From ce806ef42635121a93aa7ceaa439d4d0b7a02ad1 Mon Sep 17 00:00:00 2001 From: "Gu://em_" Date: Fri, 25 Apr 2025 14:06:03 +0200 Subject: [PATCH] feat: Authorization functions --- src/middleware/auth.js | 76 +++++++++++++++++++++++++++++++++---- src/services/authService.js | 14 +------ 2 files changed, 69 insertions(+), 21 deletions(-) diff --git a/src/middleware/auth.js b/src/middleware/auth.js index 7e5d098..b694032 100644 --- a/src/middleware/auth.js +++ b/src/middleware/auth.js @@ -1,23 +1,83 @@ -const authService = require("../services/authService"); +const { getModByName } = require("../services/modService"); +const { getModpackByName } = require("../services/modpackService"); +const { getUserByName } = require("../services/userService"); +const { verifyToken } = require("../utils/crypto"); const AppError = require("../utils/appError"); -function authenticateToken(req, res, next) { +async function authenticateToken(req) { - const auth_header = req.headers["authorization"]; - const token = auth_header && auth_header.split(' ')[1]; + const token = req.header("Authorization"); - if (token == null) { - throw new AppError(401, "Unauthorized: missing or bad authorization header"); + if (!token) { + throw new AppError(401, "Missing authorization header", "Unauthorized"); } try { - req.user = authService.verifyToken(token); - next(); + req.token_infos = await verifyToken(token); + console.debug("Authorizing token from", req.token_infos); } catch (err) { throw new AppError(403, "Forbidden: Error verifying the authorization token"); } } +async function authorizeModModification(req) { + + // Auth token + await authenticateToken(req); + // Get mod infos + if (!req.params || req.params.id) { + throw new AppError(400, "No mod name was scpecified", "Bad request"); + } + const mod_name = req.params.id; + const mod = getModByName(mod_name); + if (!mod) { + throw new AppError(404, "No mod was found with this name", "Not found"); + } + // Authorize + if ( mod.author != req.token_infos.username) { + throw new AppError(401, "Mod author differs from current user", "Unauthorized"); + } +} + +async function authorizeModpackModification(req) { + + // Auth token + await authenticateToken(req); + // Get mod infos + if (!req.params || req.params.id) { + throw new AppError(400, "No mod name was scpecified", "Bad request"); + } + const modpack_name = req.params.id; + const modpack = getModpackByName(modpack_name); + if (!modpack) { + throw new AppError(404, "No mod was found with this name", "Not found"); + } + // Authorize + if ( modpack.author != req.token_infos.username) { + throw new AppError(401, "Mod author differs from current user", "Unauthorized"); + } +} + +async function authorizeUserModification(req) { + + // Auth token + await authenticateToken(req); + // Get mod infos + if (!req.params || req.params.id) { + throw new AppError(400, "No mod name was scpecified", "Bad request"); + } + const user_name = req.params.id; + const user = getUserByName(user_name); + if (!user) { + throw new AppError(404, "No mod was found with this name", "Not found"); + } + // Authorize + if ( user.username != req.token_infos.username) { + throw new AppError(401, "Mod author differs from current user", "Unauthorized"); + } +} + + module.exports = { authenticateToken } \ No newline at end of file diff --git a/src/services/authService.js b/src/services/authService.js index cc7efd1..bbf25cc 100644 --- a/src/services/authService.js +++ b/src/services/authService.js @@ -45,22 +45,10 @@ async function login(identifier, password) { return jwt.sign({ username: user[0].username, role: user[0].role }, await JWT_Secret); } -function verifyToken(token) { - return new Promise( (resolve, reject) => { - jwt.verify( token, JWT_Secret, (err, user) => { - if (err) { - reject(err); - } else { - resolve(user); - } - }); - }); -} - // function authorizeRole(user, roles) { // if (!user || !roles.includes(user.role)) { // throw new AppError(401, "Unauthorized: You don't have the necessary permissions to access this resource"); // } // } -module.exports = { login, verifyToken }; \ No newline at end of file +module.exports = { login }; \ No newline at end of file