From 19bef7e54bbb1a30f0c15167064ab2e7040dcad3 Mon Sep 17 00:00:00 2001 From: AdisakKanthawilang Date: Wed, 18 Dec 2024 10:41:06 +0700 Subject: [PATCH 1/3] add body --- src/controllers/ReportController.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/src/controllers/ReportController.ts b/src/controllers/ReportController.ts index 84ee7e7..b3f45fe 100644 --- a/src/controllers/ReportController.ts +++ b/src/controllers/ReportController.ts @@ -1227,6 +1227,7 @@ export class ReportController extends Controller { commandYear: number templateDoc: string | null amount: Double | null + amountSpecial?: Double | null positionSalaryAmount: Double | null mouthSalaryAmount: Double | null }[] From 4cf5bb4b2e911ed90cdba725d068872c46b9ad74 Mon Sep 17 00:00:00 2001 From: waruneeauy Date: Wed, 18 Dec 2024 17:47:39 +0700 Subject: [PATCH 2/3] updated throw error --- src/interfaces/call-api.ts | 14 +- src/interfaces/permission.ts | 426 +++++++++++++++++++---------------- 2 files changed, 241 insertions(+), 199 deletions(-) diff --git a/src/interfaces/call-api.ts b/src/interfaces/call-api.ts index 78f0f14..7acbe40 100644 --- a/src/interfaces/call-api.ts +++ b/src/interfaces/call-api.ts @@ -13,6 +13,8 @@ import { } from "tsoa"; import axios from "axios"; import { addLogSequence } from "./utils"; +import HttpError from "./http-error"; +import HttpStatus from "./http-status"; class CallAPI { //Get @@ -49,7 +51,11 @@ class CallAPI { response: JSON.stringify(error), }, }); - throw error; + if (error instanceof Error) { + throw new HttpError(HttpStatus.FORBIDDEN, error.message); + } else { + throw new HttpError(HttpStatus.FORBIDDEN, "Something went wrong!"); + } } } //Post @@ -88,7 +94,11 @@ class CallAPI { response: JSON.stringify(error), }, }); - throw error; + if (error instanceof Error) { + throw new HttpError(HttpStatus.FORBIDDEN, error.message); + } else { + throw new HttpError(HttpStatus.FORBIDDEN, "Something went wrong!"); + } } } } diff --git a/src/interfaces/permission.ts b/src/interfaces/permission.ts index a04c877..7f1521c 100644 --- a/src/interfaces/permission.ts +++ b/src/interfaces/permission.ts @@ -1,207 +1,239 @@ -import axios from "axios" -import { RequestWithUser } from "../middlewares/user" -import CallAPI from "./call-api" -import HttpError from "./http-error" -import HttpStatus from "./http-status" +import axios from "axios"; +import { RequestWithUser } from "../middlewares/user"; +import CallAPI from "./call-api"; +import HttpError from "./http-error"; +import HttpStatus from "./http-status"; class CheckAuth { - public async Permission(req: RequestWithUser, system: string, action: string) { - if (req.headers.hasOwnProperty("api_key") && req.headers["api_key"] && req.headers["api_key"] == process.env.API_KEY) { - return null - } - return await new CallAPI() - .GetData(req, "/org/permission") - .then(x => { - let permission = false - let role = x.roles.find((x: any) => x.authSysId == system) - if (!role) throw "ไม่มีสิทธิ์เข้าระบบ" - if (role.attrOwnership == "OWNER") return "OWNER" - if (action.trim().toLocaleUpperCase() == "CREATE") permission = role.attrIsCreate - if (action.trim().toLocaleUpperCase() == "DELETE") permission = role.attrIsDelete - if (action.trim().toLocaleUpperCase() == "GET") permission = role.attrIsGet - if (action.trim().toLocaleUpperCase() == "LIST") permission = role.attrIsList - if (action.trim().toLocaleUpperCase() == "UPDATE") permission = role.attrIsUpdate - if (permission == false) throw "ไม่มีสิทธิ์ใช้งานระบบนี้" - return role.attrPrivilege - }) - .catch(x => { - if (x.status != undefined) { - throw new HttpError(x.status, x.message) - } else { - throw new HttpError(HttpStatus.FORBIDDEN, x) - } - }) - } - public async PermissionOrg(req: