feat: Authorization functions

src/middleware/auth.js

@@ -1,23 +1,83 @@
-const authService = require("../services/authService");
+const { getModByName } = require("../services/modService");
+const { getModpackByName } = require("../services/modpackService");
+const { getUserByName } = require("../services/userService");
+const { verifyToken } = require("../utils/crypto");
 const AppError = require("../utils/appError");
 
 
-function authenticateToken(req, res, next) {
+async function authenticateToken(req) {
 
-    const auth_header = req.headers["authorization"];
-    const token = auth_header && auth_header.split(' ')[1];
+    const token = req.header("Authorization");
     
-    if (token == null) {
-        throw new AppError(401, "Unauthorized: missing or bad authorization header");
+    if (!token) {
+        throw new AppError(401, "Missing authorization header", "Unauthorized");
     }
 
     try {
-        req.user = authService.verifyToken(token);
-        next();
+        req.token_infos = await verifyToken(token);
+        console.debug("Authorizing token from", req.token_infos);
     } catch (err) {
         throw new AppError(403, "Forbidden: Error verifying the authorization token");
     }
 }
 
 
+async function authorizeModModification(req) {
+    
+    // Auth token
+    await authenticateToken(req);
+    // Get mod infos
+    if (!req.params || req.params.id) {
+        throw new AppError(400, "No mod name was scpecified", "Bad request");
+    }
+    const mod_name = req.params.id;
+    const mod = getModByName(mod_name);
+    if (!mod) {
+        throw new AppError(404, "No mod was found with this name", "Not found");
+    }
+    // Authorize
+    if ( mod.author != req.token_infos.username) {
+        throw new AppError(401, "Mod author differs from current user", "Unauthorized");
+    }
+}
+
+async function authorizeModpackModification(req) {
+    
+    // Auth token
+    await authenticateToken(req);
+    // Get mod infos
+    if (!req.params || req.params.id) {
+        throw new AppError(400, "No mod name was scpecified", "Bad request");
+    }
+    const modpack_name = req.params.id;
+    const modpack = getModpackByName(modpack_name);
+    if (!modpack) {
+        throw new AppError(404, "No mod was found with this name", "Not found");
+    }
+    // Authorize
+    if ( modpack.author != req.token_infos.username) {
+        throw new AppError(401, "Mod author differs from current user", "Unauthorized");
+    }
+}
+
+async function authorizeUserModification(req) {
+    
+    // Auth token
+    await authenticateToken(req);
+    // Get mod infos
+    if (!req.params || req.params.id) {
+        throw new AppError(400, "No mod name was scpecified", "Bad request");
+    }
+    const user_name = req.params.id;
+    const user = getUserByName(user_name);
+    if (!user) {
+        throw new AppError(404, "No mod was found with this name", "Not found");
+    }
+    // Authorize
+    if ( user.username != req.token_infos.username) {
+        throw new AppError(401, "Mod author differs from current user", "Unauthorized");
+    }
+}
+
+
 module.exports = { authenticateToken }

src/services/authService.js

@@ -45,22 +45,10 @@ async function login(identifier, password) {
     return jwt.sign({ username: user[0].username, role: user[0].role }, await JWT_Secret);
 }
 
-function verifyToken(token) {
-    return new Promise( (resolve, reject) => {
-        jwt.verify( token, JWT_Secret, (err, user) => {
-            if (err) {
-                reject(err);
-            } else {
-                resolve(user);
-            }
-        });
-    });
-}
-
 // function authorizeRole(user, roles) {
 //     if (!user || !roles.includes(user.role)) {
 //         throw new AppError(401, "Unauthorized: You don't have the necessary permissions to access this resource");
 //     }
 // }
 
-module.exports = { login, verifyToken };
+module.exports = { login };