split/monofile
1
0
Fork 0
mirror of https://github.com/mollersuite/monofile.git synced 2024-11-21 21:36:26 -08:00
Code Issues Actions Packages Projects Releases 1 Wiki Activity

token-permissions: update middleware further

Browse source
This commit is contained in:
May 2023-10-02 18:27:48 -07:00
parent a04cc9a376
commit fad320d7fb
1 changed files with 26 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
src/server/lib/middleware.ts
View file

@ -32,45 +32,41 @@ export const requiresAdmin: RequestHandler = function(_req, res, next) {
next() next()
} }
export namespace apiBlockers { /**
/**
* @description Blocks requests based on the permissions which a token has. Does not apply to routes being accessed with a token of type `User` * @description Blocks requests based on the permissions which a token has. Does not apply to routes being accessed with a token of type `User`
* @param tokenPermissions Permissions which your route requires. * @param tokenPermissions Permissions which your route requires.
* @returns Express middleware * @returns Express middleware
*/ */
export const requiresPermissions = function(...tokenPermissions: auth.TokenPermission[]): RequestHandler { export const requiresPermissions = function(...tokenPermissions: auth.TokenPermission[]): RequestHandler {
return function(req, res, next) { return function(req, res, next) {
let token = tokenFor(req) let token = tokenFor(req)
let type = auth.getType(token) let type = auth.getType(token)
if (type == "App") {
let permissions = auth.getPermissions(token)
if (type == "App") { if (!permissions) ServeError(res, 403, "insufficient permissions")
let permissions = auth.getPermissions(token) else {
for (let v in tokenPermissions)
if (!permissions.includes(v as auth.TokenPermission)) {
ServeError(res,403,"insufficient permissions")
return
}
if (!permissions) ServeError(res, 403, "insufficient permissions") next()
else {
for (let v in tokenPermissions) }
if (!permissions.includes(v as auth.TokenPermission)) { } else next()
ServeError(res,403,"insufficient permissions")
return
}
next()
}
} else next()
}
} }
}
/** /**
* @description Blocks requests based on whether or not the token being used to access the route is of type `User`. * @description Blocks requests based on whether or not the token being used to access the route is of type `User`.
*/ */
export const noAPIAccess: RequestHandler = function(req, res, next) {
if (auth.getType(tokenFor(req)) == "App") ServeError(res, 403, "apps are not allowed to access this endpoint")
else next()
}
export const noAPIAccess: RequestHandler = function(req, res, next) {
if (auth.getType(tokenFor(req)) == "App") ServeError(res, 403, "apps are not allowed to access this endpoint")
else next()
} }