running now
This commit is contained in:
Anika Raemer
parent
85cd083750
commit
c17bb05f0a
25 changed files with 156 additions and 114 deletions
|
|
@ -1,8 +1,17 @@
|
|||
import { NextFunction, Request, Response } from "express";
|
||||
import * as jwt from "jsonwebtoken";
|
||||
import * as dotenv from "dotenv";
|
||||
|
||||
dotenv.config();
|
||||
|
||||
declare global {
|
||||
namespace Express {
|
||||
interface Request {
|
||||
currentUser?: string | jwt.JwtPayload;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
export const authentication = (
|
||||
req: Request,
|
||||
res: Response,
|
||||
|
|
@ -12,14 +21,22 @@ export const authentication = (
|
|||
if (!header) {
|
||||
return res.status(401).json({ message: "Unauthorized" });
|
||||
}
|
||||
|
||||
const token = header.split(" ")[1];
|
||||
if (!token) {
|
||||
return res.status(401).json({ message: "Unauthorized" });
|
||||
}
|
||||
const decode = jwt.verify(token, process.env.JWT_SECRET);
|
||||
if (!decode) {
|
||||
|
||||
const JWT_SECRET = process.env.JWT_SECRET;
|
||||
if (!JWT_SECRET) {
|
||||
throw new Error("JWT_SECRET not defined");
|
||||
}
|
||||
|
||||
try {
|
||||
const decoded = jwt.verify(token, JWT_SECRET);
|
||||
req.currentUser = decoded;
|
||||
next();
|
||||
} catch (err) {
|
||||
return res.status(401).json({ message: "Unauthorized" });
|
||||
}
|
||||
req[" currentUser"] = decode;
|
||||
next();
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,10 +1,16 @@
|
|||
import { NextFunction, Request, Response } from "express";
|
||||
import { AppDataSource } from "../data-source";
|
||||
import { UserEntity } from "../entities/UserEntity";
|
||||
/* import { NextFunction, Request, Response } from "express";
|
||||
import { AppDataSource } from "../data-source.js";
|
||||
import { UserEntity } from "../entities/UserEntity.js";
|
||||
|
||||
// @todo we'll need some other means to determin the user corresponding to the token here as it seems...
|
||||
export const authorization = (roles: string[]) => {
|
||||
return async (req: Request, res: Response, next: NextFunction) => {
|
||||
const userRepo = AppDataSource.getRepository(UserEntity);
|
||||
const currentUser = req.currentUser;
|
||||
if(!currentUser){
|
||||
return res.status(403).json({ message: "Forbidden - currentUser is missing" });
|
||||
}
|
||||
const userId = currentUser.id
|
||||
const user = await userRepo.findOne({
|
||||
where: { id: req[" currentUser"].id },
|
||||
});
|
||||
|
|
@ -13,5 +19,5 @@ export const authorization = (roles: string[]) => {
|
|||
return res.status(403).json({ message: "Forbidden" });
|
||||
}
|
||||
next();
|
||||
};
|
||||
};
|
||||
};
|
||||
};*/
|
||||
Loading…
Add table
Add a link
Reference in a new issue