From 8aedd94033b7d89b59b4d32a2eb069628dd480f1 Mon Sep 17 00:00:00 2001 From: jeffvli Date: Wed, 12 Oct 2022 13:35:59 -0700 Subject: [PATCH] Update auth object and middleware --- src/server/lib/passport.ts | 12 ++-- src/server/middleware/authenticate-admin.ts | 61 ++++--------------- ...{authenticate-local.ts => authenticate.ts} | 30 ++++++++- src/server/middleware/index.ts | 2 +- 4 files changed, 47 insertions(+), 58 deletions(-) rename src/server/middleware/{authenticate-local.ts => authenticate.ts} (54%) diff --git a/src/server/lib/passport.ts b/src/server/lib/passport.ts index f26e4f19e..c33471e44 100644 --- a/src/server/lib/passport.ts +++ b/src/server/lib/passport.ts @@ -9,13 +9,13 @@ import { import { Strategy as LocalStrategy } from 'passport-local'; import { prisma } from './prisma'; -export const generateToken = (userId: number) => { +export const generateToken = (userId: string) => { return jwt.sign({ id: userId }, String(process.env.TOKEN_SECRET), { expiresIn: String(process.env.TOKEN_EXPIRATION || '15m'), }); }; -export const generateRefreshToken = (userId: number) => { +export const generateRefreshToken = (userId: string) => { return jwt.sign({ id: userId }, String(process.env.TOKEN_SECRET), { expiresIn: String(process.env.TOKEN_REFRESH_EXPIRATION || '90d'), }); @@ -54,9 +54,11 @@ passport.use( new JwtStrategy(jwtOptions, async (jwt_payload: any, done: any) => { await prisma.user .findUnique({ - where: { - id: jwt_payload.id, + include: { + serverFolderPermissions: true, + serverPermissions: true, }, + where: { id: jwt_payload.id }, }) .then((user) => { // eslint-disable-next-line promise/no-callback-in-promise @@ -72,7 +74,7 @@ passport.serializeUser((user: any, done) => { return done(null, user.id); }); -passport.deserializeUser(async (id: number, done) => { +passport.deserializeUser(async (id: string, done) => { return done( null, await prisma.user.findUnique({ diff --git a/src/server/middleware/authenticate-admin.ts b/src/server/middleware/authenticate-admin.ts index 41c99589e..b31f2c795 100644 --- a/src/server/middleware/authenticate-admin.ts +++ b/src/server/middleware/authenticate-admin.ts @@ -1,59 +1,20 @@ import { NextFunction, Request, Response } from 'express'; -import passport from 'passport'; export const authenticateAdmin = ( req: Request, res: Response, next: NextFunction ) => { - passport.authenticate('jwt', { session: false }, (err, user, info) => { - if (err) { - return next(err); - } + if (!req.auth.isAdmin) { + return res.status(403).json({ + error: { + message: 'This action requires an administrator account.', + path: req.path, + }, + response: 'Error', + statusCode: 403, + }); + } - if (!user) { - return res.status(401).json({ - error: { - message: info?.message || 'Invalid authorization.', - path: req.path, - }, - response: 'Error', - statusCode: 401, - }); - } - - if (!user.enabled) { - return res.status(401).json({ - error: { - message: 'Your account is not enabled.', - path: req.path, - }, - response: 'Error', - statusCode: 401, - }); - } - - if (!user.isAdmin) { - return res.status(403).json({ - error: { - message: - info?.message || 'This action requires an administrator account.', - path: req.path, - }, - response: 'Error', - statusCode: 403, - }); - } - - req.auth = { - createdAt: user.createdAt, - enabled: user.enabled, - id: user.id, - isAdmin: user.isAdmin, - updatedAt: user.updatedAt, - username: user.username, - }; - - return next(); - })(req, res, next); + return next(); }; diff --git a/src/server/middleware/authenticate-local.ts b/src/server/middleware/authenticate.ts similarity index 54% rename from src/server/middleware/authenticate-local.ts rename to src/server/middleware/authenticate.ts index 03abe0aa1..d3957f6bf 100644 --- a/src/server/middleware/authenticate-local.ts +++ b/src/server/middleware/authenticate.ts @@ -1,7 +1,19 @@ +import { + ServerFolderPermissions, + ServerPermissions, + User, +} from '@prisma/client'; import { NextFunction, Request, Response } from 'express'; import passport from 'passport'; -export const authenticateLocal = ( +export type AuthUser = User & { + flatServerFolderPermissions: string[]; + flatServerPermissions: string[]; + serverFolderPermissions: ServerFolderPermissions[]; + serverPermissions: ServerPermissions[]; +}; + +export const authenticate = ( req: Request, res: Response, next: NextFunction @@ -33,15 +45,29 @@ export const authenticateLocal = ( }); } - req.auth = { + const flatServerFolderPermissions = user.serverFolderPermissions.map( + (permission: ServerFolderPermissions) => permission.serverFolderId + ); + + const flatServerPermissions = user.serverPermissions.map( + (permission: ServerPermissions) => permission.serverId + ); + + const auth = { createdAt: user?.createdAt, enabled: user?.enabled, + flatServerFolderPermissions, + flatServerPermissions, id: user?.id, isAdmin: user?.isAdmin, + serverFolderPermissions: user?.serverFolderPermissions, + serverPermissions: user?.serverPermissions, updatedAt: user?.updatedAt, username: user?.username, }; + req.auth = auth; + return next(); })(req, res, next); }; diff --git a/src/server/middleware/index.ts b/src/server/middleware/index.ts index 29f6102de..57d4d9525 100644 --- a/src/server/middleware/index.ts +++ b/src/server/middleware/index.ts @@ -1,3 +1,3 @@ export * from './error-handler'; -export * from './authenticate-local'; +export * from './authenticate'; export * from './authenticate-admin';