Restructuring the Project
Updating dependencies
This commit is contained in:
110
Backend/src/api/middlewares/client.ts
Normal file
110
Backend/src/api/middlewares/client.ts
Normal file
@ -0,0 +1,110 @@
|
||||
import { NextFunction, Request, Response } from "express";
|
||||
import RequestError, { HttpStatusCode } from "../../helper/request_error";
|
||||
import Client from "../../models/client";
|
||||
import { validateJWT } from "../../keys";
|
||||
import User from "../../models/user";
|
||||
import Mail from "../../models/mail";
|
||||
import { OAuthJWT } from "../../helper/jwt";
|
||||
|
||||
export function GetClientAuthMiddleware(
|
||||
checksecret = true,
|
||||
internal = false,
|
||||
checksecret_if_available = false
|
||||
) {
|
||||
return async (req: Request, res: Response, next: NextFunction) => {
|
||||
try {
|
||||
let client_id = req.query.client_id || req.body.client_id;
|
||||
let client_secret = req.query.client_secret || req.body.client_secret;
|
||||
|
||||
if (!client_id && !client_secret && req.headers.authorization) {
|
||||
let header = req.headers.authorization;
|
||||
let [type, val] = header.split(" ");
|
||||
if (val) {
|
||||
let str = Buffer.from(val, "base64").toString("utf-8");
|
||||
let [id, secret] = str.split(":");
|
||||
client_id = id;
|
||||
client_secret = secret;
|
||||
}
|
||||
}
|
||||
|
||||
if (!client_id || (!client_secret && checksecret)) {
|
||||
throw new RequestError(
|
||||
"No client credentials",
|
||||
HttpStatusCode.BAD_REQUEST
|
||||
);
|
||||
}
|
||||
let w = { client_id: client_id, client_secret: client_secret };
|
||||
if (!checksecret && !(checksecret_if_available && client_secret))
|
||||
delete w.client_secret;
|
||||
|
||||
let client = await Client.findOne(w);
|
||||
|
||||
if (!client) {
|
||||
throw new RequestError(
|
||||
"Invalid client_id" + (checksecret ? "or client_secret" : ""),
|
||||
HttpStatusCode.BAD_REQUEST
|
||||
);
|
||||
}
|
||||
|
||||
if (internal && !client.internal) {
|
||||
throw new RequestError(
|
||||
req.__("Client has no permission for access"),
|
||||
HttpStatusCode.FORBIDDEN
|
||||
);
|
||||
}
|
||||
req.client = client;
|
||||
next();
|
||||
} catch (e) {
|
||||
if (next) next(e);
|
||||
else throw e;
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
export const ClientAuthMiddleware = GetClientAuthMiddleware();
|
||||
|
||||
export function GetClientApiAuthMiddleware(permissions?: string[]) {
|
||||
return async (req: Request, res: Response, next: NextFunction) => {
|
||||
try {
|
||||
const invalid_err = new RequestError(
|
||||
req.__("You are not logged in or your login is expired"),
|
||||
HttpStatusCode.UNAUTHORIZED
|
||||
);
|
||||
let token =
|
||||
(req.query.access_token as string) ||
|
||||
(req.headers.authorization as string);
|
||||
if (!token) throw invalid_err;
|
||||
|
||||
if (token.toLowerCase().startsWith("bearer "))
|
||||
token = token.substring(7);
|
||||
|
||||
let data: OAuthJWT;
|
||||
try {
|
||||
data = await validateJWT(token);
|
||||
} catch (err) {
|
||||
throw invalid_err;
|
||||
}
|
||||
|
||||
let user = await User.findOne({ uid: data.user });
|
||||
|
||||
if (!user) throw invalid_err;
|
||||
|
||||
let client = await Client.findOne({ client_id: data.application });
|
||||
if (!client) throw invalid_err;
|
||||
|
||||
if (
|
||||
permissions &&
|
||||
(!data.permissions ||
|
||||
!permissions.every((e) => data.permissions.indexOf(e) >= 0))
|
||||
)
|
||||
throw invalid_err;
|
||||
|
||||
req.user = user;
|
||||
req.client = client;
|
||||
next();
|
||||
} catch (e) {
|
||||
if (next) next(e);
|
||||
else throw e;
|
||||
}
|
||||
};
|
||||
}
|
Reference in New Issue
Block a user