refactor(old app): login migration to new app
This commit is contained in:
@@ -1,85 +1,111 @@
|
||||
import axios from "axios";
|
||||
import { createMiddleware } from "hono/factory";
|
||||
|
||||
import type { CustomJwtPayload } from "../../../types/jwtToken.js";
|
||||
import { verify } from "hono/jwt";
|
||||
import { db } from "../../../../database/dbclient.js";
|
||||
import { modules } from "../../../../database/schema/modules.js";
|
||||
import { and, eq } from "drizzle-orm";
|
||||
import { userRoles } from "../../../../database/schema/userRoles.js";
|
||||
import { tryCatch } from "../../../globalUtils/tryCatch.js";
|
||||
// const hasCorrectRole = (requiredRole: string[], module: string) =>
|
||||
// createMiddleware(async (c, next) => {
|
||||
// /**
|
||||
// * We want to check to make sure you have the correct role to be here
|
||||
// */
|
||||
// const authHeader = c.req.header("Authorization");
|
||||
|
||||
// if (!authHeader || !authHeader.startsWith("Bearer ")) {
|
||||
// return c.json({ error: "Unauthorized" }, 401);
|
||||
// }
|
||||
|
||||
// const token = authHeader.split(" ")[1];
|
||||
|
||||
// // deal with token data
|
||||
// const { data: tokenData, error: tokenError } = await tryCatch(
|
||||
// verify(token, process.env.JWT_SECRET!),
|
||||
// );
|
||||
|
||||
// if (tokenError) {
|
||||
// return c.json({ error: "Invalid token" }, 401);
|
||||
// }
|
||||
|
||||
// const customToken = tokenData as CustomJwtPayload;
|
||||
|
||||
// // Get the module
|
||||
// const { data: mod, error: modError } = await tryCatch(
|
||||
// db.select().from(modules).where(eq(modules.name, module)),
|
||||
// );
|
||||
// if (modError) {
|
||||
// console.log(modError);
|
||||
// return;
|
||||
// }
|
||||
|
||||
// if (mod.length === 0) {
|
||||
// return c.json({ error: "You have entered an invalid module name" }, 403);
|
||||
// }
|
||||
|
||||
// // check if the user has the role needed to get into this module
|
||||
// const { data: userRole, error: userRoleError } = await tryCatch(
|
||||
// db
|
||||
// .select()
|
||||
// .from(userRoles)
|
||||
// .where(
|
||||
// and(
|
||||
// eq(userRoles.module_id, mod[0].module_id),
|
||||
// eq(userRoles.user_id, customToken.user?.user_id!),
|
||||
// ),
|
||||
// ),
|
||||
// );
|
||||
|
||||
// if (userRoleError) {
|
||||
// return;
|
||||
// }
|
||||
|
||||
// if (!userRole) {
|
||||
// return c.json(
|
||||
// {
|
||||
// error:
|
||||
// "The module you are trying to access is not active or is invalid.",
|
||||
// },
|
||||
// 403,
|
||||
// );
|
||||
// }
|
||||
|
||||
// if (!requiredRole.includes(userRole[0]?.role)) {
|
||||
// return c.json(
|
||||
// { error: "You do not have access to this part of the app." },
|
||||
// 403,
|
||||
// );
|
||||
// }
|
||||
|
||||
// await next();
|
||||
// });
|
||||
|
||||
interface UserRole {
|
||||
userRoleId: string;
|
||||
userId: string;
|
||||
module: string;
|
||||
role: string;
|
||||
}
|
||||
|
||||
const hasCorrectRole = (requiredRole: string[], module: string) =>
|
||||
createMiddleware(async (c, next) => {
|
||||
/**
|
||||
* We want to check to make sure you have the correct role to be here
|
||||
*/
|
||||
const authHeader = c.req.header("Authorization");
|
||||
createMiddleware(async (c, next) => {
|
||||
const cookieHeader = c.req.header("Cookie");
|
||||
if (!cookieHeader) return c.json({ error: "Unauthorized" }, 401);
|
||||
|
||||
if (!authHeader || !authHeader.startsWith("Bearer ")) {
|
||||
return c.json({ error: "Unauthorized" }, 401);
|
||||
}
|
||||
const res = await axios.get(`${process.env.LST_BASE_URL}/api/user/roles`, {
|
||||
headers: { Cookie: cookieHeader },
|
||||
});
|
||||
|
||||
const token = authHeader.split(" ")[1];
|
||||
const currentRoles: UserRole[] = res.data.data;
|
||||
const canAccess = currentRoles.some(
|
||||
(r) => r.module === module && requiredRole.includes(r.role),
|
||||
);
|
||||
if (!canAccess) {
|
||||
return c.json(
|
||||
{
|
||||
error: "Unauthorized",
|
||||
message: `You do not have access to ${module}`,
|
||||
},
|
||||
400,
|
||||
);
|
||||
}
|
||||
|
||||
// deal with token data
|
||||
const { data: tokenData, error: tokenError } = await tryCatch(
|
||||
verify(token, process.env.JWT_SECRET!)
|
||||
);
|
||||
|
||||
if (tokenError) {
|
||||
return c.json({ error: "Invalid token" }, 401);
|
||||
}
|
||||
|
||||
const customToken = tokenData as CustomJwtPayload;
|
||||
|
||||
// Get the module
|
||||
const { data: mod, error: modError } = await tryCatch(
|
||||
db.select().from(modules).where(eq(modules.name, module))
|
||||
);
|
||||
if (modError) {
|
||||
console.log(modError);
|
||||
return;
|
||||
}
|
||||
|
||||
if (mod.length === 0) {
|
||||
return c.json({ error: "You have entered an invalid module name" }, 403);
|
||||
}
|
||||
|
||||
// check if the user has the role needed to get into this module
|
||||
const { data: userRole, error: userRoleError } = await tryCatch(
|
||||
db
|
||||
.select()
|
||||
.from(userRoles)
|
||||
.where(
|
||||
and(
|
||||
eq(userRoles.module_id, mod[0].module_id),
|
||||
eq(userRoles.user_id, customToken.user?.user_id!)
|
||||
)
|
||||
)
|
||||
);
|
||||
|
||||
if (userRoleError) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!userRole) {
|
||||
return c.json(
|
||||
{
|
||||
error:
|
||||
"The module you are trying to access is not active or is invalid.",
|
||||
},
|
||||
403
|
||||
);
|
||||
}
|
||||
|
||||
if (!requiredRole.includes(userRole[0]?.role)) {
|
||||
return c.json(
|
||||
{ error: "You do not have access to this part of the app." },
|
||||
403
|
||||
);
|
||||
}
|
||||
|
||||
await next();
|
||||
});
|
||||
return next();
|
||||
});
|
||||
|
||||
export default hasCorrectRole;
|
||||
|
||||
Reference in New Issue
Block a user