groot/automatisch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: incorporate NotAuthorized error in error handler

Browse Source
This commit is contained in:
Ali BARIN
2024-08-29 14:19:17 +00:00
parent 01340f4597
commit 7a54ff212e
4 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
packages/backend/src/errors/not-authorized.js Normal file
View File

@@ -0,0 +1,3 @@
import BaseError from './base.js';
export default class NotAuthorized extends BaseError {}

8
packages/backend/src/helpers/authorization.js
View File

@@ -1,3 +1,5 @@
import NotAuthorizedError from '../errors/not-authorized.js';
const authorizationList = { const authorizationList = {
'GET /api/v1/users/:userId': { 'GET /api/v1/users/:userId': {
action: 'read', action: 'read',
@@ -86,12 +88,8 @@ export const authorizeUser = async (request, response, next) => {
request.method + ' ' + request.baseUrl + request.route.path; request.method + ' ' + request.baseUrl + request.route.path;
const currentRouteRule = authorizationList[currentRoute]; const currentRouteRule = authorizationList[currentRoute];
try {
request.currentUser.can(currentRouteRule.action, currentRouteRule.subject); request.currentUser.can(currentRouteRule.action, currentRouteRule.subject);
next(); next();
} catch (error) {
return response.status(403).end();
}
}; };
export const authorizeAdmin = async (request, response, next) => { export const authorizeAdmin = async (request, response, next) => {
@@ -100,6 +98,6 @@ export const authorizeAdmin = async (request, response, next) => {
if (role?.isAdmin) { if (role?.isAdmin) {
next(); next();
} else { } else {
return response.status(403).end(); throw new NotAuthorizedError();
} }
}; };

5
packages/backend/src/helpers/error-handler.js
View File

@@ -3,6 +3,7 @@ import objection from 'objection';
import * as Sentry from './sentry.ee.js'; import * as Sentry from './sentry.ee.js';
const { NotFoundError, DataError, ValidationError, UniqueViolationError } = const { NotFoundError, DataError, ValidationError, UniqueViolationError } =
objection; objection;
import NotAuthorizedError from '../errors/not-authorized.js';
import HttpError from '../errors/http.js'; import HttpError from '../errors/http.js';
import { import {
renderObjectionError, renderObjectionError,
@@ -43,6 +44,10 @@ const errorHandler = (error, request, response, next) => {
response.status(200).json(httpErrorPayload); response.status(200).json(httpErrorPayload);
} }
if (error instanceof NotAuthorizedError) {
response.status(403).end();
}
const statusCode = error.statusCode || 500; const statusCode = error.statusCode || 500;
logger.error(request.method + ' ' + request.url + ' ' + statusCode); logger.error(request.method + ' ' + request.url + ' ' + statusCode);

5
packages/backend/src/models/user.js
View File

@@ -20,6 +20,7 @@ import Step from './step.js';
import Subscription from './subscription.ee.js'; import Subscription from './subscription.ee.js';
import UsageData from './usage-data.ee.js'; import UsageData from './usage-data.ee.js';
import Billing from '../helpers/billing/index.ee.js'; import Billing from '../helpers/billing/index.ee.js';
import NotAuthorizedError from '../errors/not-authorized.js';
import deleteUserQueue from '../queues/delete-user.ee.js'; import deleteUserQueue from '../queues/delete-user.ee.js';
import emailQueue from '../queues/email.js'; import emailQueue from '../queues/email.js';
@@ -533,7 +534,7 @@ class User extends Base {
can(action, subject) { can(action, subject) {
const can = this.ability.can(action, subject); const can = this.ability.can(action, subject);
if (!can) throw new Error('Not authorized!'); if (!can) throw new NotAuthorizedError();
const relevantRule = this.ability.relevantRuleFor(action, subject); const relevantRule = this.ability.relevantRuleFor(action, subject);
@@ -548,7 +549,7 @@ class User extends Base {
cannot(action, subject) { cannot(action, subject) {
const cannot = this.ability.cannot(action, subject); const cannot = this.ability.cannot(action, subject);
if (cannot) throw new Error('Not authorized!'); if (cannot) throw new NotAuthorizedError();
return cannot; return cannot;
} }