KK
/
API
Archived
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added auth check for admin

main
Netcup Gituser 2023-12-05 19:14:03 +01:00
parent b5a97350c2
commit bad5c1ef24
4 changed files with 42 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
src/middleware/authMiddleware.ts
View File

@ -1,14 +1,18 @@
import { Request } from "express"; import { Request } from "express";
import { Session } from "../models/session"; import { Session } from "../models/session";
import { User } from "../models/user";
import { HEADER_X_AUTHORIZATION } from "../utils/constants";
export async function sessionProtection(req: Request, res: any, next: any) { export async function sessionProtection(req: Request, res: any, next: any) {
const xAuthorization = req.get("x-authorization"); const xAuthorization = req.get(HEADER_X_AUTHORIZATION);
if (!xAuthorization) { if (!xAuthorization) {
return res.status(401).json({ status: "err" }); return res.status(401).json({ status: "err" });
} }
const session = await Session.findOne({ sessionId: xAuthorization }).lean(); const session = await Session.findOne({ sessionId: xAuthorization })
.select("sessionId -_id")
.lean();
if (!session) { if (!session) {
return res.status(401).json({ status: "err" }); return res.status(401).json({ status: "err" });
@ -16,3 +20,29 @@ export async function sessionProtection(req: Request, res: any, next: any) {
next(); next();
} }
export async function adminProtection(req: Request, res: any, next: any) {
const xAuthorization = req.get(HEADER_X_AUTHORIZATION);
if (!xAuthorization) {
return res.status(401).json({ status: "err" });
}
const session = await Session.findOne({ sessionId: xAuthorization })
.select("sessionId accountName -_id")
.lean();
if (!session) {
return res.status(401).json({ status: "err" });
}
const user = await User.findOne({ accountName: session.accountName })
.select("isAdmin -_id")
.lean();
if (!user || !user.isAdmin) {
return res.status(401).json({ status: "err" });
}
next();
}

4
src/models/user.ts
View File

@ -16,6 +16,10 @@ export const userSchema = new Schema({
type: Number, type: Number,
default: 0, default: 0,
}, },
isAdmin: {
type: Boolean,
default: false,
},
}); });
export type User = InferSchemaType<typeof userSchema>; export type User = InferSchemaType<typeof userSchema>;

4
src/routes/adminRoutes.ts
View File

@ -2,8 +2,8 @@ import express from "express";
const router = express.Router(); const router = express.Router();
import * as adminController from "../controllers/adminController"; import * as adminController from "../controllers/adminController";
import { sessionProtection } from "../middleware/authMiddleware"; import { adminProtection } from "../middleware/authMiddleware";
router.get("/users", sessionProtection, adminController.GetAllUsers); router.get("/users", adminProtection, adminController.GetAllUsers);
export default router; export default router;

4
src/utils/constants.ts
View File

@ -4,4 +4,8 @@ export const DEFAULT_SESSION_EXPIRATION: number = 7 * 24 * 60 * 60 * 1000;
// Maximum number of users to display per page in the admin interface // Maximum number of users to display per page in the admin interface
export const ADMIN_MAX_USERS_PER_PAGE: number = 10; export const ADMIN_MAX_USERS_PER_PAGE: number = 10;
// Fields to ignore when querying MongoDB
export const MONGODB_IGNORED_FIELDS: string = "-password -_id -__v"; export const MONGODB_IGNORED_FIELDS: string = "-password -_id -__v";
// Header name for the session ID
export const HEADER_X_AUTHORIZATION: string = "x-authorization";