lfk/backend
2
0
Fork 0
Code Issues 1 Pull Requests Actions Projects Releases 40 Activity

Compare commits

base: lfk:5f4aed2f02b22799d3e043394641bc3ac549caf2
Branches Tags
lfk:dev
lfk:CreateAnonymousDonation-dedicated-enitity-controller
lfk:main
lfk:1.5.2
lfk:1.5.1
lfk:1.5.0
lfk:1.4.3
lfk:1.4.2
lfk:1.4.1
lfk:1.4.0
lfk:1.3.12
lfk:1.3.11
lfk:1.3.10
lfk:1.3.9
lfk:1.3.8
lfk:1.3.7
lfk:1.3.6
lfk:1.3.5
lfk:1.3.4
lfk:1.3.3
lfk:v1.3.2
lfk:v1.3.1
lfk:1.3.0
lfk:1.2.1
lfk:1.2.0
lfk:v1.1.4
lfk:v1.1.3
lfk:v1.1.2
lfk:v1.1.1
lfk:v1.1.0
lfk:v1.0.1
lfk:v1.0.0
lfk:v0.15.4
lfk:v0.15.3
lfk:v0.15.2
lfk:v0.15.1
lfk:v0.15.0
lfk:v0.14.6
lfk:v0.14.5
lfk:v0.14.4
lfk:v0.14.3
lfk:v0.14.2
lfk:v0.14.1
lfk:v0.14.0
lfk:v0.13.3
lfk:v0.13.2
lfk:v0.13.1
lfk:v0.12.0
lfk:v0.13.0
lfk:v0.11.1
lfk:v0.11.0
lfk:v0.10.2
lfk:v0.10.1
lfk:v0.10.0
lfk:v0.9.2
lfk:v0.9.1
lfk:v0.9.0
lfk:v0.8.0
lfk:v0.7.1
lfk:v0.7.0
lfk:v0.6.4
lfk:v0.6.3
lfk:v0.6.2
lfk:v0.6.1
lfk:v0.6.0
lfk:v0.5.0
lfk:v0.4.6
lfk:v0.4.5
lfk:v0.4.4
lfk:v0.4.3
lfk:v0.4.2
lfk:v0.4.1
lfk:v0.4.0
lfk:v0.3.1
lfk:v0.3.0
lfk:v0.2.1
lfk:v0.2.0
lfk:v0.1.1
lfk:v0.1.0
lfk:v0.0.12
lfk:v0.0.11
lfk:v0.0.10
lfk:v0.0.9
lfk:v0.0.8
lfk:v0.0.7
lfk:0.0.6
lfk:0.0.5
..
compare: lfk:c15b6501819ec22870c67f16e3d306bd01364ac6
Branches Tags
lfk:dev
lfk:CreateAnonymousDonation-dedicated-enitity-controller
lfk:main
lfk:1.5.2
lfk:1.5.1
lfk:1.5.0
lfk:1.4.3
lfk:1.4.2
lfk:1.4.1
lfk:1.4.0
lfk:1.3.12
lfk:1.3.11
lfk:1.3.10
lfk:1.3.9
lfk:1.3.8
lfk:1.3.7
lfk:1.3.6
lfk:1.3.5
lfk:1.3.4
lfk:1.3.3
lfk:v1.3.2
lfk:v1.3.1
lfk:1.3.0
lfk:1.2.1
lfk:1.2.0
lfk:v1.1.4
lfk:v1.1.3
lfk:v1.1.2
lfk:v1.1.1
lfk:v1.1.0
lfk:v1.0.1
lfk:v1.0.0
lfk:v0.15.4
lfk:v0.15.3
lfk:v0.15.2
lfk:v0.15.1
lfk:v0.15.0
lfk:v0.14.6
lfk:v0.14.5
lfk:v0.14.4
lfk:v0.14.3
lfk:v0.14.2
lfk:v0.14.1
lfk:v0.14.0
lfk:v0.13.3
lfk:v0.13.2
lfk:v0.13.1
lfk:v0.12.0
lfk:v0.13.0
lfk:v0.11.1
lfk:v0.11.0
lfk:v0.10.2
lfk:v0.10.1
lfk:v0.10.0
lfk:v0.9.2
lfk:v0.9.1
lfk:v0.9.0
lfk:v0.8.0
lfk:v0.7.1
lfk:v0.7.0
lfk:v0.6.4
lfk:v0.6.3
lfk:v0.6.2
lfk:v0.6.1
lfk:v0.6.0
lfk:v0.5.0
lfk:v0.4.6
lfk:v0.4.5
lfk:v0.4.4
lfk:v0.4.3
lfk:v0.4.2
lfk:v0.4.1
lfk:v0.4.0
lfk:v0.3.1
lfk:v0.3.0
lfk:v0.2.1
lfk:v0.2.0
lfk:v0.1.1
lfk:v0.1.0
lfk:v0.0.12
lfk:v0.0.11
lfk:v0.0.10
lfk:v0.0.9
lfk:v0.0.8
lfk:v0.0.7
lfk:0.0.6
lfk:0.0.5

