feat: check for permission using roles

This commit is contained in:
Methapon2001 2024-04-10 12:46:23 +07:00
parent f7eea342cc
commit f89dfcad37
2 changed files with 9 additions and 7 deletions

View file

@ -16,11 +16,7 @@ const jwtVerify = createVerifier({
const jwtDecode = createDecoder(); const jwtDecode = createDecoder();
export async function keycloakAuth( export async function keycloakAuth(request: Express.Request, roles?: string[]) {
request: Express.Request,
_securityName?: string,
_scopes?: string[],
) {
const token = request.headers["authorization"]?.includes("Bearer ") const token = request.headers["authorization"]?.includes("Bearer ")
? request.headers["authorization"].split(" ")[1] ? request.headers["authorization"].split(" ")[1]
: request.headers["authorization"]; : request.headers["authorization"];
@ -49,6 +45,12 @@ export async function keycloakAuth(
} }
} }
if (Array.isArray(roles) && roles.length > 0 && Array.isArray(payload.roles)) {
if (!roles.some((a: string) => payload.roles.includes(a))) {
throw new HttpError(HttpStatus.FORBIDDEN, "คุณไม่มีสิทธิในการเข้าถึงข้อมูลดังกล่าว");
}
}
return payload; return payload;
} }

View file

@ -6,11 +6,11 @@ import { keycloakAuth } from "./auth-provider/keycloak";
export async function expressAuthentication( export async function expressAuthentication(
request: Express.Request, request: Express.Request,
securityName: string, securityName: string,
_scopes?: string[], scopes?: string[],
) { ) {
switch (securityName) { switch (securityName) {
case "keycloak": case "keycloak":
return keycloakAuth(request); return keycloakAuth(request, scopes);
default: default:
throw new HttpError(HttpStatus.NOT_IMPLEMENTED, "ไม่ทราบวิธียืนยันตัวตน"); throw new HttpError(HttpStatus.NOT_IMPLEMENTED, "ไม่ทราบวิธียืนยันตัวตน");
} }