feat: auth check endpoint (#153)

* feat: create getAll permission function * fix: user auth context * feat: add user auth check route and function
Monday-Morning · Oct 20, 2022 · 4b82c75 · 4b82c75
1 parent 6cbbb82
commit 4b82c75
Show file tree

Hide file tree

Showing 3 changed files with 80 additions and 13 deletions.
diff --git a/server/router/index.js b/server/router/index.js
@@ -13,6 +13,8 @@
 const express = require('express');
 const { cache } = require('../utils/userAuth/role');
 const ImageKit = require('imagekit');
+const UserAuth = require('../utils/userAuth');
+const UserPermission = require('../utils/userAuth/permission');
 
 /**
  * @summary Express Router Object
@@ -26,14 +28,53 @@ const router = express.Router();
 /** Updates roles cache */
 router.use('/admin/roles/sync', async (_req, res) => res.send(await cache()));
 
-router.use('/admin/media/auth', (req, res) => {
-  const imagekit = new ImageKit({
-    publicKey: process.env.IMAGEKIT_PUBLIC_KEY,
-    privateKey: process.env.IMAGEKIT_PRIVATE_KEY,
-    urlEndpoint: process.env.IMAGEKIT_URLENDPOINT,
-  });
-  const authenticationParameters = imagekit.getAuthenticationParameters();
-  res.send(authenticationParameters);
+router.use('/admin/media/auth', (_req, res) => {
+  try {
+    const imagekit = new ImageKit({
+      publicKey: process.env.IMAGEKIT_PUBLIC_KEY,
+      privateKey: process.env.IMAGEKIT_PRIVATE_KEY,
+      urlEndpoint: process.env.IMAGEKIT_URLENDPOINT,
+    });
+    const authenticationParameters = imagekit.getAuthenticationParameters();
+    return res.status(200).send(authenticationParameters);
+  } catch (error) {
+    return res.status(500).json({
+      data: 'The imagekit authentication paramters could not be retrived.',
+      code: 500,
+      error,
+    });
+  }
+});
+
+router.use('/auth/check', express.json(), async (req, res) => {
+  try {
+    const { authToken, decodedToken } = await UserAuth.getContext(req);
+    if (!authToken || !decodedToken) {
+      return res.status(401).json({
+        data: 'The user is not authorized to access this resource.',
+        code: 401,
+        error: true,
+      });
+    }
+    if (req.body.permission) {
+      return res.status(200).json({
+        data: await UserPermission.exists(req.session, authToken, decodedToken, req.body.permission),
+        code: 200,
+        error: false,
+      });
+    }
+    return res.status(200).json({
+      data: await UserPermission.getAll(req.session, authToken, decodedToken),
+      code: 200,
+      error: false,
+    });
+  } catch (error) {
+    return res.status(500).json({
+      data: 'The user could not be authenticated.',
+      code: 500,
+      error,
+    });
+  }
 });
 
 /** 404 Not Found - Default Response for Invalid Path */

diff --git a/server/utils/userAuth/index.js b/server/utils/userAuth/index.js
@@ -15,7 +15,7 @@ const UserAuth = {
   authenticate: async (jwt, _auth = admin?.auth()) => {
     try {
       const _decodedToken =
-        process.env.NODE_ENV === 'development' && process.env.TEST_AUTH_KEY === jwt
+        process.env.NODE_ENV === 'development' && process.env.FIREBASE_TEST_AUTH_KEY === jwt
           ? {
               uid: '',
               exp: 4102444800, // Jan 1, 2100 at midnight
@@ -50,16 +50,19 @@ const UserAuth = {
 
       const jwt = decodeURI(req.headers.authorization);
       if (!jwt) {
-        return null;
+        return { authToken: null, decodedToken: null, mid: null };
       }
+
       if (UserSession.valid(req.session, jwt)) {
-        return req.session.auth.decodedToken;
+        return {
+          authToken: req.session.auth.jwt,
+          decodedToken: req.session.auth.decodedToken,
+          mid: req.session.auth.mid,
+        };
       }
 
       const _decodedToken = await UserAuth.authenticate(jwt, _auth);
 
-      // const _decodedToken = await GetUserAuthScope(req.session, );
-
       if (!_decodedToken) {
         return { authToken: req.headers.authorization, decodedToken: null, mid: null };
       }

diff --git a/server/utils/userAuth/permission.js b/server/utils/userAuth/permission.js
@@ -52,6 +52,29 @@ const UserPermission = {
       throw APIError(null, error, { reason: 'The server could not check for a permission.' });
     }
   },
+
+  getAll: (session, authToken, decodedToken) => {
+    try {
+      if (!UserSession.valid(session, authToken)) {
+        return false;
+      }
+      const _roles = UserRole.get();
+      if (
+        !decodedToken ||
+        !decodedToken.roles ||
+        !(decodedToken.roles instanceof Array) ||
+        decodedToken.roles.length <= 0
+      ) {
+        return false;
+      }
+      const _permissions = decodedToken.roles
+        .map((x) => _roles.find((y) => y.name === x).permissions)
+        .reduce((prev, curr) => [...prev, ...curr]);
+      return _permissions;
+    } catch (error) {
+      throw APIError(null, error, { reason: 'The server could not list all permissions.' });
+    }
+  },
 };
 
 module.exports = UserPermission;