RequestWithUser, system: string, action: string) { - if (req.headers.hasOwnProperty("api_key") && req.headers["api_key"] && req.headers["api_key"] == process.env.API_KEY) { - return { - root: null, - child1: null, - child2: null, - child3: null, - child4: null, - } - } - return await new CallAPI() - .GetData(req, `/org/permission/org/${system}/${action}`) - .then(async x => { - let privilege = x.privilege + public async Permission(req: RequestWithUser, system: string, action: string) { + if ( + req.headers.hasOwnProperty("api_key") && + req.headers["api_key"] && + req.headers["api_key"] == process.env.API_KEY + ) { + return null; + } + return await new CallAPI() + .GetData(req, "/org/permission") + .then((x) => { + let permission = false; + let role = x.roles.find((x: any) => x.authSysId == system); + if (!role) throw new HttpError(HttpStatus.FORBIDDEN, "ไม่มีสิทธิ์เข้าระบบ"); + if (role.attrOwnership == "OWNER") return "OWNER"; + if (action.trim().toLocaleUpperCase() == "CREATE") permission = role.attrIsCreate; + if (action.trim().toLocaleUpperCase() == "DELETE") permission = role.attrIsDelete; + if (action.trim().toLocaleUpperCase() == "GET") permission = role.attrIsGet; + if (action.trim().toLocaleUpperCase() == "LIST") permission = role.attrIsList; + if (action.trim().toLocaleUpperCase() == "UPDATE") permission = role.attrIsUpdate; + if (permission == false) + throw new HttpError(HttpStatus.FORBIDDEN, "ไม่มีสิทธิ์ใช้งานระบบนี้"); + return role.attrPrivilege; + }) + .catch((x) => { + if (x.status != undefined) { + throw new HttpError(x.status, x.message); + } else { + throw new HttpError(HttpStatus.FORBIDDEN, x); + } + }); + } + public async PermissionOrg(req: RequestWithUser, system: string, action: string) { + if ( + req.headers.hasOwnProperty("api_key") && + req.headers["api_key"] && + req.headers["api_key"] == process.env.API_KEY + ) { + return { + root: null, + child1: null, + child2: null, + child3: null, + child4: null, + }; + } + return await new CallAPI() + .GetData(req, `/org/permission/org/${system}/${action}`) + .then(async (x) => { + let privilege = x.privilege; - let data: any = { - root: [null], - child1: [null], - child2: [null], - child3: [null], - child4: [null], - privilege: [null], - } - let node = 4 - if (x.orgChild1Id == null) { - node = 0 - } else if (x.orgChild2Id == null) { - node = 1 - } else if (x.orgChild3Id == null) { - node = 2 - } else if (x.orgChild4Id == null) { - node = 3 - } - if (privilege == "OWNER") { - data = { - root: null, - child1: null, - child2: null, - child3: null, - child4: null, - privilege: "OWNER", - } - } else if (privilege == "ROOT") { - data = { - root: [x.orgRootId], - child1: null, - child2: null, - child3: null, - child4: null, - privilege: "ROOT", - } - } else if (privilege == "CHILD") { - data = { - root: node >= 0 ? [x.orgRootId] : null, - child1: node >= 1 ? [x.orgChild1Id] : null, - child2: node >= 2 ? [x.orgChild2Id] : null, - child3: node >= 3 ? [x.orgChild3Id] : null, - child4: node >= 4 ? [x.orgChild4Id] : null, - privilege: "CHILD", - } - } else if (privilege == "NORMAL") { - data = { - root: [x.orgRootId], - child1: [x.orgChild1Id], - child2: [x.orgChild2Id], - child3: [x.orgChild3Id], - child4: [x.orgChild4Id], - privilege: "NORMAL", - } - } else if (privilege == "SPECIFIC") { - } + let data: any = { + root: [null], + child1: [null], + child2: [null], + child3: [null], + child4: [null], + privilege: [null], + }; + let node = 4; + if (x.orgChild1Id == null) { + node = 0; + } else if (x.orgChild2Id == null) { + node = 1; + } else if (x.orgChild3Id == null) { + node = 2; + } else if (x.orgChild4Id == null) { + node = 3; + } + if (privilege == "OWNER") { + data = { + root: null, + child1: null, + child2: