src/app.ts

@@ -3,15 +3,11 @@ import * as dotenvSafe from "dotenv-safe";
 import { createExpressServer } from "routing-controllers";
 import consola from "consola";
 import loaders from "./loaders/index";
-import authchecker from "./authchecker";
-import { ErrorHandler } from './middlewares/ErrorHandler';
 
 dotenvSafe.config();
 const PORT = process.env.APP_PORT || 4010;
 
 const app = createExpressServer({
-  authorizationChecker: authchecker,
-  middlewares: [ErrorHandler],
   development: process.env.NODE_ENV === "production",
   cors: true,
   routePrefix: "/api",

src/authchecker.ts

@@ -1,51 +0,0 @@
-import * as jwt from "jsonwebtoken";
-import { Action, HttpError } from "routing-controllers";
-// -----------
-const sampletoken = jwt.sign({
-    "permissions": {
-        "TRACKS": ["read", "update", "delete", "add"]
-        // "TRACKS": []
-    }
-}, process.env.JWT_SECRET || "secretjwtsecret")
-console.log(`sampletoken: ${sampletoken}`);
-// -----------
-const authchecker = async (action: Action, permissions: string | string[]) => {
-    let required_permissions = undefined
-    if (typeof permissions === "string") {
-        required_permissions = [permissions]
-    } else {
-        required_permissions = permissions
-    }
-    // const token = action.request.headers["authorization"];
-    const provided_token = action.request.query["auth"];
-    let jwtPayload = undefined
-    try {
-        jwtPayload = <any>jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret");
-    } catch (error) {
-        throw new HttpError(401, "jwt_illegal")
-    }
-    if (jwtPayload.permissions) {
-        action.response.local = {}
-        action.response.local.jwtPayload = jwtPayload.permissions
-        required_permissions.forEach(r => {
-            const permission_key = r.split(":")[0]
-            const actual_accesslevel_for_permission = jwtPayload.permissions[permission_key]
-            const permission_access_level = r.split(":")[1]
-            if (actual_accesslevel_for_permission.includes(permission_access_level)) {
-                return true;
-            } else {
-                throw new HttpError(403, "no")
-            }
-        });
-    } else {
-        throw new HttpError(403, "no")
-    }
-    // 
-    try {
-        jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret");
-        return true
-    } catch (error) {
-        return false
-    }
-}
-export default authchecker

src/controllers/TrackController.ts

@@ -1,4 +1,4 @@
-import { JsonController, Param, Body, Get, Post, Put, Delete, NotFoundError, OnUndefined, NotAcceptableError, Authorized } from 'routing-controllers';
+import { JsonController, Param, Body, Get, Post, Put, Delete, NotFoundError, OnUndefined, NotAcceptableError } from 'routing-controllers';
 import { getConnectionManager, Repository } from 'typeorm';
 import { EntityFromBody } from 'typeorm-routing-controllers-extensions';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
@@ -22,7 +22,6 @@ export class TrackNotFoundError extends NotFoundError {
 }
 
 @JsonController('/tracks')
-@Authorized("TRACKS:read")
 export class TrackController {
 	private trackRepository: Repository<Track>;
 
@@ -35,7 +34,7 @@ export class TrackController {
 
 	@Get()
 	@ResponseSchema(Track, { isArray: true })
-	@OpenAPI({ description: "Lists all tracks." })
+	@OpenAPI({description: "Lists all tracks."})
 	getAll() {
 		return this.trackRepository.find();
 	}
@@ -43,14 +42,14 @@ export class TrackController {
 	@Get('/:id')
 	@ResponseSchema(Track)
 	@OnUndefined(TrackNotFoundError)
-	@OpenAPI({ description: "Returns a track of a specified id (if it exists)" })
+	@OpenAPI({description: "Returns a track of a specified id (if it exists)"})
 	getOne(@Param('id') id: number) {
 		return this.trackRepository.findOne({ id: id });
 	}
 
 	@Post()
 	@ResponseSchema(Track)
-	@OpenAPI({ description: "Create a new track object (id will be generated automagicly)." })
+	@OpenAPI({description: "Create a new track object (id will be generated automagicly)."})
 	post(
 		@Body({ validate: true })
 		track: CreateTrack
@@ -60,15 +59,15 @@ export class TrackController {
 
 	@Put('/:id')
 	@ResponseSchema(Track)
-	@OpenAPI({ description: "Update a track object (id can't be changed)." })
+	@OpenAPI({description: "Update a track object (id can't be changed)."})
 	async put(@Param('id') id: number, @EntityFromBody() track: Track) {
 		let oldTrack = await this.trackRepository.findOne({ id: id });
 
 		if (!oldTrack) {
-			throw new TrackNotFoundError();
+      		throw new TrackNotFoundError();
 		}
 
-		if (oldTrack.id != track.id) {
+		if(oldTrack.id != track.id){
 			throw new NotAcceptableError("The id's don't match!");
 		}
 
@@ -78,7 +77,7 @@ export class TrackController {
 
 	@Delete('/:id')
 	@ResponseSchema(Track)
-	@OpenAPI({ description: "Delete a specified track (if it exists)." })
+	@OpenAPI({description: "Delete a specified track (if it exists)."})
 	async remove(@Param('id') id: number) {
 		let track = await this.trackRepository.findOne({ id: id });
 

src/middlewares/ErrorHandler.ts

@@ -1,20 +0,0 @@
-import {
-    Middleware,
-    ExpressErrorMiddlewareInterface
-} from "routing-controllers";
-
-@Middleware({ type: "after" })
-export class ErrorHandler implements ExpressErrorMiddlewareInterface {
-    public error(
-        error: any,
-        request: any,
-        response: any,
-        next: (err: any) => any
-    ) {
-        if (response.headersSent) {
-            return;
-        }
-
-        response.json(error);
-    }
-}