groot/automatisch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: incorporate NotAuthorized error in error handler

Browse Source
This commit is contained in:
Ali BARIN
2024-08-29 14:19:17 +00:00
parent 01340f4597
commit 7a54ff212e
4 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
packages/backend/src/helpers/authorization.js
View File

@@ -1,3 +1,5 @@
import NotAuthorizedError from '../errors/not-authorized.js';
const authorizationList = {
'GET /api/v1/users/:userId': {
action: 'read',
@@ -86,12 +88,8 @@ export const authorizeUser = async (request, response, next) => {
request.method + ' ' + request.baseUrl + request.route.path;
const currentRouteRule = authorizationList[currentRoute];
try {
request.currentUser.can(currentRouteRule.action, currentRouteRule.subject);
next();
} catch (error) {
return response.status(403).end();
}
request.currentUser.can(currentRouteRule.action, currentRouteRule.subject);
next();
};
export const authorizeAdmin = async (request, response, next) => {
@@ -100,6 +98,6 @@ export const authorizeAdmin = async (request, response, next) => {
if (role?.isAdmin) {
next();
} else {
return response.status(403).end();
throw new NotAuthorizedError();
}
};

5
packages/backend/src/helpers/error-handler.js
View File

@@ -3,6 +3,7 @@ import objection from 'objection';
import * as Sentry from './sentry.ee.js';
const { NotFoundError, DataError, ValidationError, UniqueViolationError } =
objection;
import NotAuthorizedError from '../errors/not-authorized.js';
import HttpError from '../errors/http.js';
import {
renderObjectionError,
@@ -43,6 +44,10 @@ const errorHandler = (error, request, response, next) => {
response.status(200).json(httpErrorPayload);
}
if (error instanceof NotAuthorizedError) {
response.status(403).end();
}
const statusCode = error.statusCode || 500;
logger.error(request.method + ' ' + request.url + ' ' + statusCode);