wf-radio/src/middleware/auth.js

const { getModByName } = require("../services/modService");
const { getModpackByName } = require("../services/modpackService");
const { getUserByName } = require("../services/userService");
const { verifyToken } = require("../utils/crypto");
const AppError = require("../utils/appError");


async function authenticateToken(req) {

    const token = req.header("Authorization");
    
    if (!token) {
        throw new AppError(401, "Missing authorization header", "Unauthorized");
    }

    try {
        req.token_infos = await verifyToken(token);
        console.debug("Authorizing token from", req.token_infos);
    } catch (err) {
        throw new AppError(403, "Forbidden: Error verifying the authorization token");
    }

    return req.token_infos;
}


async function authorizeModModification(req) {
    
    // Auth token
    await authenticateToken(req);
    // Get mod infos
    if (!req.params || !req.params.name) {
        throw new AppError(400, "No mod name was scpecified", "Bad request");
    }
    const mod_name = req.params.name;
    const mod = await getModByName(mod_name);
    if (!mod) {
        throw new AppError(404, "No mod was found with this name", "Not found");
    }
    // Authorize
    if ( mod.author != req.token_infos.username) {
        throw new AppError(401, "Mod author differs from current user", "Unauthorized");
    }
}

async function authorizeModpackModification(req) {
    
    // Auth token
    await authenticateToken(req);
    // Get mod infos
    if (!req.params || !req.params.name) {
        throw new AppError(400, "No mod name was scpecified", "Bad request");
    }
    const modpack_name = req.params.name;
    const modpack = await getModpackByName(modpack_name);
    if (!modpack) {
        throw new AppError(404, "No mod was found with this name", "Not found");
    }
    // Authorize
    if ( modpack.author != req.token_infos.username) {
        throw new AppError(401, "Mod author differs from current user", "Unauthorized");
    }
}

async function authorizeUserModification(req) {
    
    // Auth token
    await authenticateToken(req);
    // Get mod infos
    if (!req.params || !req.params.name) {
        throw new AppError(400, "No mod name was scpecified", "Bad request");
    }
    const user_name = req.params.name;
    const user = await getUserByName(user_name);
    if (!user) {
        throw new AppError(404, "No user was found with this name", "Not found");
    }
    // Authorize
    if ( user.username != req.token_infos.username) {
        throw new AppError(401, "User to modify differs from current user", "Unauthorized");
    }
}


module.exports = { authenticateToken, authorizeModModification, authorizeModpackModification, authorizeUserModification };
feat: Authorization functions 2025-04-25 14:06:03 +02:00			`const { getModByName } = require("../services/modService");`
			`const { getModpackByName } = require("../services/modpackService");`
			`const { getUserByName } = require("../services/userService");`
			`const { verifyToken } = require("../utils/crypto");`
feat: Added authentication system and configManager bases fix: Fixed some errors related to users 2025-03-31 17:00:28 +02:00			`const AppError = require("../utils/appError");`


feat: Authorization functions 2025-04-25 14:06:03 +02:00			`async function authenticateToken(req) {`
feat: Added authentication system and configManager bases fix: Fixed some errors related to users 2025-03-31 17:00:28 +02:00
feat: Authorization functions 2025-04-25 14:06:03 +02:00			`const token = req.header("Authorization");`
feat: Added authentication system and configManager bases fix: Fixed some errors related to users 2025-03-31 17:00:28 +02:00
feat: Authorization functions 2025-04-25 14:06:03 +02:00			`if (!token) {`
			`throw new AppError(401, "Missing authorization header", "Unauthorized");`
feat: Added authentication system and configManager bases fix: Fixed some errors related to users 2025-03-31 17:00:28 +02:00			`}`

			`try {`
feat: Authorization functions 2025-04-25 14:06:03 +02:00			`req.token_infos = await verifyToken(token);`
			`console.debug("Authorizing token from", req.token_infos);`
feat: Added authentication system and configManager bases fix: Fixed some errors related to users 2025-03-31 17:00:28 +02:00			`} catch (err) {`
			`throw new AppError(403, "Forbidden: Error verifying the authorization token");`
			`}`
Fixed all database CREATE queries, made all controllers and routes files, and many various fixes 2025-05-04 19:31:03 +02:00
			`return req.token_infos;`
feat: Added authentication system and configManager bases fix: Fixed some errors related to users 2025-03-31 17:00:28 +02:00			`}`


feat: Authorization functions 2025-04-25 14:06:03 +02:00			`async function authorizeModModification(req) {`

			`// Auth token`
			`await authenticateToken(req);`
			`// Get mod infos`
A LOT of fixes 2025-05-04 23:14:00 +02:00			`if (!req.params \|\| !req.params.name) {`
feat: Authorization functions 2025-04-25 14:06:03 +02:00			`throw new AppError(400, "No mod name was scpecified", "Bad request");`
			`}`
A LOT of fixes 2025-05-04 23:14:00 +02:00			`const mod_name = req.params.name;`
			`const mod = await getModByName(mod_name);`
feat: Authorization functions 2025-04-25 14:06:03 +02:00			`if (!mod) {`
			`throw new AppError(404, "No mod was found with this name", "Not found");`
			`}`
			`// Authorize`
			`if ( mod.author != req.token_infos.username) {`
			`throw new AppError(401, "Mod author differs from current user", "Unauthorized");`
			`}`
			`}`

			`async function authorizeModpackModification(req) {`

			`// Auth token`
			`await authenticateToken(req);`
			`// Get mod infos`
A LOT of fixes 2025-05-04 23:14:00 +02:00			`if (!req.params \|\| !req.params.name) {`
feat: Authorization functions 2025-04-25 14:06:03 +02:00			`throw new AppError(400, "No mod name was scpecified", "Bad request");`
			`}`
A LOT of fixes 2025-05-04 23:14:00 +02:00			`const modpack_name = req.params.name;`
			`const modpack = await getModpackByName(modpack_name);`
feat: Authorization functions 2025-04-25 14:06:03 +02:00			`if (!modpack) {`
			`throw new AppError(404, "No mod was found with this name", "Not found");`
			`}`
			`// Authorize`
			`if ( modpack.author != req.token_infos.username) {`
			`throw new AppError(401, "Mod author differs from current user", "Unauthorized");`
			`}`
			`}`

			`async function authorizeUserModification(req) {`

			`// Auth token`
			`await authenticateToken(req);`
			`// Get mod infos`
A LOT of fixes 2025-05-04 23:14:00 +02:00			`if (!req.params \|\| !req.params.name) {`
feat: Authorization functions 2025-04-25 14:06:03 +02:00			`throw new AppError(400, "No mod name was scpecified", "Bad request");`
			`}`
A LOT of fixes 2025-05-04 23:14:00 +02:00			`const user_name = req.params.name;`
			`const user = await getUserByName(user_name);`
feat: Authorization functions 2025-04-25 14:06:03 +02:00			`if (!user) {`
A LOT of fixes 2025-05-04 23:14:00 +02:00			`throw new AppError(404, "No user was found with this name", "Not found");`
feat: Authorization functions 2025-04-25 14:06:03 +02:00			`}`
			`// Authorize`
			`if ( user.username != req.token_infos.username) {`
A LOT of fixes 2025-05-04 23:14:00 +02:00			`throw new AppError(401, "User to modify differs from current user", "Unauthorized");`
feat: Authorization functions 2025-04-25 14:06:03 +02:00			`}`
			`}`


feat: Updated database model 2025-04-25 14:37:42 +02:00			`module.exports = { authenticateToken, authorizeModModification, authorizeModpackModification, authorizeUserModification };`