Compare commits
3 Commits
df9efc759c
...
a8c41b2268
| Author | SHA1 | Date | |
|---|---|---|---|
a8c41b2268
|
|||
|
0a3d943ca3
|
|||
|
c334b3954f
|
@ -1,31 +1,36 @@
|
||||
import express, {type Router} from "express";
|
||||
import JwtGuard from "@validators/JwtGuard";
|
||||
import UserGuard from "@validators/UserGuard";
|
||||
import AdminGuard from "@validators/AdminGuard";
|
||||
|
||||
|
||||
const router: Router = express.Router();
|
||||
|
||||
router.route('/login')
|
||||
router.route('/register')
|
||||
router.route('/login').post()
|
||||
router.route('/register').post()
|
||||
|
||||
// PATCH
|
||||
router.route('/me').patch(JwtGuard)
|
||||
router.route('/me')
|
||||
.patch(UserGuard)
|
||||
|
||||
// GET
|
||||
router.route('/me').get(JwtGuard)
|
||||
router.route('/me')
|
||||
.get(UserGuard)
|
||||
|
||||
// DELETE
|
||||
router.route('/me').delete(JwtGuard)
|
||||
router.route('/me')
|
||||
.delete(UserGuard)
|
||||
|
||||
|
||||
// GET
|
||||
router.route('/all').get(JwtGuard)
|
||||
router.route('/all')
|
||||
.get(AdminGuard)
|
||||
|
||||
|
||||
// GET
|
||||
router.route('/user/:targetId').get(JwtGuard)
|
||||
|
||||
// PATCH
|
||||
router.route('/user/:targetId').patch(JwtGuard)
|
||||
router.route('/user/:targetId')
|
||||
.get(AdminGuard)
|
||||
.patch(AdminGuard)
|
||||
.delete(AdminGuard)
|
||||
|
||||
|
||||
export default router
|
||||
@ -1,37 +1,39 @@
|
||||
import express, {type Router} from "express";
|
||||
import AdminGuard from "@validators/AdminGuard";
|
||||
import UserGuard from "@validators/UserGuard";
|
||||
|
||||
|
||||
const router: Router = express.Router();
|
||||
|
||||
//-- MODELS >>
|
||||
|
||||
router.route('/model/new').get()
|
||||
router.route('/model/new').get(AdminGuard)
|
||||
|
||||
router.route('/model/all').get()
|
||||
|
||||
router.route('/model/:modelSlug')
|
||||
.get()
|
||||
.patch()
|
||||
.delete()
|
||||
.get(UserGuard)
|
||||
.patch(AdminGuard)
|
||||
.delete(AdminGuard)
|
||||
|
||||
|
||||
//-- CATEGORY >>
|
||||
|
||||
router.route('/category/new').get()
|
||||
router.route('/category/new').get(AdminGuard)
|
||||
|
||||
router.route('/category/all').get()
|
||||
|
||||
router.route('/category/:categorySlug')
|
||||
.get()
|
||||
.patch()
|
||||
.delete()
|
||||
.get(UserGuard)
|
||||
.patch(AdminGuard)
|
||||
.delete(AdminGuard)
|
||||
|
||||
|
||||
//-- BRAND >>
|
||||
|
||||
router.route('/brand/new').post()
|
||||
router.route('/brand/new').post(AdminGuard)
|
||||
router.route('/brand/all').get()
|
||||
router.route('/brand/:brandSlug')
|
||||
.get()
|
||||
.patch()
|
||||
.delete()
|
||||
.get(UserGuard)
|
||||
.patch(AdminGuard)
|
||||
.delete(AdminGuard)
|
||||
@ -1,3 +1,3 @@
|
||||
export * from './auth/router'
|
||||
export * from './catalog/router'
|
||||
export * from './rent'
|
||||
export * from './rent/router'
|
||||
@ -1,29 +1,32 @@
|
||||
import express, {type Router} from "express";
|
||||
import JwtGuard from "@validators/JwtGuard";
|
||||
import AdminGuard from "@validators/AdminGuard";
|
||||
import UserGuard from "@validators/UserGuard";
|
||||
|
||||
|
||||
const router: Router = express.Router();
|
||||
|
||||
// Get rent affected to the user
|
||||
router.route('/affected').get(JwtGuard)
|
||||
router.route('/affected')
|
||||
.get(UserGuard)
|
||||
|
||||
// Get all vehicle in rent (admin only)
|
||||
router.route('/affected/all').get(JwtGuard)
|
||||
router.route('/affected/all')
|
||||
.get(AdminGuard)
|
||||
|
||||
// Add a new vehicle (admin only)
|
||||
router.route('/veh/new').post(JwtGuard)
|
||||
router.route('/veh/new')
|
||||
.post(AdminGuard)
|
||||
|
||||
// Get all vehicles
|
||||
router.route('/veh/all').get()
|
||||
router.route('/veh/all')
|
||||
.get()
|
||||
|
||||
// Rent a specific vehicle
|
||||
router.route('/veh/rent/:vehicleId').post(JwtGuard)
|
||||
router.route('/veh/rent/:vehicleId')
|
||||
.post(UserGuard)
|
||||
|
||||
