Update auth object and middleware

src/server/lib/passport.ts

@@ -9,13 +9,13 @@ import {
 import { Strategy as LocalStrategy } from 'passport-local';
 import { prisma } from './prisma';
 
-export const generateToken = (userId: number) => {
+export const generateToken = (userId: string) => {
   return jwt.sign({ id: userId }, String(process.env.TOKEN_SECRET), {
     expiresIn: String(process.env.TOKEN_EXPIRATION || '15m'),
   });
 };
 
-export const generateRefreshToken = (userId: number) => {
+export const generateRefreshToken = (userId: string) => {
   return jwt.sign({ id: userId }, String(process.env.TOKEN_SECRET), {
     expiresIn: String(process.env.TOKEN_REFRESH_EXPIRATION || '90d'),
   });
@@ -54,9 +54,11 @@ passport.use(
   new JwtStrategy(jwtOptions, async (jwt_payload: any, done: any) => {
     await prisma.user
       .findUnique({
-        where: {
-          id: jwt_payload.id,
+        include: {
+          serverFolderPermissions: true,
+          serverPermissions: true,
         },
+        where: { id: jwt_payload.id },
       })
       .then((user) => {
         // eslint-disable-next-line promise/no-callback-in-promise
@@ -72,7 +74,7 @@ passport.serializeUser((user: any, done) => {
   return done(null, user.id);
 });
 
-passport.deserializeUser(async (id: number, done) => {
+passport.deserializeUser(async (id: string, done) => {
   return done(
     null,
     await prisma.user.findUnique({

src/server/middleware/authenticate-admin.ts

@@ -1,59 +1,20 @@
 import { NextFunction, Request, Response } from 'express';
-import passport from 'passport';
 
 export const authenticateAdmin = (
   req: Request,
   res: Response,
   next: NextFunction
 ) => {
-  passport.authenticate('jwt', { session: false }, (err, user, info) => {
-    if (err) {
-      return next(err);
-    }
+  if (!req.auth.isAdmin) {
+    return res.status(403).json({
+      error: {
+        message: 'This action requires an administrator account.',
+        path: req.path,
+      },
+      response: 'Error',
+      statusCode: 403,
+    });
+  }
 
-    if (!user) {
-      return res.status(401).json({
-        error: {
-          message: info?.message || 'Invalid authorization.',
-          path: req.path,
-        },
-        response: 'Error',
-        statusCode: 401,
-      });
-    }
-
-    if (!user.enabled) {
-      return res.status(401).json({
-        error: {
-          message: 'Your account is not enabled.',
-          path: req.path,
-        },
-        response: 'Error',
-        statusCode: 401,
-      });
-    }
-
-    if (!user.isAdmin) {
-      return res.status(403).json({
-        error: {
-          message:
-            info?.message || 'This action requires an administrator account.',
-          path: req.path,
-        },
-        response: 'Error',
-        statusCode: 403,
-      });
-    }
-
-    req.auth = {
-      createdAt: user.createdAt,
-      enabled: user.enabled,
-      id: user.id,
-      isAdmin: user.isAdmin,
-      updatedAt: user.updatedAt,
-      username: user.username,
-    };
-
-    return next();
-  })(req, res, next);
+  return next();
 };

src/server/middleware/authenticate.ts

@@ -1,7 +1,19 @@
+import {
+  ServerFolderPermissions,
+  ServerPermissions,
+  User,
+} from '@prisma/client';
 import { NextFunction, Request, Response } from 'express';
 import passport from 'passport';
 
-export const authenticateLocal = (
+export type AuthUser = User & {
+  flatServerFolderPermissions: string[];
+  flatServerPermissions: string[];
+  serverFolderPermissions: ServerFolderPermissions[];
+  serverPermissions: ServerPermissions[];
+};
+
+export const authenticate = (
   req: Request,
   res: Response,
   next: NextFunction
@@ -33,15 +45,29 @@ export const authenticateLocal = (
       });
     }
 
-    req.auth = {
+    const flatServerFolderPermissions = user.serverFolderPermissions.map(
+      (permission: ServerFolderPermissions) => permission.serverFolderId
+    );
+
+    const flatServerPermissions = user.serverPermissions.map(
+      (permission: ServerPermissions) => permission.serverId
+    );
+
+    const auth = {
       createdAt: user?.createdAt,
       enabled: user?.enabled,
+      flatServerFolderPermissions,
+      flatServerPermissions,
       id: user?.id,
       isAdmin: user?.isAdmin,
+      serverFolderPermissions: user?.serverFolderPermissions,
+      serverPermissions: user?.serverPermissions,
       updatedAt: user?.updatedAt,
       username: user?.username,
     };
 
+    req.auth = auth;
+
     return next();
   })(req, res, next);
 };

src/server/middleware/index.ts

@@ -1,3 +1,3 @@
 export * from './error-handler';
-export * from './authenticate-local';
+export * from './authenticate';
 export * from './authenticate-admin';