pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-02-24 22:06:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' of https://github.com/fosrl/pangolin

Browse Source
This commit is contained in:
Milo Schwartz
2024-10-12 23:03:56 -04:00
parent f3eb76fd5e 4facb91d7a
commit 0c705eda70
59 changed files with 2179 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/routers/auth/index.ts
View File

@@ -9,8 +9,12 @@ export * from "./getUserOrgs";
export * from "./verifySiteAccess";
export * from "./verifyResourceAccess";
export * from "./verifyTargetAccess";
export * from "./verifyRoleAccess";
export * from "./verifyUserAccess";
export * from "./verifySuperuser";
export * from "./verifyEmail";
export * from "./requestEmailVerificationCode";
export * from "./changePassword";
export * from "./requestPasswordReset";
export * from "./resetPassword";
export * from "./verifyUserInRole";

2
server/routers/auth/verifyResourceAccess.ts
View File

@@ -7,7 +7,7 @@ import HttpCode from '@server/types/HttpCode';
export async function verifyResourceAccess(req: Request, res: Response, next: NextFunction) {
const userId = req.user!.id; // Assuming you have user information in the request
const resourceId = req.params.resourceId;
const resourceId = req.params.resourceId || req.body.resourceId || req.query.resourceId;
if (!userId) {
return next(createHttpError(HttpCode.UNAUTHORIZED, 'User not authenticated'));

50
server/routers/auth/verifyRoleAccess.ts Normal file
View File

@@ -0,0 +1,50 @@
import { Request, Response, NextFunction } from 'express';
import { db } from '@server/db';
import { roles, userOrgs } from '@server/db/schema';
import { and, eq } from 'drizzle-orm';
import createHttpError from 'http-errors';
import HttpCode from '@server/types/HttpCode';
import logger from '@server/logger';
export async function verifyRoleAccess(req: Request, res: Response, next: NextFunction) {
const userId = req.user?.id; // Assuming you have user information in the request
const roleId = parseInt(req.params.roleId || req.body.roleId || req.query.roleId);
if (!userId) {
return next(createHttpError(HttpCode.UNAUTHORIZED, 'User not authenticated'));
}
if (isNaN(roleId)) {
return next(createHttpError(HttpCode.BAD_REQUEST, 'Invalid role ID'));
}
try {
// Check if the role exists and belongs to the specified organization
const role = await db.select()
.from(roles)
.where(eq(roles.roleId, roleId))
.limit(1);
if (role.length === 0) {
return next(createHttpError(HttpCode.NOT_FOUND, `Role with ID ${roleId} not found`));
}
// Check if the user has a role in the organization
const userOrgRole = await db.select()
.from(userOrgs)
.where(and(eq(userOrgs.userId, userId), eq(userOrgs.orgId, role[0].orgId!)))
.limit(1);
if (userOrgRole.length === 0) {
return next(createHttpError(HttpCode.FORBIDDEN, 'User does not have access to this organization'));
}
req.userOrgRoleId = userOrgRole[0].roleId;
req.userOrgId = userOrgRole[0].orgId;
return next();
} catch (error) {
logger.error('Error verifying role access:', error);
return next(createHttpError(HttpCode.INTERNAL_SERVER_ERROR, 'Error verifying role access'));
}
}

2
server/routers/auth/verifySiteAccess.ts
View File

@@ -7,7 +7,7 @@ import HttpCode from '@server/types/HttpCode';
export async function verifySiteAccess(req: Request, res: Response, next: NextFunction) {
const userId = req.user!.id; // Assuming you have user information in the request
const siteId = parseInt(req.params.siteId);
const siteId = parseInt(req.params.siteId || req.body.siteId || req.query.siteId);
if (!userId) {
return next(createHttpError(HttpCode.UNAUTHORIZED, 'User not authenticated'));

