feat: added authorization for one api

2021-12-24 00:58:02 +05:30
parent 26c4c54114
commit 878ec6d0e0
6 changed files with 86 additions and 27 deletions
--- a/src/config/auth.js
+++ b/src/config/auth.js
@@ -0,0 +1,53 @@
+const jwt = require("jsonwebtoken");
+const { JWT_SECRET } = require("./env");
+const User = require("../models/User");
+const constants = require("./constants");
+
+const authenticate = async (token) => {
+  const decodedToken = jwt.verify(token, JWT_SECRET);
+  if (decodedToken) {
+    return await User.findById(decodedToken.id)
+      .populate({ path: "roles", populate: "permissions" })
+      .populate("permissions");
+  }
+};
+
+const authorize = async (
+  user,
+  requiredRoles = [],
+  requiredPermissions = []
+) => {
+  const userRoles = user.roles.map((_) => _._id);
+  const userPermissions = [
+    ...user.permissions.map((_) => _._id),
+    ...userRoles.map((_) => _.permissions).flat(),
+  ];
+
+  return (
+    user != undefined &&
+    requiredRoles.every((_) => userRoles.includes(_)) &&
+    requiredPermissions.every((_) => userPermissions.includes(_))
+  );
+};
+
+module.exports = {
+  AuthenticateMiddleware: async (req, res, next) => {
+    try {
+      const token = req.headers.authorization || "";
+      if (token) {
+        const user = authenticate(token);
+        res.locals.user = user;
+        next();
+      }
+    } catch (error) {
+      res
+        .status(401)
+        .send({
+          success: false,
+          error: constants.AUTHENTICATION_FAILURE_ERROR_MESSAGE,
+        });
+    }
+  },
+
+  AuthorizeUser: authorize,
+};
--- a/src/config/authenticator.js
+++ b/src/config/authenticator.js
@@ -1,25 +0,0 @@
-const jwt = require("jsonwebtoken");
-const { JWT_SECRET } = require("./env");
-const User = require("./../models/User");
-
-const authenticate = async (token) => {
-  const decodedToken = jwt.verify(token, JWT_SECRET);
-  if (decodedToken) {
-    return await User.findById(decodedToken.id);
-  }
-};
-
-module.exports = {
-  AuthenticateMiddleware: async (req, res, next) => {
-    try {
-      const token = req.headers.authorization || "";
-      if (token) {
-        const user = authenticate(token);
-        res.locals.user = user;
-        next();
-      }
-    } catch (error) {
-      res.status(401).send({ success: false, error: "Authentication Failed!" });
-    }
-  },
-};
--- a/src/config/constants.js
+++ b/src/config/constants.js
@@ -40,10 +40,22 @@ const CustomAttributeTypes = [
  "Enumerable",
 ];

+const AUTHENTICATION_FAILURE_ERROR_MESSAGE =
+  "Authentication Failed!";
+const AUTHORIZATION_FAILURE_ERROR_MESSAGE =
+  "User not permitted due to lack of access!";
+
 module.exports = {
  UserActions,
  InventoryScopes,
  WarehouseScopes,
  InventoryTypes,
  CustomAttributeTypes,
+  SUPER_ADMIN_ROLE: "super-admin",
+  COMPANY_ADMIN_ROLE: "company-admin",
+  WAREHOUSE_ADMIN_ROLE: "warehouse-admin",
+  ZONE_ADMIN_ROLE: "zone-admin",
+  AREA_ADMIN_ROLE: "area-admin",
+  AUTHENTICATION_FAILURE_ERROR_MESSAGE,
+  AUTHORIZATION_FAILURE_ERROR_MESSAGE,
 };
--- a/src/controller/index.js
+++ b/src/controller/index.js
@@ -2,7 +2,7 @@ const router = require("express").Router();
 const userRouter = require("./user.router");
 const userRoleRouter = require("./userRole.router");
 const userPermissionRouter = require("./userPermission.router");
-const { AuthenticateMiddleware } = require("../config/authenticator");
+const { AuthenticateMiddleware } = require("../config/auth");

 router.use("/user", userRouter);
 router.use("/user-role", AuthenticateMiddleware, userRoleRouter);
--- a/src/controller/user.router.js
+++ b/src/controller/user.router.js
@@ -1,17 +1,20 @@
 const router = require("express").Router();
 const controller = require("./user.controller");
-const { AuthenticateMiddleware } = require("../config/authenticator");
+const { AuthenticateMiddleware } = require("../config/auth");
+const { SuperAdminCheck } = require("./utils/authorize");

 router.post("/register", controller.registerUser);
 router.post("/login", controller.loginUser);
 router.post(
  "/:id/addAccess",
  AuthenticateMiddleware,
+  SuperAdminCheck,
  controller.addUserAccessControl
 );
 router.post(
  "/:id/removeAccess",
  AuthenticateMiddleware,
+  SuperAdminCheck,
  controller.removeUserAccessControl
 );

--- a/src/controller/utils/authorize.js
+++ b/src/controller/utils/authorize.js
@@ -0,0 +1,16 @@
+const UserRole = require("../../models/UserRole");
+const { AuthorizeUser } = require("../../config/auth");
+const { SUPER_ADMIN_ROLE, AUTHORIZATION_FAILURE_ERROR_MESSAGE } = require("../../config/constants");
+
+module.exports = {
+  SuperAdminCheck: async (req, res, next) => {
+    const SuperAdmin = await UserRole.findOne({ name: SUPER_ADMIN_ROLE });
+    if (AuthorizeUser(req.locals.user, [SuperAdmin.id])) {
+      next();
+    } else {
+      res
+        .status(403)
+        .send({ success: false, error: AUTHORIZATION_FAILURE_ERROR_MESSAGE });
+    }
+  },
+};