[INIT] Initial Project Structure

lib/middlewares/policy-guard.ts

@@ -0,0 +1,22 @@
+import { Request, Response, NextFunction, Router, Express } from "express";
+import userGuard from "./user-guard";
+import { MetadataRouter } from "@dunemask/vix/express";
+import { Policy } from "@lib/Policies";
+import { AuthErrors } from "@lib/vix/ClientErrors";
+import { UserRequest } from "@lib/types/ApiRequests";
+
+export default function policyMiddlewareGuard(requiredPolicies: Policy[]) {
+  const middlewares: MetadataRouter = Router({ mergeParams: true });
+
+  async function policyAuthMiddleware(req: Request, res: Response, next: NextFunction) {
+    const { user, policies: userPolicies } = req as UserRequest;
+    if (!user) throw AuthErrors.UnauthorizedRequest;
+    if (!userPolicies) throw AuthErrors.UnauthorizedRequest;
+    if (!Policy.multiAuthorizedTo(userPolicies, requiredPolicies)) throw AuthErrors.ForbiddenPermissions;
+    if (!next) return res.sendStatus(200);
+    next();
+  }
+  middlewares.routeMetadata = { authType: "policy" };
+  middlewares.use([userGuard(), policyAuthMiddleware]);
+  return middlewares;
+}

lib/middlewares/user-guard.ts

@@ -0,0 +1,41 @@
+import { AuthorizedTokenRequest, MetadataRouter, tokenAuthMiddleware } from "@dunemask/vix/express";
+import Cairo from "@lib/Cairo";
+import { getUserTokenId } from "@lib/modules/auth/auth.service";
+import { Policy, PolicyComputeType } from "@lib/Policies";
+import { UserRequest } from "@lib/types/ApiRequests";
+import { Resource } from "@lib/vix/AppResources";
+import { AuthErrors, ProjectErrors } from "@lib/vix/ClientErrors";
+import { Request, Response, NextFunction, Router, Express } from "express";
+import expressBearerToken from "express-bearer-token";
+import type PostgresService from "@lib/database/PostgresService.js";
+import { KeyPairType, User } from "@prisma/client";
+
+export default function userGuard() {
+  const middlewares: MetadataRouter = Router({ mergeParams: true });
+  async function userGuardMiddleware(req: Request, _res: Response, next: NextFunction) {
+    const { token } = req as AuthorizedTokenRequest;
+    if (!token) throw AuthErrors.UnauthorizedRequiredToken;
+
+    const PostgresService = req.app.get(Cairo.PostgresService) as PostgresService;
+    const { project } = req.params;
+    if (!project) throw AuthErrors.UnauthorizedRequiredProject;
+
+    const userKeypair = await PostgresService.keypair.byUsage(project, KeyPairType.UserToken);
+    if (!userKeypair) throw ProjectErrors.BadRequestProjectIncomplete;
+
+    const id = await getUserTokenId(token, userKeypair.encryptedPublicKey);
+    if (!id) throw AuthErrors.UnauthorizedRequest;
+    const user = await PostgresService.users.byId(id);
+    if (!user) throw AuthErrors.UnauthorizedRequiredUser;
+    const policies = Policy.parseResourcePolicies<Resource>(user.rolePolicy.policies as PolicyComputeType);
+    const projectData = { ...user.project };
+    delete (user as Partial<typeof user>).project;
+    (req as UserRequest).user = user;
+    (req as UserRequest).policies = policies;
+    (req as UserRequest).project = projectData;
+    next();
+  }
+  middlewares.routeMetadata = { authType: "user" };
+  middlewares.use([expressBearerToken(), userGuardMiddleware]);
+  return middlewares;
+}