sasjs/server
1
0
Fork 0
mirror of https://github.com/sasjs/server.git synced 2026-01-03 21:10:05 +00:00
Code Issues Projects Releases Wiki Activity

fix: add permission authorization middleware to only specific routes

Browse Source
This commit is contained in:
Sabir Hassan
2022-07-01 16:50:24 +05:00
parent 7d916ec3e9
commit f3dfc7083f
9 changed files with 106 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
api/src/middlewares/authenticateToken.ts
View File

@@ -3,7 +3,6 @@ import jwt from 'jsonwebtoken'
import { csrfProtection } from '../app'
import { fetchLatestAutoExec, ModeType, verifyTokenInDB } from '../utils'
import { desktopUser } from './desktop'
import { authorize } from './authorize'
export const authenticateAccessToken: RequestHandler = async (
req,
@@ -25,7 +24,7 @@ export const authenticateAccessToken: RequestHandler = async (
if (user) {
if (user.isActive) {
req.user = user
return csrfProtection(req, res, () => authorize(req, res, next))
return csrfProtection(req, res, next)
} else return res.sendStatus(401)
}
}
@@ -35,7 +34,7 @@ export const authenticateAccessToken: RequestHandler = async (
authenticateToken(
req,
res,
() => authorize(req, res, next),
next,
process.env.ACCESS_TOKEN_SECRET as string,
'accessToken'
)