bsfe_server/src/middlewares/auth.js

import log from '../utils/log.js'
import jwt from 'jsonwebtoken';
import config from '../../config.json' with {type: "json"};
import GroupService from '../services/group.js';
import UserService from '../services/user.js';

const TAG = "/middlewares/auth.js";

const requireUsername = async (req, res, next) => {
    if (req.method == "OPTIONS") next();

    try {
        const { username } = req.body;
        if (!username) return res.status(400).send("Username is required");
        next();
    } catch (e) { return res.status(500).send(unknownError(`${TAG}/requireUsername: ${e}`)); }
};

const requirePassword = async (req, res, next) => {
    if (req.method == "OPTIONS") next();

    try {
        const { password } = req.body;
        if (!password) return res.status(400).send("Password is required");
        next();
    } catch (e) { return res.status(500).send(unknownError(`${TAG}/requirePassword: ${e}`)); }
};

const authenticate = async (req, res, next) => {
    if (req.method == "OPTIONS") next();

    try {
        if (!req.headers.authorization) return res.status(403).send("No authorization header supplied");
        const token = req.headers.authorization.split(' ')[1];
        if (!token) return res.status(403).send("No authorization token supplied");
        if (!jwt.verify(token, config.secret)) return res.status(403).send("Authorization token is incorrect");

        next();
    } catch (e) { return res.status(500).send(log.unknownError(`${TAG}/authenticate: ${e}`)); }
};

const authorizeGroupOwner = async (req, res, next) => {
    if (req.method == "OPTIONS") next();

    try {
        const token = req.headers.authorization.split(' ')[1];

        const { groupId } = req.params;

        let user = jwt.decode(token, config.secret);

        let adminId = await GroupService.getAdminId(groupId);
        if (user.login.id != adminId) return res.status(403).send("Not your group");
        next();
    } catch (e) { return res.status(500).send(log.unknownError(`${TAG}/authorizeGroupOwner: ${e}`)); }
};

const checkGroupPassword = async (req, res, next) => {
    if (req.method == "OPTIONS") next();

    try {
        const { groupId } = req.params;
        const { password } = req.body;

        const groupPassword = await GroupService.getPassword(groupId);

        if (groupPassword != password) return res.status(403).send("Wrong password");
        next();

    } catch (e) { return res.status(500).send(log.unknownError(`${TAG}/checkGroupPassword: ${e}`)); }
};

const userIsInGroup = async (req, res, next) => {
    if (req.method == "OPTIONS") next();

    const groupId = req.body.groupId || req.params.groupId;

    const token = req.headers.authorization.split(' ')[1];
    let user = jwt.decode(token, config.secret);
    if (!await UserService.isInGroup(user.login.id, groupId)) return res.status(403).send("You are not a member of this group");
    next();
};

export default {
    requireUsername,
    requirePassword,
    authenticate,
    authorizeGroupOwner,
    checkGroupPassword,
    userIsInGroup
};
added users and groups 2024-10-26 05:31:22 +03:00			`import log from '../utils/log.js'`
			`import jwt from 'jsonwebtoken';`
			`import config from '../../config.json' with {type: "json"};`
			`import GroupService from '../services/group.js';`
a lot of fixes, implementing abstract product api endpoints 2024-10-26 20:18:14 +03:00			`import UserService from '../services/user.js';`
added users and groups 2024-10-26 05:31:22 +03:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 2024-10-27 05:45:12 +03:00			`const TAG = "/middlewares/auth.js";`
added users and groups 2024-10-26 05:31:22 +03:00
a lot of fixes, implementing abstract product api endpoints 2024-10-26 20:18:14 +03:00			`const requireUsername = async (req, res, next) => {`
added users and groups 2024-10-26 05:31:22 +03:00			`if (req.method == "OPTIONS") next();`

			`try {`
a lot of bugfixes, completed abstract products and products 2024-10-27 04:45:13 +03:00			`const { username } = req.body;`
			`if (!username) return res.status(400).send("Username is required");`
			`next();`
a lot of fixes, implementing abstract product api endpoints 2024-10-26 20:18:14 +03:00			} catch (e) { return res.status(500).send(unknownError(`${TAG}/requireUsername: ${e}`)); }
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 2024-10-27 05:45:12 +03:00			`};`
a lot of fixes, implementing abstract product api endpoints 2024-10-26 20:18:14 +03:00
			`const requirePassword = async (req, res, next) => {`
			`if (req.method == "OPTIONS") next();`

