added authorization

2020-04-23 13:59:45 +02:00
parent 90d34f1e1b
commit 1a3fdc567d
21 changed files with 393 additions and 47 deletions
--- a/src/helpers/authorize.ts
+++ b/src/helpers/authorize.ts
@ -0,0 +1,100 @@
+import basicAuth from 'basic-auth';
+import bcrypt from 'bcryptjs';
+import UserModel from '../models/user';
+
+
+// appends req.auth(res, ['levels'], method = 'all')
+// which returns sends error message and returns false if unauthorized, otherwise true
+// req.authDetails returns eg. {methods: ['basic'], username: 'johndoe', level: 'write'}
+
+module.exports = async (req, res, next) => {
+  let givenMethod = '';  // authorization method given by client, basic taken preferred
+  let user = {name: '', level: ''};               // user object
+
+  // test authentications
+  const userBasic = await basic(req, next);
+
+  if (userBasic) {  // basic available
+    givenMethod = 'basic';
+    user = userBasic;
+  }
+  else {  // if basic not available, test key
+    const userKey = await key(req, next);
+    if (userKey) {
+      givenMethod = 'key';
+      user = userKey;
+    }
+  }
+
+  req.auth = (res, levels, method = 'all') => {
+    if (givenMethod === method || (method === 'all' && givenMethod !== '')) {  // method is available
+      if (levels.indexOf(user.level) > -1) {  // level is available
+        return true;
+      }
+      else {
+        res.status(403).json({status: 'Forbidden'});
+        return false;
+      }
+    }
+    else {
+      res.status(401).json({status: 'Unauthorized'});
+      return false;
+    }
+  }
+
+  req.authDetails = {
+    method: givenMethod,
+    username: user.name,
+    level: user.level
+  };
+
+  next();
+}
+
+
+function basic (req, next): any {  // checks basic auth and returns changed user object
+  return new Promise(resolve => {
+    const auth = basicAuth(req);
+    if (auth !== undefined) {  // basic auth available
+      UserModel.find({name: auth.name}).lean().exec( 'find', (err, data) => {  // find user
+        if (err) next(err);
+        if (data.length === 1) {  // one user found
+          bcrypt.compare(auth.pass, data[0].pass, (err, res) => {  // check password
+            if (err) next(err);
+            if (res === true) {
+              resolve({level: data[0].level, name: data[0].name});
+            }
+            else {
+              resolve(null);
+            }
+          });
+        }
+        else {
+          resolve(null);
+        }
+      });
+    }
+    else {
+      resolve(null);
+    }
+  });
+}
+
+function key (req, next): any {  // checks API key and returns changed user object
+  return new Promise(resolve => {
+    if (req.query.key !== undefined) {
+      UserModel.find({key: req.query.key}).lean().exec( 'find', (err, data) => {  // find user
+        if (err) next(err);
+        if (data.length === 1) {  // one user found
+          resolve({level: data[0].level, name: data[0].name});
+        }
+        else {
+          resolve(null);
+        }
+      });
+    }
+    else {
+      resolve(null);
+    }
+  });
+}