP_PORT || 4010; -const sampletoken = jwt.sign({ - "permissions": { - "TRACKS": ["read", "update", "delete", "add"] - } -}, process.env.JWT_SECRET || "secretjwtsecret") -console.log(`sampletoken: ${sampletoken}`); - const app = createExpressServer({ - authorizationChecker: async (action: Action, permissions: string | string[]) => { - let required_permissions = permissions - if (typeof permissions === "string") { - required_permissions = [permissions] - } - // const token = action.request.headers["authorization"]; - const provided_token = action.request.query["auth"]; - try { - const jwtPayload = jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret"); - if (jwtPayload.permissions) { - action.response.local = {} - action.response.local.jwtPayload = jwtPayload.permissions - required_permissions.forEach(r => { - const permission_key = r.split(":")[0] - const permission_access_level = r.split(":")[1] - // console.log(permission_key); - // console.log(permission_access_level); - if (jwtPayload.permissions[permission_key].indexOf(r) === 1) { - return true; - } else { - // TODO: throw/return proper HttpError - return false; - } - }); - } else { - // TODO: throw/return proper HttpError - return false; - } - } catch (error) { - console.log(error); - // throw new HttpError(401, "jwt_illegal") - return false - } - return true; - }, + authorizationChecker: authchecker, development: false, controllers: [`${__dirname}/controllers/*.ts`], }); diff --git a/src/authchecker.ts b/src/authchecker.ts new file mode 100644 index 0000000..e5823e0 --- /dev/null +++ b/src/authchecker.ts @@ -0,0 +1,54 @@ +import * as jwt from "jsonwebtoken"; +import { Action, createExpressServer, HttpError } from "routing-controllers"; +// ----------- +const sampletoken = jwt.sign({ + "permissions": { + // "TRACKS": ["read", "update", "delete", "add"] + "TRACKS": [] + } +}, process.env.JWT_SECRET || "secretjwtsecret") +console.log(`sampletoken: ${sampletoken}`); +// ----------- +const authchecker = async (action: Action, permissions: string | string[]) => { + let required_permissions = undefined + if (typeof permissions === "string") { + required_permissions = [permissions] + } else { + required_permissions = permissions + } + // const token = action.request.headers["authorization"]; + const provided_token = action.request.query["auth"]; + try { + const jwtPayload = jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret"); + if (jwtPayload.permissions) { + action.response.local = {} + action.response.local.jwtPayload = jwtPayload.permissions + required_permissions.forEach(r => { + const permission_key = r.split(":")[0] + const actual_accesslevel_for_permission = jwtPayload.permissions[permission_key] + console.log(actual_accesslevel_for_permission); + const permission_access_level = r.split(":")[1] + console.log(permission_key); + console.log(permission_access_level); + // console.log(permission_key); + // console.log(permission_access_level); + if (actual_accesslevel_for_permission.includes(permission_access_level)) { + return true; + } else { + // TODO: throw/return proper HttpError + throw new HttpError(403, "no") + return false; + } + }); + } else { + // TODO: throw/return proper HttpError + return false; + } + } catch (error) { + console.log(error); + // throw new HttpError(401, "jwt_illegal") + return false + } + return true; +} +export default authchecker \ No newline at end of file