			`try {`
a lot of bugfixes, completed abstract products and products 2024-10-27 04:45:13 +03:00			`const { password } = req.body;`
			`if (!password) return res.status(400).send("Password is required");`
			`next();`
a lot of fixes, implementing abstract product api endpoints 2024-10-26 20:18:14 +03:00			} catch (e) { return res.status(500).send(unknownError(`${TAG}/requirePassword: ${e}`)); }
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 2024-10-27 05:45:12 +03:00			`};`
added users and groups 2024-10-26 05:31:22 +03:00
			`const authenticate = async (req, res, next) => {`
			`if (req.method == "OPTIONS") next();`

			`try {`
a lot of fixes, implementing abstract product api endpoints 2024-10-26 20:18:14 +03:00			`if (!req.headers.authorization) return res.status(403).send("No authorization header supplied");`
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 2024-10-27 05:45:12 +03:00			`const token = req.headers.authorization.split(' ')[1];`
a lot of fixes, implementing abstract product api endpoints 2024-10-26 20:18:14 +03:00			`if (!token) return res.status(403).send("No authorization token supplied");`
added users and groups 2024-10-26 05:31:22 +03:00			`if (!jwt.verify(token, config.secret)) return res.status(403).send("Authorization token is incorrect");`

			`next();`
			} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/authenticate: ${e}`)); }
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 2024-10-27 05:45:12 +03:00			`};`
added users and groups 2024-10-26 05:31:22 +03:00
			`const authorizeGroupOwner = async (req, res, next) => {`
			`if (req.method == "OPTIONS") next();`

			`try {`
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 2024-10-27 05:45:12 +03:00			`const token = req.headers.authorization.split(' ')[1];`
added users and groups 2024-10-26 05:31:22 +03:00
a lot of fixes, implementing abstract product api endpoints 2024-10-26 20:18:14 +03:00			`const { groupId } = req.params;`
added users and groups 2024-10-26 05:31:22 +03:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 2024-10-27 05:45:12 +03:00			`let user = jwt.decode(token, config.secret);`
a lot of bugfixes, completed abstract products and products 2024-10-27 04:45:13 +03:00
a lot of fixes, implementing abstract product api endpoints 2024-10-26 20:18:14 +03:00			`let adminId = await GroupService.getAdminId(groupId);`
added users and groups 2024-10-26 05:31:22 +03:00			`if (user.login.id != adminId) return res.status(403).send("Not your group");`
			`next();`
			} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/authorizeGroupOwner: ${e}`)); }
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 2024-10-27 05:45:12 +03:00			`};`
added users and groups 2024-10-26 05:31:22 +03:00
			`const checkGroupPassword = async (req, res, next) => {`
			`if (req.method == "OPTIONS") next();`

			`try {`
a lot of fixes, implementing abstract product api endpoints 2024-10-26 20:18:14 +03:00			`const { groupId } = req.params;`
added users and groups 2024-10-26 05:31:22 +03:00			`const { password } = req.body;`

a lot of fixes, implementing abstract product api endpoints 2024-10-26 20:18:14 +03:00			`const groupPassword = await GroupService.getPassword(groupId);`
added users and groups 2024-10-26 05:31:22 +03:00
			`if (groupPassword != password) return res.status(403).send("Wrong password");`
			`next();`

a lot of bugfixes, completed abstract products and products 2024-10-27 04:45:13 +03:00			} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/checkGroupPassword: ${e}`)); }
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 2024-10-27 05:45:12 +03:00			`};`
added users and groups 2024-10-26 05:31:22 +03:00
a lot of fixes, implementing abstract product api endpoints 2024-10-26 20:18:14 +03:00			`const userIsInGroup = async (req, res, next) => {`
			`if (req.method == "OPTIONS") next();`

			`const groupId = req.body.groupId \|\| req.params.groupId;`

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 2024-10-27 05:45:12 +03:00			`const token = req.headers.authorization.split(' ')[1];`
			`let user = jwt.decode(token, config.secret);`
a lot of fixes, implementing abstract product api endpoints 2024-10-26 20:18:14 +03:00			`if (!await UserService.isInGroup(user.login.id, groupId)) return res.status(403).send("You are not a member of this group");`
			`next();`
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 2024-10-27 05:45:12 +03:00			`};`

			`export default {`
			`requireUsername,`
			`requirePassword,`
			`authenticate,`
			`authorizeGroupOwner,`
			`checkGroupPassword,`
			`userIsInGroup`
			`};`