mirror of
https://github.com/fosrl/pangolin.git
synced 2026-03-02 08:46:38 +00:00
Add user endpoints
This commit is contained in:
Owen Schwartz
@@ -10,6 +10,7 @@ export * from "./verifySiteAccess";
|
||||
export * from "./verifyResourceAccess";
|
||||
export * from "./verifyTargetAccess";
|
||||
export * from "./verifyRoleAccess";
|
||||
export * from "./verifyUserAccess";
|
||||
export * from "./verifySuperuser";
|
||||
export * from "./verifyEmail";
|
||||
export * from "./requestEmailVerificationCode";
|
||||
|
||||
@@ -7,7 +7,7 @@ import HttpCode from '@server/types/HttpCode';
|
||||
|
||||
export async function verifyResourceAccess(req: Request, res: Response, next: NextFunction) {
|
||||
const userId = req.user!.id; // Assuming you have user information in the request
|
||||
const resourceId = req.params.resourceId;
|
||||
const resourceId = req.params.resourceId || req.body.resourceId || req.query.resourceId;
|
||||
|
||||
if (!userId) {
|
||||
return next(createHttpError(HttpCode.UNAUTHORIZED, 'User not authenticated'));
|
||||
|
||||
@@ -7,7 +7,7 @@ import HttpCode from '@server/types/HttpCode';
|
||||
|
||||
export async function verifySiteAccess(req: Request, res: Response, next: NextFunction) {
|
||||
const userId = req.user!.id; // Assuming you have user information in the request
|
||||
const siteId = parseInt(req.params.siteId);
|
||||
const siteId = parseInt(req.params.siteId || req.body.siteId || req.query.siteId);
|
||||
|
||||
if (!userId) {
|
||||
return next(createHttpError(HttpCode.UNAUTHORIZED, 'User not authenticated'));
|
||||
|
||||
37
server/routers/auth/verifyUserAccess.ts
Normal file
37
server/routers/auth/verifyUserAccess.ts
Normal file
@@ -0,0 +1,37 @@
|
||||
import { Request, Response, NextFunction } from 'express';
|
||||
import { db } from '@server/db';
|
||||
import { sites, userOrgs, userSites, roleSites, roles } from '@server/db/schema';
|
||||
import { and, eq, or } from 'drizzle-orm';
|
||||
import createHttpError from 'http-errors';
|
||||
import HttpCode from '@server/types/HttpCode';
|
||||
|
||||
export async function verifyUserAccess(req: Request, res: Response, next: NextFunction) {
|
||||
const userId = req.user!.id; // Assuming you have user information in the request
|
||||
const reqUserId = req.params.userId || req.body.userId || req.query.userId;
|
||||
|
||||
if (!userId) {
|
||||
return next(createHttpError(HttpCode.UNAUTHORIZED, 'User not authenticated'));
|
||||
}
|
||||
|
||||
if (!reqUserId) {
|
||||
return next(createHttpError(HttpCode.BAD_REQUEST, 'Invalid user ID'));
|
||||
}
|
||||
|
||||
try {
|
||||
|
||||
const userOrg = await db.select()
|
||||
.from(userOrgs)
|
||||
.where(and(eq(userOrgs.userId, userId), eq(userOrgs.orgId, req.userOrgId!)))
|
||||
.limit(1);
|
||||
|
||||
if (userOrg.length === 0) {
|
||||
return next(createHttpError(HttpCode.FORBIDDEN, 'User does not have access to this user'));
|
||||
}
|
||||
|
||||
// If we reach here, the user doesn't have access to the site
|
||||
return next(createHttpError(HttpCode.FORBIDDEN, 'User does not have access to this site'));
|
||||
|
||||
} catch (error) {
|
||||
return next(createHttpError(HttpCode.INTERNAL_SERVER_ERROR, 'Error verifying site access'));
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user