chamomind/jws-backend
chamomind/jws-backend
7
0
Fork 0
Code Issues Projects 1 Releases Packages 1 Wiki Activity Actions

refactor: update auth setting

Browse source
This commit is contained in:
Methapon2001 2024-07-18 17:22:53 +07:00
parent 053eb8b04a
commit 994b9ced2a
2 changed files with 19 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

21
src/middlewares/auth-provider/keycloak.ts
View file

@ -19,10 +19,14 @@ const jwtDecode = createDecoder();
export async function keycloakAuth(request: Express.Request, roles?: string[]) { export async function keycloakAuth(request: Express.Request, roles?: string[]) {
const token = request.headers["authorization"]?.includes("Bearer ") const token = request.headers["authorization"]?.includes("Bearer ")
? request.headers["authorization"].split(" ")[1] ? request.headers["authorization"].split(" ")[1]
: request.headers["authorization"]; : "";
if (!token) { if (!token) {
throw new HttpError(HttpStatus.UNAUTHORIZED, "ไม่พบข้อมูลสำหรับยืนยันตัวตน"); throw new HttpError(
HttpStatus.UNAUTHORIZED,
"authorization data not found.",
"authDataNotFound",
);
} }
let payload: Record<string, any> = {}; let payload: Record<string, any> = {};
@ -49,7 +53,7 @@ export async function keycloakAuth(request: Express.Request, roles?: string[]) {
if (!roles.some((a: string) => payload.roles.includes(a))) { if (!roles.some((a: string) => payload.roles.includes(a))) {
throw new HttpError( throw new HttpError(
HttpStatus.FORBIDDEN, HttpStatus.FORBIDDEN,
"คุณไม่มีสิทธิในการเข้าถึงข้อมูลดังกล่าว", "You do not have permission to access this resource.",
"noPermission", "noPermission",
); );
} }
@ -61,7 +65,7 @@ export async function keycloakAuth(request: Express.Request, roles?: string[]) {
async function verifyOffline(token: string) { async function verifyOffline(token: string) {
const payload = await jwtVerify(token).catch((_) => null); const payload = await jwtVerify(token).catch((_) => null);
if (!payload) { if (!payload) {
throw new HttpError(HttpStatus.UNAUTHORIZED, "ไม่สามารถยืนยันตัวตนได้"); throw new HttpError(HttpStatus.UNAUTHORIZED, "Unauthorized.", "authFailed");
} }
return payload; return payload;
} }
@ -74,9 +78,14 @@ async function verifyOnline(token: string) {
}, },
).catch((e) => console.error(e)); ).catch((e) => console.error(e));
if (!res) throw new Error("ไม่สามารถเข้าถึงระบบยืนยันตัวตน"); if (!res)
throw new HttpError(
HttpStatus.INTERNAL_SERVER_ERROR,
"Error authentication service.",
"authFailedFatal",
);
if (!res.ok) { if (!res.ok) {
throw new HttpError(HttpStatus.UNAUTHORIZED, "ไม่สามารถยืนยันตัวตนได้"); throw new HttpError(HttpStatus.UNAUTHORIZED, "Unauthorized.", "authFailed");
} }
return await jwtDecode(token); return await jwtDecode(token);

7
tsoa.json
View file

@ -7,10 +7,10 @@
"specVersion": 3, "specVersion": 3,
"securityDefinitions": { "securityDefinitions": {
"keycloak": { "keycloak": {
"type": "apiKey", "type": "http",
"name": "Authorization", "name": "Authorization",
"description": "Keycloak Bearer Token", "description": "Keycloak Bearer Token",
"in": "header" "scheme": "bearer"
} }
}, },
"spec": { "spec": {
@ -33,7 +33,8 @@
{ "name": "Product Type" }, { "name": "Product Type" },
{ "name": "Product" }, { "name": "Product" },
{ "name": "Work" }, { "name": "Work" },
{ "name": "Service" } { "name": "Service" },
{ "name": "Quotation" }
] ]
} }
}, },