mirror/Checkmate
1
0
Fork 0
mirror of https://github.com/bluewave-labs/Checkmate.git synced 2026-05-18 15:38:36 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #732 from bluewave-labs/feat/verify-roles

Browse Source 
Feat/verify roles, resovles #724, resolves #726
This commit is contained in:
Alexander Holliday
2024-08-27 14:04:49 -07:00
committed by GitHub
parent 7372449826 5bd13a572e
commit 457b23ba2d
5 changed files with 91 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Server/middleware/isAllowed.js
+53
View File
@@ -0,0 +1,53 @@
const jwt = require("jsonwebtoken");
const TOKEN_PREFIX = "Bearer ";
const SERVICE_NAME = "allowedRoles";
const { errorMessages } = require("../utils/messages");
const isAllowed = (allowedRoles) => {
return (req, res, next) => {
const token = req.headers["authorization"];
// If no token is pressent, return an error
if (!token) {
const error = new Error(errorMessages.NO_AUTH_TOKEN);
error.status = 401;
error.service = SERVICE_NAME;
next(error);
return;
}
// If the token is improperly formatted, return an error
if (!token.startsWith(TOKEN_PREFIX)) {
const error = new Error(errorMessages.INVALID_AUTH_TOKEN);
error.status = 400;
error.service = SERVICE_NAME;
next(error);
return;
}
// Parse the token
try {
const parsedToken = token.slice(TOKEN_PREFIX.length, token.length);
var decoded = jwt.verify(parsedToken, process.env.JWT_SECRET);
const userRoles = decoded.role;
// Check if the user has the required role
if (userRoles.some((role) => allowedRoles.includes(role))) {
next();
return;
} else {
const error = new Error(errorMessages.INSUFFICIENT_PERMISSIONS);
error.status = 401;
error.service = SERVICE_NAME;
next(error);
return;
}
} catch (error) {
error.status = 401;
error.service = SERVICE_NAME;
next(error);
return;
}
};
};
module.exports = { isAllowed };
Server/routes/authRoute.js
+7 -2
View File
@@ -1,7 +1,7 @@
const router = require("express").Router();
const { verifyJWT } = require("../middleware/verifyJWT");
const { verifySuperAdmin } = require("../middleware/verifySuperAdmin");
const { verifyOwnership } = require("../middleware/verifyOwnership");
const { isAllowed } = require("../middleware/isAllowed");
const multer = require("multer");
const upload = multer();
const User = require("../models/user");
@@ -29,7 +29,12 @@ router.put(
userEditController
);
router.get("/users/superadmin", checkSuperadminController);
router.get("/users", verifyJWT, verifySuperAdmin, getAllUsersController);
router.get(
"/users",
verifyJWT,
isAllowed(["admin", "superadmin"]),
getAllUsersController
);
router.delete(
"/user/:userId",
verifyJWT,
Server/routes/inviteRoute.js
+13 -2
View File
@@ -1,11 +1,22 @@
const router = require("express").Router();
const { verifyJWT } = require("../middleware/verifyJWT");
const { isAllowed } = require("../middleware/isAllowed");
const {
inviteController,
inviteVerifyController,
} = require("../controllers/inviteController");
router.post("/", verifyJWT, inviteController);
router.post("/verify", inviteVerifyController);
router.post(
"/",
isAllowed(["admin", "superadmin"]),
verifyJWT,
inviteController
);
router.post(
"/verify",
isAllowed(["admin", "superadmin"]),
inviteVerifyController
);
module.exports = router;
Server/routes/monitorRoute.js
+15 -6
View File
@@ -1,7 +1,6 @@
const router = require("express").Router();
const monitorController = require("../controllers/monitorController");
const { verifyOwnership } = require("../middleware/verifyOwnership");
const Monitor = require("../models/Monitor");
const { isAllowed } = require("../middleware/isAllowed");
router.get("/", monitorController.getAllMonitors);
router.get("/stats/:monitorId", monitorController.getMonitorStatsById);
@@ -9,17 +8,27 @@ router.get("/certificate/:monitorId", monitorController.getMonitorCertificate);
router.get("/:monitorId", monitorController.getMonitorById);
router.get("/team/:teamId", monitorController.getMonitorsByTeamId);
router.post("/", monitorController.createMonitor);
router.post(
"/",
isAllowed(["admin", "superadmin"]),
monitorController.createMonitor
);
router.delete(
"/:monitorId",
verifyOwnership(Monitor, "monitorId"),
isAllowed(["admin", "superadmin"]),
monitorController.deleteMonitor
);
router.put(
"/:monitorId",
verifyOwnership(Monitor, "monitorId"),
isAllowed(["admin", "superadmin"]),
monitorController.editMonitor
);
router.delete("/all", monitorController.deleteAllMonitors);
router.delete(
"/all",
isAllowed(["superadmin"]),
monitorController.deleteAllMonitors
);
module.exports = router;
Server/utils/messages.js
+3
View File
@@ -17,6 +17,9 @@ const errorMessages = {
VERIFY_OWNER_NOT_FOUND: "Document not found",
VERIFY_OWNER_UNAUTHORIZED: "Unauthorized access",
//Permissions Middleware
INSUFFICIENT_PERMISSIONS: "Insufficient permissions",
//DB Errors
DB_USER_EXISTS: "User already exists",
DB_USER_NOT_FOUND: "User not found",