null, + child3: null, + child4: null, + privilege: "OWNER", + }; + } else if (privilege == "ROOT") { + data = { + root: [x.orgRootId], + child1: null, + child2: null, + child3: null, + child4: null, + privilege: "ROOT", + }; + } else if (privilege == "CHILD") { + data = { + root: node >= 0 ? [x.orgRootId] : null, + child1: node >= 1 ? [x.orgChild1Id] : null, + child2: node >= 2 ? [x.orgChild2Id] : null, + child3: node >= 3 ? [x.orgChild3Id] : null, + child4: node >= 4 ? [x.orgChild4Id] : null, + privilege: "CHILD", + }; + } else if (privilege == "NORMAL") { + data = { + root: [x.orgRootId], + child1: [x.orgChild1Id], + child2: [x.orgChild2Id], + child3: [x.orgChild3Id], + child4: [x.orgChild4Id], + privilege: "NORMAL", + }; + } else if (privilege == "SPECIFIC") { + } - return data - }) - .catch(x => { - if (x.status != undefined) { - throw new HttpError(x.status, x.message) - } else { - throw new HttpError(HttpStatus.FORBIDDEN, x) - } - }) - } - public async PermissionOrgByUser(req: RequestWithUser, system: string, action: string, profileId: string) { - if (req.headers.hasOwnProperty("api_key") && req.headers["api_key"] && req.headers["api_key"] == process.env.API_KEY) { - return true - } - return await new CallAPI() - .GetData(req, `/org/permission/user/${system}/${action}/${profileId}`) - .then(async x => { - let org = x.org + return data; + }) + .catch((x) => { + if (x.status != undefined) { + throw new HttpError(x.status, x.message); + } else { + throw new HttpError(HttpStatus.FORBIDDEN, x); + } + }); + } + public async PermissionOrgByUser( + req: RequestWithUser, + system: string, + action: string, + profileId: string, + ) { + if ( + req.headers.hasOwnProperty("api_key") && + req.headers["api_key"] && + req.headers["api_key"] == process.env.API_KEY + ) { + return true; + } + return await new CallAPI() + .GetData(req, `/org/permission/user/${system}/${action}/${profileId}`) + .then(async (x) => { + let org = x.org; - if (org.root != null) if (x.orgRootId != org.root[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล" - if (org.child1 != null) if (x.orgChild1Id != org.child1[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล" - if (org.child2 != null) if (x.orgChild2Id != org.child2[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล" - if (org.child3 != null) if (x.orgChild3Id != org.child3[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล" - if (org.child4 != null) if (x.orgChild4Id != org.child4[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล" + if (org.root != null) + if (x.orgRootId != org.root[0]) + throw new HttpError(HttpStatus.FORBIDDEN, "ไม่มีสิทธิ์เข้าถึงข้อมูล"); + if (org.child1 != null) + if (x.orgChild1Id != org.child1[0]) + throw new HttpError(HttpStatus.FORBIDDEN, "ไม่มีสิทธิ์เข้าถึงข้อมูล"); + if (org.child2 != null) + if (x.orgChild2Id != org.child2[0]) + throw new HttpError(HttpStatus.FORBIDDEN, "ไม่มีสิทธิ์เข้าถึงข้อมูล"); + if (org.child3 != null) + if (x.orgChild3Id != org.child3[0]) + throw new HttpError(HttpStatus.FORBIDDEN, "ไม่มีสิทธิ์เข้าถึงข้อมูล"); + if (org.child4 != null) + if (x.orgChild4Id != org.child4[0]) + throw new HttpError(HttpStatus.FORBIDDEN, "ไม่มีสิทธิ์เข้าถึงข้อมูล"); - return true - }) - .catch(x => { - if (x.status != undefined) { - throw new HttpError(x.status, x.message) - } else { - throw new HttpError(HttpStatus.FORBIDDEN, x) - } - }) - } - public async Workflow(req: RequestWithUser, id: string, sysName: string) { - if (req.headers.hasOwnProperty("api_key") && req.headers["api_key"] && req.headers["api_key"] == process.env.API_KEY) { - return null - } - return await new CallAPI() - .PostData(req, "/org/workflow/keycloak/isofficer", { - refId: id, - sysName: sysName, - }) - .then(x => { - return