pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-02-18 19:06:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

rename super user to admin and middleware refactoring

Browse Source
This commit is contained in:
Milo Schwartz
2024-11-05 22:38:57 -05:00
parent 7b755a273c
commit 03051878ef
26 changed files with 790 additions and 529 deletions
Download Patch File Download Diff File Expand all files Collapse all files

113
server/routers/auth/verifyTargetAccess.ts
View File

@@ -1,23 +1,33 @@
import { Request, Response, NextFunction } from 'express';
import { db } from '@server/db';
import { resources, targets, userOrgs } from '@server/db/schema';
import { and, eq } from 'drizzle-orm';
import createHttpError from 'http-errors';
import HttpCode from '@server/types/HttpCode';
import { Request, Response, NextFunction } from "express";
import { db } from "@server/db";
import { resources, targets, userOrgs } from "@server/db/schema";
import { and, eq } from "drizzle-orm";
import createHttpError from "http-errors";
import HttpCode from "@server/types/HttpCode";
export async function verifyTargetAccess(req: Request, res: Response, next: NextFunction) {
const userId = req.user!.userId; // Assuming you have user information in the request
export async function verifyTargetAccess(
req: Request,
res: Response,
next: NextFunction
) {
const userId = req.user!.userId;
const targetId = parseInt(req.params.targetId);
let userOrg = req.userOrg;
if (!userId) {
return next(createHttpError(HttpCode.UNAUTHORIZED, 'User not authenticated'));
return next(
createHttpError(HttpCode.UNAUTHORIZED, "User not authenticated")
);
}
if (isNaN(targetId)) {
return next(createHttpError(HttpCode.BAD_REQUEST, 'Invalid organization ID'));
return next(
createHttpError(HttpCode.BAD_REQUEST, "Invalid organization ID")
);
}
const target = await db.select()
const target = await db
.select()
.from(targets)
.where(eq(targets.targetId, targetId))
.limit(1);
@@ -42,43 +52,62 @@ export async function verifyTargetAccess(req: Request, res: Response, next: Next
);
}
const resource = await db.select()
.from(resources)
.where(eq(resources.resourceId, resourceId!))
.limit(1);
try {
const resource = await db
.select()
.from(resources)
.where(eq(resources.resourceId, resourceId!))
.limit(1);
if (resource.length === 0) {
return next(
createHttpError(
HttpCode.NOT_FOUND,
`resource with ID ${resourceId} not found`
)
);
}
if (resource.length === 0) {
return next(
createHttpError(
HttpCode.NOT_FOUND,
`Resource with ID ${resourceId} not found`
)
);
}
if (!resource[0].orgId) {
if (!resource[0].orgId) {
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
`resource with ID ${resourceId} does not have an organization ID`
)
);
}
if (!userOrg) {
const res = await db
.select()
.from(userOrgs)
.where(
and(
eq(userOrgs.userId, userId),
eq(userOrgs.orgId, resource[0].orgId)
)
);
userOrg = res[0];
}
if (!userOrg) {
next(
createHttpError(
HttpCode.FORBIDDEN,
"User does not have access to this organization"
)
);
} else {
req.userOrgRoleId = userOrg.roleId;
req.userOrgId = resource[0].orgId!;
next();
}
} catch (e) {
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
`resource with ID ${resourceId} does not have an organization ID`
"Error verifying organization access"
)
);
}
db.select()
.from(userOrgs)
.where(and(eq(userOrgs.userId, userId), eq(userOrgs.orgId, resource[0].orgId)))
.then((result) => {
if (result.length === 0) {
next(createHttpError(HttpCode.FORBIDDEN, 'User does not have access to this organization'));
} else {
// User has access, attach the user's role to the request for potential future use
req.userOrgRoleId = result[0].roleId;
req.userOrgId = resource[0].orgId!;
next();
}
})
.catch((error) => {
next(createHttpError(HttpCode.INTERNAL_SERVER_ERROR, 'Error verifying organization access'));
});
}