// Endpoint to get the data of a vehicle, data change if source is an admin
|
||||
router.route('/veh/:vehicleId').get(JwtGuard)
|
||||
|
||||
// Endpoint to edit the data of a vehicle if source is an admin
|
||||
router.route('/veh/:vehicleId').patch(JwtGuard)
|
||||
|
||||
// Endpoint to delete a vehicle if source is an admin
|
||||
router.route('/veh/:vehicleId').delete(JwtGuard)
|
||||
router.route('/veh/:vehicleId')
|
||||
.get(UserGuard)
|
||||
.patch(AdminGuard)
|
||||
.delete(AdminGuard)
|
||||
39
src/validators/AdminGuard.ts
Normal file
39
src/validators/AdminGuard.ts
Normal file
@ -0,0 +1,39 @@
|
||||
import JwtService from "@services/jwt.service";
|
||||
import type {NextFunction, Request, Response} from "express";
|
||||
import MySqlService from "@services/mysql.service";
|
||||
import MysqlService from "@services/mysql.service";
|
||||
import {Logger} from "tslog";
|
||||
|
||||
const DbHandler = new MySqlService.Handler('AdminGuard')
|
||||
const logger = new Logger({name: 'AdminGuard'})
|
||||
|
||||
const UNAUTHORIZED = 401;
|
||||
const FORBIDDEN = 403;
|
||||
const UNAUTH_MESSAGE = 'Missing Authorization Header';
|
||||
const INVALID_TOKEN_MESSAGE = 'Invalid or expired token.';
|
||||
const PERMISSON_NOT_VALID = 'You are missing the required permission.'
|
||||
|
||||
async function AdminGuard(req: Request, res: Response, next: NextFunction) {
|
||||
const authHeader = req.headers.authorization;
|
||||
if (!authHeader) {
|
||||
logger.warn(`Invalid header (${req.ip})`)
|
||||
return res.status(UNAUTHORIZED).json({message: UNAUTH_MESSAGE});
|
||||
}
|
||||
|
||||
const bearerToken = authHeader.split(' ')[1];
|
||||
|
||||
if (!bearerToken) return res.status(FORBIDDEN).json({message: INVALID_TOKEN_MESSAGE});
|
||||
|
||||
const token = await JwtService.verify(bearerToken);
|
||||
|
||||
if (token) {
|
||||
// @ts-ignore
|
||||
const isSourceAdmin = await MysqlService.User.getAdminStateForId(DbHandler, token.sub)
|
||||
if (isSourceAdmin === true) next();
|
||||
return res.status(FORBIDDEN).json({message: PERMISSON_NOT_VALID});
|
||||
|
||||
}
|
||||
return res.status(FORBIDDEN).json({message: INVALID_TOKEN_MESSAGE});
|
||||
}
|
||||
|
||||
export default AdminGuard
|
||||
40
src/validators/UserGuard.ts
Normal file
40
src/validators/UserGuard.ts
Normal file
@ -0,0 +1,40 @@
|
||||
import JwtService from "@services/jwt.service";
|
||||
import type {NextFunction, Request, Response} from "express";
|
||||
import MySqlService from "@services/mysql.service";
|
||||
import {Logger} from "tslog";
|
||||
|
||||
const DbHandler = new MySqlService.Handler('UserGuard')
|
||||
const logger = new Logger({name: 'UserGuard'})
|
||||
|
||||
const UNAUTHORIZED = 401;
|
||||
const FORBIDDEN = 403;
|
||||
const UNAUTH_MESSAGE = 'Missing Authorization Header';
|
||||
const INVALID_TOKEN_MESSAGE = 'Invalid or expired token.';
|
||||
const USER_NOT_EXIST = 'You dont exist anymore'
|
||||
|
||||
async function UserGuard(req: Request, res: Response, next: NextFunction) {
|
||||
const authHeader = req.headers.authorization;
|
||||
if (!authHeader) {
|
||||
return res.status(UNAUTHORIZED).json({message: UNAUTH_MESSAGE});
|
||||
}
|
||||
|
||||
const bearerToken = authHeader.split(' ')[1];
|
||||
|
||||
if (!bearerToken) return res.status(FORBIDDEN).json({message: INVALID_TOKEN_MESSAGE});
|
||||
|
||||
const token = await JwtService.verify(bearerToken);
|
||||
|
||||
if (token) {
|
||||
// @ts-ignore
|
||||
const userId = token.sub;
|
||||
const user= await MySqlService.User.getById(DbHandler, userId);
|
||||
if (user) {
|
||||
logger.info(`An user do a request. (${user?.username})`)
|
||||
next()
|
||||
}
|
||||
return res.status(UNAUTHORIZED).json({message: USER_NOT_EXIST});
|
||||
}
|
||||
return res.status(FORBIDDEN).json({message: INVALID_TOKEN_MESSAGE});
|
||||
}
|
||||
|
||||
export default UserGuard
|
||||
Loading…
x
Reference in New Issue
Block a user