-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathmiddleware.js
93 lines (83 loc) · 3.08 KB
/
middleware.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
const Board = require('./models/board')
const Workspace = require('./models/workspace')
const { verify } = require('jsonwebtoken')
const AppError = require('./HttpError')
const User = require('./models/user')
const Task = require('./models/task')
const PermissionError = require('./PermissionError')
const wrapAsync = func => {
return async (req, res, next) => {
try {
await func(req, res, next)
} catch (e) {
next(e)
}
}
}
const hasPerms = (workspace, user, permission) => {
const member = workspace.members.find(
x => x.user.toString() === user._id.toString()
)
if (member.isOwner) return true
return member.role.permissions.includes(permission)
}
module.exports.hasPermission = permission => {
return wrapAsync(async (req, res, next) => {
const { boardId, workspaceId, taskId } = req.params
if (boardId) {
const board = await Board.findById(boardId).populate({
path: 'workspace',
populate: ['roles', 'members.role']
})
if (hasPerms(board.workspace, req.user, permission)) return next()
} else if (workspaceId) {
const workspace = await Workspace.findById(workspaceId).populate([
'roles',
'members.role'
])
if (hasPerms(workspace, req.user, permission)) return next()
} else if (taskId) {
const task = await Task.findById(taskId).populate({
path: 'workspace',
populate: ['roles', 'members.role']
})
if (hasPerms(task.workspace, req.user, permission)) return next()
}
throw new PermissionError(permission)
})
}
module.exports.isLoggedIn = wrapAsync(async (req, res, next) => {
const authorization = req.headers['authorization']
if (!authorization) throw new AppError('Invalid access token', 403)
try {
const token = authorization.split(' ')[1]
const payload = verify(token, process.env.ACCESS_TOKEN_SECRET)
const user = await User.findById(payload.user._id)
req['user'] = {
username: user.username,
workspaces: user.workspaces,
_id: user._id,
assignedTasks: user.assignedTasks,
newNotifications: user.newNotifications
}
} catch (err) {
throw new AppError('Invalid access token', 403)
}
next()
})
module.exports.isSudoMode = wrapAsync(async (req, res, next) => {
const authorization = req.headers['authorization']
if (!authorization) throw new AppError('Invalid access token', 403)
try {
const token = authorization.split(' ')[1]
const payload = verify(token, process.env.ACCESS_TOKEN_SECRET)
const hasSudoMode = payload.user.sudoMode
if (!hasSudoMode)
throw new AppError('sudo mode required', 403, { silentError: true })
} catch (err) {
throw new AppError('sudo mode required', 403, { silentError: true })
}
next()
})
module.exports.hasPerms = hasPerms
module.exports.wrapAsync = wrapAsync