No commits in common. "5f4aed2f02b22799d3e043394641bc3ac549caf2" and "c15b6501819ec22870c67f16e3d306bd01364ac6" have entirely different histories.
5f4aed2f02 ... c15b650181

4 changed files with 34 additions and 47 deletions
Show Stats Expand all files Collapse all files

4
src/app.ts
View File

@ -1,17 +1,15 @@
import "reflect-metadata"; import "reflect-metadata";
import * as dotenvSafe from "dotenv-safe"; import * as dotenvSafe from "dotenv-safe";
import { createExpressServer } from "routing-controllers"; import { Action, createExpressServer, HttpError } from "routing-controllers";
import consola from "consola"; import consola from "consola";
import loaders from "./loaders/index"; import loaders from "./loaders/index";
import authchecker from "./authchecker"; import authchecker from "./authchecker";
import { ErrorHandler } from './middlewares/ErrorHandler';
// //
dotenvSafe.config(); dotenvSafe.config();
const PORT = process.env.APP_PORT || 4010; const PORT = process.env.APP_PORT || 4010;
const app = createExpressServer({ const app = createExpressServer({
authorizationChecker: authchecker, authorizationChecker: authchecker,
middlewares: [ErrorHandler],
development: false, development: false,
controllers: [`${__dirname}/controllers/*.ts`], controllers: [`${__dirname}/controllers/*.ts`],
}); });

53
src/authchecker.ts
View File

@ -1,10 +1,10 @@
import * as jwt from "jsonwebtoken"; import * as jwt from "jsonwebtoken";
import { Action, HttpError } from "routing-controllers"; import { Action, createExpressServer, HttpError } from "routing-controllers";
// ----------- // -----------
const sampletoken = jwt.sign({ const sampletoken = jwt.sign({
"permissions": { "permissions": {
"TRACKS": ["read", "update", "delete", "add"] // "TRACKS": ["read", "update", "delete", "add"]
// "TRACKS": [] "TRACKS": []
} }
}, process.env.JWT_SECRET || "secretjwtsecret") }, process.env.JWT_SECRET || "secretjwtsecret")
console.log(`sampletoken: ${sampletoken}`); console.log(`sampletoken: ${sampletoken}`);
@ -18,27 +18,36 @@ const authchecker = async (action: Action, permissions: string | string[]) => {
} }
// const token = action.request.headers["authorization"]; // const token = action.request.headers["authorization"];
const provided_token = action.request.query["auth"]; const provided_token = action.request.query["auth"];
let jwtPayload = undefined
try { try {
jwtPayload = <any>jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret"); const jwtPayload = <any>jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret");
if (jwtPayload.permissions) {
action.response.local = {}
action.response.local.jwtPayload = jwtPayload.permissions
required_permissions.forEach(r => {
const permission_key = r.split(":")[0]
const actual_accesslevel_for_permission = jwtPayload.permissions[permission_key]
console.log(actual_accesslevel_for_permission);
const permission_access_level = r.split(":")[1]
console.log(permission_key);
console.log(permission_access_level);
// console.log(permission_key);
// console.log(permission_access_level);
if (actual_accesslevel_for_permission.includes(permission_access_level)) {
return true;
} else {
// TODO: throw/return proper HttpError
throw new HttpError(403, "no")
return false;
}
});
} else {
// TODO: throw/return proper HttpError
return false;
}
} catch (error) { } catch (error) {
throw new HttpError(401, "jwt_illegal") console.log(error);
} // throw new HttpError(401, "jwt_illegal")
if (jwtPayload.permissions) { return false
action.response.local = {}
action.response.local.jwtPayload = jwtPayload.permissions
required_permissions.forEach(r => {
const permission_key = r.split(":")[0]
const actual_accesslevel_for_permission = jwtPayload.permissions[permission_key]
const permission_access_level = r.split(":")[1]
if (actual_accesslevel_for_permission.includes(permission_access_level)) {
return true;
} else {
throw new HttpError(403, "no")
}
});
} else {
throw new HttpError(403, "no")
} }
return true; return true;
} }

4
src/controllers/TrackController.ts
View File

@ -25,7 +25,7 @@ class CreateTrack {
} }
@JsonController("/track") @JsonController("/track")
// @Authorized("TRACKS:read") @Authorized("TRACKS:read")
export class TrackController { export class TrackController {
private trackRepository: Repository<Track>; private trackRepository: Repository<Track>;
@ -45,7 +45,7 @@ export class TrackController {
return this.trackRepository.findOne({ id: id }); return this.trackRepository.findOne({ id: id });
} }
@Authorized() @Authorized("TRACKS:write")
@Post() @Post()
post(@Body({ validate: true }) track: CreateTrack) { post(@Body({ validate: true }) track: CreateTrack) {
return this.trackRepository.save(track); return this.trackRepository.save(track);

20
src/middlewares/ErrorHandler.ts
View File

@ -1,20 +0,0 @@
import {
Middleware,
ExpressErrorMiddlewareInterface
} from "routing-controllers";
@Middleware({ type: "after" })
export class ErrorHandler implements ExpressErrorMiddlewareInterface {
public error(
error: any,
request: any,
response: any,
next: (err: any) => any
) {
if (response.headersSent) {
return;
}
response.json(error);
}
}