split/monofile
1
0
Fork 0
mirror of https://github.com/mollersuite/monofile.git synced 2024-10-06 12:06:26 -07:00
Code Issues Actions Packages Projects Releases 1 Wiki Activity

token-permissions: bugfix

Browse source
This commit is contained in:
split / May 2023-10-02 21:01:53 -07:00
parent 8bec8a4360
commit 5e15b20c10
2 changed files with 9 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/server/lib/auth.ts
View file

@ -59,16 +59,20 @@ export function tokenFor(req: express.Request) {
)
}
function getToken(token:string) {
return AuthTokens.find(e => e.token == token && Date.now() < e.expire)
}
export function validate(token:string) {
return AuthTokens.find(e => e.token == token && Date.now() < e.expire)?.account
return getToken(token)?.account
}
export function getType(token:string): TokenType | undefined {
return AuthTokens.find(e => e.token == token && Date.now() < e.expire)?.type
return getToken(token)?.type
}
export function getPermissions(token:string): TokenPermission[] | undefined {
return AuthTokens.find(e => e.token == token && Date.now() < e.expire)?.tokenPermissions
return getToken(token)?.tokenPermissions
}
export function tokenTimer(token:AuthToken) {

4
src/server/lib/middleware.ts
View file

@ -41,12 +41,12 @@ export const requiresPermissions = function(...tokenPermissions: auth.TokenPermi
if (!permissions) ServeError(res, 403, "insufficient permissions")
else {
for (let v in tokenPermissions)
for (let v of tokenPermissions) {
if (!permissions.includes(v as auth.TokenPermission)) {
ServeError(res,403,"insufficient permissions")
return
}
}
next()
}