sasjs/server
1
0
Fork 0
mirror of https://github.com/sasjs/server.git synced 2025-12-11 03:34:35 +00:00
Code Issues Projects Releases Wiki Activity

feat: Add /SASjsApi endpoint in permissions

Browse Source
This commit is contained in:
Sabir Hassan
2023-02-06 15:29:24 +05:00
parent abe942e697
commit b3402ea80a
2 changed files with 44 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
api/src/middlewares/authorize.ts
View File

@@ -5,7 +5,7 @@ import {
PermissionSettingForRoute, PermissionSettingForRoute,
PermissionType PermissionType
} from '../controllers/permission' } from '../controllers/permission'
import { getPath, isPublicRoute } from '../utils' import { getPath, isPublicRoute, TopLevelRoutes } from '../utils'
export const authorize: RequestHandler = async (req, res, next) => { export const authorize: RequestHandler = async (req, res, next) => {
const { user } = req const { user } = req
@@ -22,6 +22,9 @@ export const authorize: RequestHandler = async (req, res, next) => {
if (!dbUser) return res.sendStatus(401) if (!dbUser) return res.sendStatus(401)
const path = getPath(req) const path = getPath(req)
const { baseUrl } = req
const topLevelRoute =
TopLevelRoutes.find((route) => baseUrl.startsWith(route)) || baseUrl
// find permission w.r.t user // find permission w.r.t user
const permission = await Permission.findOne({ const permission = await Permission.findOne({
@@ -35,6 +38,21 @@ export const authorize: RequestHandler = async (req, res, next) => {
else return res.sendStatus(401) else return res.sendStatus(401)
} }
// find permission w.r.t user on top level
const topLevelPermission = await Permission.findOne({
path: topLevelRoute,
type: PermissionType.route,
user: dbUser._id
})
if (topLevelPermission) {
if (topLevelPermission.setting === PermissionSettingForRoute.grant)
return next()
else return res.sendStatus(401)
}
let isPermissionDenied = false
// find permission w.r.t user's groups // find permission w.r.t user's groups
for (const group of dbUser.groups) { for (const group of dbUser.groups) {
const groupPermission = await Permission.findOne({ const groupPermission = await Permission.findOne({
@@ -42,8 +60,28 @@ export const authorize: RequestHandler = async (req, res, next) => {
type: PermissionType.route, type: PermissionType.route,
group group
}) })
if (groupPermission?.setting === PermissionSettingForRoute.grant)
return next() if (groupPermission) {
if (groupPermission.setting === PermissionSettingForRoute.grant) {
return next()
} else {
isPermissionDenied = true
}
}
} }
if (!isPermissionDenied) {
// find permission w.r.t user's groups on top level
for (const group of dbUser.groups) {
const groupPermission = await Permission.findOne({
path: topLevelRoute,
type: PermissionType.route,
group
})
if (groupPermission?.setting === PermissionSettingForRoute.grant)
return next()
}
}
return res.sendStatus(401) return res.sendStatus(401)
} }

5
api/src/utils/getAuthorizedRoutes.ts
View File

@@ -1,7 +1,8 @@
import { Request } from 'express' import { Request } from 'express'
export const TopLevelRoutes = ['/AppStream', '/SASjsApi']
const StaticAuthorizedRoutes = [ const StaticAuthorizedRoutes = [
'/AppStream',
'/SASjsApi/code/execute', '/SASjsApi/code/execute',
'/SASjsApi/stp/execute', '/SASjsApi/stp/execute',
'/SASjsApi/drive/deploy', '/SASjsApi/drive/deploy',
@@ -15,7 +16,7 @@ const StaticAuthorizedRoutes = [
export const getAuthorizedRoutes = () => { export const getAuthorizedRoutes = () => {
const streamingApps = Object.keys(process.appStreamConfig) const streamingApps = Object.keys(process.appStreamConfig)
const streamingAppsRoutes = streamingApps.map((app) => `/AppStream/${app}`) const streamingAppsRoutes = streamingApps.map((app) => `/AppStream/${app}`)
return [...StaticAuthorizedRoutes, ...streamingAppsRoutes] return [...TopLevelRoutes, ...StaticAuthorizedRoutes, ...streamingAppsRoutes]
} }
export const getPath = (req: Request) => { export const getPath = (req: Request) => {