From ae34aa52f080454c14116899a2210905456d495a Mon Sep 17 00:00:00 2001 From: Saad Jutt Date: Fri, 5 Nov 2021 03:54:07 +0500 Subject: [PATCH] chore: swagger authentication added --- src/controllers/user.ts | 6 ++++-- src/middlewares/verifyAdminIfNeeded.ts | 4 ++-- tsoa.json | 7 +++++++ 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/src/controllers/user.ts b/src/controllers/user.ts index 4a2f790..379697c 100644 --- a/src/controllers/user.ts +++ b/src/controllers/user.ts @@ -8,7 +8,8 @@ import { Patch, Delete, Body, - Hidden + Hidden, + Security } from 'tsoa' import bcrypt from 'bcryptjs' @@ -28,7 +29,8 @@ interface userDetailsResponse { isAdmin: boolean } -@Route('user') +@Security('bearerAuth') +@Route('SASjsApi/user') export default class UserController { /** * Get list of all users (username, displayname). All users can request this. diff --git a/src/middlewares/verifyAdminIfNeeded.ts b/src/middlewares/verifyAdminIfNeeded.ts index 5f65201..d657e50 100644 --- a/src/middlewares/verifyAdminIfNeeded.ts +++ b/src/middlewares/verifyAdminIfNeeded.ts @@ -1,8 +1,8 @@ export const verifyAdminIfNeeded = (req: any, res: any, next: any) => { const { user } = req - const { userId } = req.params + const userId = parseInt(req.params.userId) - if (!user.isAdmin && user.id !== userId) { + if (!user.isAdmin && user.userId !== userId) { return res.status(401).send('Admin account required') } next() diff --git a/tsoa.json b/tsoa.json index b517ee9..224e1b0 100644 --- a/tsoa.json +++ b/tsoa.json @@ -3,6 +3,13 @@ "noImplicitAdditionalProperties": "throw-on-extras", "spec": { "outputDirectory": "public", + "securityDefinitions": { + "bearerAuth": { + "type": "http", + "scheme": "bearer", + "bearerFormat": "JWT" + } + }, "specVersion": 3 } }