leca/bsfe_server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Browse Source
This commit is contained in:
leca
2024-10-27 05:45:12 +03:00
parent 3388da7280
commit 09b5106538
20 changed files with 82 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
src/middlewares/auth.js
View File

@@ -4,7 +4,7 @@ import config from '../../config.json' with {type: "json"};
import GroupService from '../services/group.js';
import UserService from '../services/user.js';
const TAG = "/middlewares/auth.js"
const TAG = "/middlewares/auth.js";
const requireUsername = async (req, res, next) => {
if (req.method == "OPTIONS") next();
@@ -14,7 +14,7 @@ const requireUsername = async (req, res, next) => {
if (!username) return res.status(400).send("Username is required");
next();
} catch (e) { return res.status(500).send(unknownError(`${TAG}/requireUsername: ${e}`)); }
}
};
const requirePassword = async (req, res, next) => {
if (req.method == "OPTIONS") next();
@@ -24,36 +24,36 @@ const requirePassword = async (req, res, next) => {
if (!password) return res.status(400).send("Password is required");
next();
} catch (e) { return res.status(500).send(unknownError(`${TAG}/requirePassword: ${e}`)); }
}
};
const authenticate = async (req, res, next) => {
if (req.method == "OPTIONS") next();
try {
if (!req.headers.authorization) return res.status(403).send("No authorization header supplied");
const token = req.headers.authorization.split(' ')[1]
const token = req.headers.authorization.split(' ')[1];
if (!token) return res.status(403).send("No authorization token supplied");
if (!jwt.verify(token, config.secret)) return res.status(403).send("Authorization token is incorrect");
next();
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/authenticate: ${e}`)); }
}
};
const authorizeGroupOwner = async (req, res, next) => {
if (req.method == "OPTIONS") next();
try {
const token = req.headers.authorization.split(' ')[1]
const token = req.headers.authorization.split(' ')[1];
const { groupId } = req.params;
let user = jwt.decode(token, config.secret)
let user = jwt.decode(token, config.secret);
let adminId = await GroupService.getAdminId(groupId);
if (user.login.id != adminId) return res.status(403).send("Not your group");
next();
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/authorizeGroupOwner: ${e}`)); }
}
};
const checkGroupPassword = async (req, res, next) => {
if (req.method == "OPTIONS") next();
@@ -68,17 +68,24 @@ const checkGroupPassword = async (req, res, next) => {
next();
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/checkGroupPassword: ${e}`)); }
}
};
const userIsInGroup = async (req, res, next) => {
if (req.method == "OPTIONS") next();
const groupId = req.body.groupId || req.params.groupId;
const token = req.headers.authorization.split(' ')[1]
let user = jwt.decode(token, config.secret)
const token = req.headers.authorization.split(' ')[1];
let user = jwt.decode(token, config.secret);
if (!await UserService.isInGroup(user.login.id, groupId)) return res.status(403).send("You are not a member of this group");
next();
}
};
export default { requireUsername, requirePassword, authenticate, authorizeGroupOwner, checkGroupPassword, userIsInGroup }
export default {
requireUsername,
requirePassword,
authenticate,
authorizeGroupOwner,
checkGroupPassword,
userIsInGroup
};

30
src/middlewares/existance.js
View File

@@ -6,7 +6,7 @@ import CategoryService from '../services/category.js';
import log from '../utils/log.js';
import statuses from '../utils/status.js';
const TAG = "/middlewares/existance.js"
const TAG = "/middlewares/existance.js";
const usernameExists = async (req, res, next) => {
try {
@@ -26,7 +26,7 @@ const usernameDoesntExist = async (req, res, next) => {
if (user != undefined && user != statuses.not_found) return res.status(400).send("Such username already taken");
next();
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/usernameDoesntExist: ${e}`)); }
}
};
const groupExists = async (req, res, next) => {
try {
@@ -37,7 +37,7 @@ const groupExists = async (req, res, next) => {
if (!group || group == statuses.not_found) return res.status(404).send("Group not found");
next();
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/groupExists: ${e}`)) }
}
};
const groupDoesntExist = async (req, res, next) => {
try {
@@ -48,7 +48,7 @@ const groupDoesntExist = async (req, res, next) => {
if (group || group != statuses.not_found) return res.status(400).send("Such group already exists");
next();
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/groupDoesntExist: ${e}`)) }
}
};
const groupNameDoesntExist = async (req, res, next) => {
try {
@@ -57,8 +57,8 @@ const groupNameDoesntExist = async (req, res, next) => {
let group = await GroupService.getByName(groupName);
if (group) return res.status(400).send("Such group name already exists");
next();
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/groupNameDoesntExist: ${e}`)) }
}
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/groupNameDoesntExist: ${e}`)); }
};
const abstractProductExists = async (req, res, next) => {
try {
@@ -67,8 +67,8 @@ const abstractProductExists = async (req, res, next) => {
let result = await AbstractProductService.exists(groupId, localId);
if (!result) return res.status(404).send("Abstract product not found");
next();
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/abstractProductExists: ${e}`)) }
}
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/abstractProductExists: ${e}`)); }
};
const productExists = async (req, res, next) => {
try {
@@ -77,8 +77,8 @@ const productExists = async (req, res, next) => {
let result = await ProductService.exists(groupId, localId);
if (!result) return res.status(404).send("Product not found");
next();
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/productExists: ${e}`)) }
}
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/productExists: ${e}`)); }
};
const categoryNameDoesntExist = async (req, res, next) => {
try {
@@ -87,8 +87,8 @@ const categoryNameDoesntExist = async (req, res, next) => {
let result = await CategoryService.getByName(groupId, localId, categoryName);
if (result != statuses.not_found) return res.status(400).send("Such category name exists");
next();
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/categoryNameDoesntExist: ${e}`)) }
}
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/categoryNameDoesntExist: ${e}`)); }
};
const categoryExists = async (req, res, next) => {
try {
@@ -97,8 +97,8 @@ const categoryExists = async (req, res, next) => {
let result = await CategoryService.getById(groupId, localId);
if (!result || result == statuses.not_found) return res.status(404).send("No such category");
next();
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/categoryExists: ${e}`)) }
}
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/categoryExists: ${e}`)); }
};
export default {
usernameExists,
@@ -113,4 +113,4 @@ export default {
categoryNameDoesntExist,
categoryExists
}
};