parent
0a3d943ca3
commit
a8c41b2268
GPG Key ID:
DD9E0666A747D126
39
src/validators/AdminGuard.ts
Normal file
39
src/validators/AdminGuard.ts
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
import JwtService from "@services/jwt.service";
|
||||||
|
import type {NextFunction, Request, Response} from "express";
|
||||||
|
import MySqlService from "@services/mysql.service";
|
||||||
|
import MysqlService from "@services/mysql.service";
|
||||||
|
import {Logger} from "tslog";
|
||||||
|
|
||||||
|
const DbHandler = new MySqlService.Handler('AdminGuard')
|
||||||
|
const logger = new Logger({name: 'AdminGuard'})
|
||||||
|
|
||||||
|
const UNAUTHORIZED = 401;
|
||||||
|
const FORBIDDEN = 403;
|
||||||
|
const UNAUTH_MESSAGE = 'Missing Authorization Header';
|
||||||
|
const INVALID_TOKEN_MESSAGE = 'Invalid or expired token.';
|
||||||
|
const PERMISSON_NOT_VALID = 'You are missing the required permission.'
|
||||||
|
|
||||||
|
async function AdminGuard(req: Request, res: Response, next: NextFunction) {
|
||||||
|
const authHeader = req.headers.authorization;
|
||||||
|
if (!authHeader) {
|
||||||
|
logger.warn(`Invalid header (${req.ip})`)
|
||||||
|
return res.status(UNAUTHORIZED).json({message: UNAUTH_MESSAGE});
|
||||||
|
}
|
||||||
|
|
||||||
|
const bearerToken = authHeader.split(' ')[1];
|
||||||
|
|
||||||
|
if (!bearerToken) return res.status(FORBIDDEN).json({message: INVALID_TOKEN_MESSAGE});
|
||||||
|
|
||||||
|
const token = await JwtService.verify(bearerToken);
|
||||||
|
|
||||||
|
if (token) {
|
||||||
|
// @ts-ignore
|
||||||
|
const isSourceAdmin = await MysqlService.User.getAdminStateForId(DbHandler, token.sub)
|
||||||
|
if (isSourceAdmin === true) next();
|
||||||
|
return res.status(FORBIDDEN).json({message: PERMISSON_NOT_VALID});
|
||||||
|
|
||||||
|
}
|
||||||
|
return res.status(FORBIDDEN).json({message: INVALID_TOKEN_MESSAGE});
|
||||||
|
}
|
||||||
|
|
||||||
|
export default AdminGuard
|
||||||
Loading…
x
Reference in New Issue
Block a user