From f89dfcad37d99b679afb7827a2b18e6cbee77f42 Mon Sep 17 00:00:00 2001 From: Methapon2001 <61303214+Methapon2001@users.noreply.github.com> Date: Wed, 10 Apr 2024 12:46:23 +0700 Subject: [PATCH] feat: check for permission using roles --- src/middlewares/auth-provider/keycloak.ts | 12 +++++++----- src/middlewares/auth.ts | 4 ++-- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/src/middlewares/auth-provider/keycloak.ts b/src/middlewares/auth-provider/keycloak.ts index de8ed42..05d856f 100644 --- a/src/middlewares/auth-provider/keycloak.ts +++ b/src/middlewares/auth-provider/keycloak.ts @@ -16,11 +16,7 @@ const jwtVerify = createVerifier({ const jwtDecode = createDecoder(); -export async function keycloakAuth( - request: Express.Request, - _securityName?: string, - _scopes?: string[], -) { +export async function keycloakAuth(request: Express.Request, roles?: string[]) { const token = request.headers["authorization"]?.includes("Bearer ") ? request.headers["authorization"].split(" ")[1] : request.headers["authorization"]; @@ -49,6 +45,12 @@ export async function keycloakAuth( } } + if (Array.isArray(roles) && roles.length > 0 && Array.isArray(payload.roles)) { + if (!roles.some((a: string) => payload.roles.includes(a))) { + throw new HttpError(HttpStatus.FORBIDDEN, "คุณไม่มีสิทธิในการเข้าถึงข้อมูลดังกล่าว"); + } + } + return payload; } diff --git a/src/middlewares/auth.ts b/src/middlewares/auth.ts index 75f3773..ad0bb1e 100644 --- a/src/middlewares/auth.ts +++ b/src/middlewares/auth.ts @@ -6,11 +6,11 @@ import { keycloakAuth } from "./auth-provider/keycloak"; export async function expressAuthentication( request: Express.Request, securityName: string, - _scopes?: string[], + scopes?: string[], ) { switch (securityName) { case "keycloak": - return keycloakAuth(request); + return keycloakAuth(request, scopes); default: throw new HttpError(HttpStatus.NOT_IMPLEMENTED, "ไม่ทราบวิธียืนยันตัวตน"); }