51 lines
1.8 KiB
TypeScript
51 lines
1.8 KiB
TypeScript
import * as jwt from "jsonwebtoken";
|
|
import { Action, HttpError } from "routing-controllers";
|
|
// -----------
|
|
const sampletoken = jwt.sign({
|
|
"permissions": {
|
|
"TRACKS": ["read", "update", "delete", "add"]
|
|
// "TRACKS": []
|
|
}
|
|
}, process.env.JWT_SECRET || "secretjwtsecret")
|
|
console.log(`sampletoken: ${sampletoken}`);
|
|
// -----------
|
|
const authchecker = async (action: Action, permissions: string | string[]) => {
|
|
let required_permissions = undefined
|
|
if (typeof permissions === "string") {
|
|
required_permissions = [permissions]
|
|
} else {
|
|
required_permissions = permissions
|
|
}
|
|
// const token = action.request.headers["authorization"];
|
|
const provided_token = action.request.query["auth"];
|
|
let jwtPayload = undefined
|
|
try {
|
|
jwtPayload = <any>jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret");
|
|
} catch (error) {
|
|
throw new HttpError(401, "jwt_illegal")
|
|
}
|
|
if (jwtPayload.permissions) {
|
|
action.response.local = {}
|
|
action.response.local.jwtPayload = jwtPayload.permissions
|
|
required_permissions.forEach(r => {
|
|
const permission_key = r.split(":")[0]
|
|
const actual_accesslevel_for_permission = jwtPayload.permissions[permission_key]
|
|
const permission_access_level = r.split(":")[1]
|
|
if (actual_accesslevel_for_permission.includes(permission_access_level)) {
|
|
return true;
|
|
} else {
|
|
throw new HttpError(403, "no")
|
|
}
|
|
});
|
|
} else {
|
|
throw new HttpError(403, "no")
|
|
}
|
|
//
|
|
try {
|
|
jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret");
|
|
return true
|
|
} catch (error) {
|
|
return false
|
|
}
|
|
}
|
|
export default authchecker |