defined protect function for access control on front end
This commit is contained in:
Mikayla Dobson
@@ -1,17 +1,9 @@
|
||||
import { NextFunction, Request, Response } from "express"
|
||||
|
||||
export function restrictAccess(req: Request, res: Response, next: NextFunction) {
|
||||
if (!req.isAuthenticated()) {
|
||||
res.status(403).send({ message: "Access forbidden" });
|
||||
} else {
|
||||
next();
|
||||
}
|
||||
}
|
||||
|
||||
export function checkAccess(req: Request, res: Response, next: NextFunction) {
|
||||
if (req.isAuthenticated()) {
|
||||
next();
|
||||
} else {
|
||||
res.status(403).send({ message: "Access forbidden" });
|
||||
res.send({ ok: false, user: undefined })
|
||||
}
|
||||
}
|
||||
@@ -4,7 +4,7 @@ import { IUser, IUserAuth } from "../schemas";
|
||||
import AuthService from "../auth";
|
||||
import { UserCtl } from "../controllers";
|
||||
import now from "../util/now";
|
||||
import { checkAccess, restrictAccess } from "../auth/middlewares";
|
||||
import { restrictAccess } from "../auth/middlewares";
|
||||
import { Session } from "express-session";
|
||||
const AuthInstance = new AuthService();
|
||||
const UserControl = new UserCtl();
|
||||
@@ -14,20 +14,17 @@ const router = Router();
|
||||
export const authRoute = (app: Express, passport: PassportStatic) => {
|
||||
app.use('/auth', router);
|
||||
|
||||
router.get('/', checkAccess, (req, res, next) => {
|
||||
if (req.isAuthenticated()) {
|
||||
// @ts-ignore: does not recognize structure of req.user
|
||||
const user = req.user?.user;
|
||||
const userData: IUser = {
|
||||
firstname: user.firstname,
|
||||
lastname: user.lastname,
|
||||
handle: user.handle,
|
||||
email: user.email
|
||||
}
|
||||
res.send({ user: userData });
|
||||
} else {
|
||||
res.status(403).send({ message: "Access forbidden" });
|
||||
router.get('/', restrictAccess, (req, res, next) => {
|
||||
// @ts-ignore: does not recognize structure of req.user
|
||||
const user = req.user?.user;
|
||||
const userData: IUser = {
|
||||
id: user.id,
|
||||
firstname: user.firstname,
|
||||
lastname: user.lastname,
|
||||
handle: user.handle,
|
||||
email: user.email
|
||||
}
|
||||
res.send({ user: userData });
|
||||
})
|
||||
|
||||
router.get('/protected', restrictAccess, (req, res, next) => {
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
interface HasHistory {
|
||||
interface HasHistory extends DBEntity {
|
||||
datecreated?: string
|
||||
datemodified?: string
|
||||
}
|
||||
|
||||
interface CanDeactivate {
|
||||
interface CanDeactivate extends DBEntity {
|
||||
active?: boolean
|
||||
}
|
||||
|
||||
@@ -11,7 +11,7 @@ interface DBEntity {
|
||||
id?: number
|
||||
}
|
||||
|
||||
export interface IUser extends DBEntity, HasHistory, CanDeactivate {
|
||||
export interface IUser extends HasHistory, CanDeactivate {
|
||||
firstname: string
|
||||
lastname: string
|
||||
handle: string
|
||||
@@ -24,25 +24,25 @@ export interface IUserAuth {
|
||||
password: string
|
||||
}
|
||||
|
||||
export interface IRecipe extends DBEntity, HasHistory, CanDeactivate {
|
||||
export interface IRecipe extends HasHistory, CanDeactivate {
|
||||
name: string
|
||||
description?: string
|
||||
preptime: string
|
||||
authoruserid?: IUser["id"]
|
||||
}
|
||||
|
||||
export interface IIngredient extends DBEntity, HasHistory {
|
||||
export interface IIngredient extends HasHistory {
|
||||
name: string
|
||||
description?: string
|
||||
}
|
||||
|
||||
export interface ICollection extends DBEntity, HasHistory, CanDeactivate {
|
||||
export interface ICollection extends HasHistory, CanDeactivate {
|
||||
name: string
|
||||
ismaincollection: boolean
|
||||
ownerid?: IUser["id"]
|
||||
}
|
||||
|
||||
export interface IGroceryList extends DBEntity, HasHistory, CanDeactivate {
|
||||
export interface IGroceryList extends HasHistory, CanDeactivate {
|
||||
name: string
|
||||
ownerid?: IUser["id"]
|
||||
}
|
||||
Reference in New Issue
Block a user