23 lines
1 KiB
TypeScript
23 lines
1 KiB
TypeScript
|
import { Request, Response, NextFunction, Router, Express } from "express";
|
||
|
|
import userGuard from "./user-guard";
|
||
|
|
import { MetadataRouter } from "@dunemask/vix/express";
|
||
|
|
import { Policy } from "@lib/Policies";
|
||
|
|
import { AuthErrors } from "@lib/vix/ClientErrors";
|
||
|
|
import { UserRequest } from "@lib/types/ApiRequests";
|
||
|
|
|
||
|
|
export default function policyMiddlewareGuard(requiredPolicies: Policy[]) {
|
||
|
|
const middlewares: MetadataRouter = Router({ mergeParams: true });
|
||
|
|
|
||
|
|
async function policyAuthMiddleware(req: Request, res: Response, next: NextFunction) {
|
||
|
|
const { user, policies: userPolicies } = req as UserRequest;
|
||
|
|
if (!user) throw AuthErrors.UnauthorizedRequest;
|
||
|
|
if (!userPolicies) throw AuthErrors.UnauthorizedRequest;
|
||
|
|
if (!Policy.multiAuthorizedTo(userPolicies, requiredPolicies)) throw AuthErrors.ForbiddenPermissions;
|
||
|
|
if (!next) return res.sendStatus(200);
|
||
|
|
next();
|
||
|
|
}
|
||
|
|
middlewares.routeMetadata = { authType: "policy" };
|
||
|
|
middlewares.use([userGuard(), policyAuthMiddleware]);
|
||
|
|
return middlewares;
|
||
|
|
}
|