push de la fleme

2024-04-17 16:55:04 +02:00
parent 66e402cbf6
commit f7fcc0d051
28 changed files with 2042 additions and 131 deletions
--- a/middlewares/AuthorizationMiddleware.js
+++ b/middlewares/AuthorizationMiddleware.js
@@ -0,0 +1,49 @@
+const {JwtVerify} = require("../services/JwtService");
+const {getUserFromId} = require("../services/UserService");
+const {log} = require("../utils/logging");
+const UNAUTHORIZED = 401;
+const FORBIDDEN = 403;
+const UNAUTH_MESSAGE = 'Missing Authorization Header';
+const INVALID_TOKEN_MESSAGE = 'Invalid or expired token.';
+
+async function validateJWT(req, res, next) {
+  log('MIDDLEWARE', 'JWT', `Vérification du jwt... (${req.ip})`)
+  const authHeader = req.headers.authorization;
+  if (!authHeader) {
+    res.status(UNAUTHORIZED).json({message: UNAUTH_MESSAGE});
+    return;
+  }
+
+  const bearerToken = authHeader.split(' ')[1];
+  const isTokenValid = await JwtVerify(bearerToken);
+
+  if (isTokenValid !== false) {
+    log('MIDDLEWARE', 'JWT', `Token valide. (${req.ip})`)
+    next();
+  } else {
+    log('MIDDLEWARE', 'CHECK', `Token invalide (${req.ip})`)
+    res.status(FORBIDDEN).json({message: INVALID_TOKEN_MESSAGE});
+  }
+}
+
+async function isAdmin(req, res, next) {
+  log('MIDDLEWARE', 'ROLE', `Vérification du role... (${req.ip})`)
+  const authHeader = req.headers.authorization;
+  const bearerToken = authHeader.split(' ')[1];
+  const payload = await JwtVerify(bearerToken);
+  const dbUser = await getUserFromId(payload.sub)
+  if (!dbUser || !dbUser.isAdmin) {
+    log('MIDDLEWARE', 'ROLE', `Non admin ou éxistant. (${req.ip})`)
+    return res
+      .type('application/json')
+      .status(403)
+      .json({ error: 'Unauthorized' });
+  }
+  log('MIDDLEWARE', 'ROLE', `Accès admin validé. (${req.ip})`)
+  next();
+}
+
+module.exports = {
+  validateJWT,
+  isAdmin
+};