access token endpoints and other backend support

2026-02-20 11:56:38 +00:00 · 2024-12-18 23:14:26 -05:00
parent 283fb3990c
commit 72dc02ff2e
22 changed files with 905 additions and 107 deletions
--- a/server/middlewares/verifyTargetAccess.ts
+++ b/server/middlewares/verifyTargetAccess.ts
@@ -4,6 +4,7 @@ import { resources, targets, userOrgs } from "@server/db/schema";
 import { and, eq } from "drizzle-orm";
 import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
+import { canUserAccessResource } from "./helpers/canUserAccessResource";

 export async function verifyTargetAccess(
    req: Request,
@@ -99,8 +100,24 @@ export async function verifyTargetAccess(
        } else {
            req.userOrgRoleId = req.userOrg.roleId;
            req.userOrgId = resource[0].orgId!;
-            next();
        }
+
+        const resourceAllowed = await canUserAccessResource({
+            userId,
+            resourceId,
+            roleId: req.userOrgRoleId!
+        });
+
+        if (!resourceAllowed) {
+            return next(
+                createHttpError(
+                    HttpCode.FORBIDDEN,
+                    "User does not have access to this resource"
+                )
+            );
+        }
+
+        next();
    } catch (e) {
        return next(
            createHttpError(