2025-04-25 14:06:03 +02:00
|
|
|
const { getModByName } = require("../services/modService");
|
|
|
|
|
const { getModpackByName } = require("../services/modpackService");
|
|
|
|
|
const { getUserByName } = require("../services/userService");
|
|
|
|
|
const { verifyToken } = require("../utils/crypto");
|
2025-03-31 17:00:28 +02:00
|
|
|
const AppError = require("../utils/appError");
|
|
|
|
|
|
|
|
|
|
|
2025-04-25 14:06:03 +02:00
|
|
|
async function authenticateToken(req) {
|
2025-03-31 17:00:28 +02:00
|
|
|
|
2025-04-25 14:06:03 +02:00
|
|
|
const token = req.header("Authorization");
|
2025-03-31 17:00:28 +02:00
|
|
|
|
2025-04-25 14:06:03 +02:00
|
|
|
if (!token) {
|
|
|
|
|
throw new AppError(401, "Missing authorization header", "Unauthorized");
|
2025-03-31 17:00:28 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
try {
|
2025-04-25 14:06:03 +02:00
|
|
|
req.token_infos = await verifyToken(token);
|
|
|
|
|
console.debug("Authorizing token from", req.token_infos);
|
2025-03-31 17:00:28 +02:00
|
|
|
} catch (err) {
|
|
|
|
|
throw new AppError(403, "Forbidden: Error verifying the authorization token");
|
|
|
|
|
}
|
2025-05-04 19:31:03 +02:00
|
|
|
|
|
|
|
|
return req.token_infos;
|
2025-03-31 17:00:28 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2025-04-25 14:06:03 +02:00
|
|
|
async function authorizeModModification(req) {
|
|
|
|
|
|
|
|
|
|
// Auth token
|
|
|
|
|
await authenticateToken(req);
|
|
|
|
|
// Get mod infos
|
|
|
|
|
if (!req.params || req.params.id) {
|
|
|
|
|
throw new AppError(400, "No mod name was scpecified", "Bad request");
|
|
|
|
|
}
|
|
|
|
|
const mod_name = req.params.id;
|
|
|
|
|
const mod = getModByName(mod_name);
|
|
|
|
|
if (!mod) {
|
|
|
|
|
throw new AppError(404, "No mod was found with this name", "Not found");
|
|
|
|
|
}
|
|
|
|
|
// Authorize
|
|
|
|
|
if ( mod.author != req.token_infos.username) {
|
|
|
|
|
throw new AppError(401, "Mod author differs from current user", "Unauthorized");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async function authorizeModpackModification(req) {
|
|
|
|
|
|
|
|
|
|
// Auth token
|
|
|
|
|
await authenticateToken(req);
|
|
|
|
|
// Get mod infos
|
|
|
|
|
if (!req.params || req.params.id) {
|
|
|
|
|
throw new AppError(400, "No mod name was scpecified", "Bad request");
|
|
|
|
|
}
|
|
|
|
|
const modpack_name = req.params.id;
|
|
|
|
|
const modpack = getModpackByName(modpack_name);
|
|
|
|
|
if (!modpack) {
|
|
|
|
|
throw new AppError(404, "No mod was found with this name", "Not found");
|
|
|
|
|
}
|
|
|
|
|
// Authorize
|
|
|
|
|
if ( modpack.author != req.token_infos.username) {
|
|
|
|
|
throw new AppError(401, "Mod author differs from current user", "Unauthorized");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async function authorizeUserModification(req) {
|
|
|
|
|
|
|
|
|
|
// Auth token
|
|
|
|
|
await authenticateToken(req);
|
|
|
|
|
// Get mod infos
|
|
|
|
|
if (!req.params || req.params.id) {
|
|
|
|
|
throw new AppError(400, "No mod name was scpecified", "Bad request");
|
|
|
|
|
}
|
|
|
|
|
const user_name = req.params.id;
|
|
|
|
|
const user = getUserByName(user_name);
|
|
|
|
|
if (!user) {
|
|
|
|
|
throw new AppError(404, "No mod was found with this name", "Not found");
|
|
|
|
|
}
|
|
|
|
|
// Authorize
|
|
|
|
|
if ( user.username != req.token_infos.username) {
|
|
|
|
|
throw new AppError(401, "Mod author differs from current user", "Unauthorized");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2025-04-25 14:37:42 +02:00
|
|
|
module.exports = { authenticateToken, authorizeModModification, authorizeModpackModification, authorizeUserModification };
|