48
server/routers/auth/verifySuperuser.ts Normal file
View File

@@ -0,0 +1,48 @@
import { Request, Response, NextFunction } from 'express';
import { db } from '@server/db';
import { roles, userOrgs } from '@server/db/schema';
import { and, eq } from 'drizzle-orm';
import createHttpError from 'http-errors';
import HttpCode from '@server/types/HttpCode';
import logger from '@server/logger';
export async function verifySuperuser(req: Request, res: Response, next: NextFunction) {
const userId = req.user?.id; // Assuming you have user information in the request
const orgId = req.userOrgId;
if (!userId) {
return next(createHttpError(HttpCode.UNAUTHORIZED, 'User does not have orgId'));
}
if (!userId) {
return next(createHttpError(HttpCode.UNAUTHORIZED, 'User not authenticated'));
}
try {
// Check if the user has a role in the organization
const userOrgRole = await db.select()
.from(userOrgs)
.where(and(eq(userOrgs.userId, userId), eq(userOrgs.orgId, orgId!)))
.limit(1);
if (userOrgRole.length === 0) {
return next(createHttpError(HttpCode.FORBIDDEN, 'User does not have access to this organization'));
}
// get userOrgRole[0].roleId
// Check if the user's role in the organization is a superuser role
const userRole = await db.select()
.from(roles)
.where(eq(roles.roleId, userOrgRole[0].roleId))
.limit(1);
if (userRole.length === 0 || !userRole[0].isSuperuserRole) {
return next(createHttpError(HttpCode.FORBIDDEN, 'User does not have superuser access'));
}
return next();
} catch (error) {
logger.error('Error verifying role access:', error);
return next(createHttpError(HttpCode.INTERNAL_SERVER_ERROR, 'Error verifying role access'));
}
}

37
server/routers/auth/verifyUserAccess.ts Normal file
View File

@@ -0,0 +1,37 @@
import { Request, Response, NextFunction } from 'express';
import { db } from '@server/db';
import { sites, userOrgs, userSites, roleSites, roles } from '@server/db/schema';
import { and, eq, or } from 'drizzle-orm';
import createHttpError from 'http-errors';
import HttpCode from '@server/types/HttpCode';
export async function verifyUserAccess(req: Request, res: Response, next: NextFunction) {
const userId = req.user!.id; // Assuming you have user information in the request
const reqUserId = req.params.userId || req.body.userId || req.query.userId;
if (!userId) {
return next(createHttpError(HttpCode.UNAUTHORIZED, 'User not authenticated'));
}
if (!reqUserId) {
return next(createHttpError(HttpCode.BAD_REQUEST, 'Invalid user ID'));
}
try {
const userOrg = await db.select()
.from(userOrgs)
.where(and(eq(userOrgs.userId, userId), eq(userOrgs.orgId, req.userOrgId!)))
.limit(1);
if (userOrg.length === 0) {
return next(createHttpError(HttpCode.FORBIDDEN, 'User does not have access to this user'));
}
// If we reach here, the user doesn't have access to the site
return next(createHttpError(HttpCode.FORBIDDEN, 'User does not have access to this site'));
} catch (error) {
return next(createHttpError(HttpCode.INTERNAL_SERVER_ERROR, 'Error verifying site access'));
}
}

31
server/routers/auth/verifyUserInRole.ts Normal file
View File

@@ -0,0 +1,31 @@
import { Request, Response, NextFunction } from 'express';
import { db } from '@server/db';
import { roles, userOrgs } from '@server/db/schema';
import { and, eq } from 'drizzle-orm';
import createHttpError from 'http-errors';
import HttpCode from '@server/types/HttpCode';
import logger from '@server/logger';
export async function verifyUserInRole(req: Request, res: Response, next: NextFunction) {
try {
const roleId = parseInt(req.params.roleId || req.body.roleId || req.query.roleId);
const userRoleId = req.userOrgRoleId;
if (isNaN(roleId)) {
return next(createHttpError(HttpCode.BAD_REQUEST, 'Invalid role ID'));
}
if (!userRoleId) {
return next(createHttpError(HttpCode.FORBIDDEN, 'User does not have access to this organization'));
}
if (userRoleId !== roleId) {
return next(createHttpError(HttpCode.FORBIDDEN, 'User does not have access to this role'));
}
return next();
} catch (error) {
logger.error('Error verifying role access:', error);
return next(createHttpError(HttpCode.INTERNAL_SERVER_ERROR, 'Error verifying role access'));
}
}