true - }) - .catch(x => { - return false - }) - } - public async PermissionCreate(req: RequestWithUser, system: string) { - return await this.Permission(req, system, "CREATE") - } - public async PermissionDelete(req: RequestWithUser, system: string) { - return await this.Permission(req, system, "DELETE") - } - public async PermissionGet(req: RequestWithUser, system: string) { - return await this.Permission(req, system, "GET") - } - public async PermissionList(req: RequestWithUser, system: string) { - return await this.Permission(req, system, "LIST") - } - public async PermissionUpdate(req: RequestWithUser, system: string) { - return await this.Permission(req, system, "UPDATE") - } + return true; + }) + .catch((x) => { + if (x.status != undefined) { + throw new HttpError(x.status, x.message); + } else { + throw new HttpError(HttpStatus.FORBIDDEN, x); + } + }); + } + public async Workflow(req: RequestWithUser, id: string, sysName: string) { + if ( + req.headers.hasOwnProperty("api_key") && + req.headers["api_key"] && + req.headers["api_key"] == process.env.API_KEY + ) { + return null; + } + return await new CallAPI() + .PostData(req, "/org/workflow/keycloak/isofficer", { + refId: id, + sysName: sysName, + }) + .then((x) => { + return true; + }) + .catch((x) => { + return false; + }); + } + public async PermissionCreate(req: RequestWithUser, system: string) { + return await this.Permission(req, system, "CREATE"); + } + public async PermissionDelete(req: RequestWithUser, system: string) { + return await this.Permission(req, system, "DELETE"); + } + public async PermissionGet(req: RequestWithUser, system: string) { + return await this.Permission(req, system, "GET"); + } + public async PermissionList(req: RequestWithUser, system: string) { + return await this.Permission(req, system, "LIST"); + } + public async PermissionUpdate(req: RequestWithUser, system: string) { + return await this.Permission(req, system, "UPDATE"); + } - public async PermissionOrgCreate(req: RequestWithUser, system: string) { - return await this.PermissionOrg(req, system, "CREATE") - } - public async PermissionOrgDelete(req: RequestWithUser, system: string) { - return await this.PermissionOrg(req, system, "DELETE") - } - public async PermissionOrgGet(req: RequestWithUser, system: string) { - return await this.PermissionOrg(req, system, "GET") - } - public async PermissionOrgList(req: RequestWithUser, system: string) { - return await this.PermissionOrg(req, system, "LIST") - } - public async PermissionOrgUpdate(req: RequestWithUser, system: string) { - return await this.PermissionOrg(req, system, "UPDATE") - } + public async PermissionOrgCreate(req: RequestWithUser, system: string) { + return await this.PermissionOrg(req, system, "CREATE"); + } + public async PermissionOrgDelete(req: RequestWithUser, system: string) { + return await this.PermissionOrg(req, system, "DELETE"); + } + public async PermissionOrgGet(req: RequestWithUser, system: string) { + return await this.PermissionOrg(req, system, "GET"); + } + public async PermissionOrgList(req: RequestWithUser, system: string) { + return await this.PermissionOrg(req, system, "LIST"); + } + public async PermissionOrgUpdate(req: RequestWithUser, system: string) { + return await this.PermissionOrg(req, system, "UPDATE"); + } - public async PermissionOrgUserCreate(req: RequestWithUser, system: string, profileId: string) { - return await this.PermissionOrgByUser(req, system, "CREATE", profileId) - } - public async PermissionOrgUserDelete(req: RequestWithUser, system: string, profileId: string) { - return await this.PermissionOrgByUser(req, system, "DELETE", profileId) - } - public async PermissionOrgUserGet(req: RequestWithUser, system: string, profileId: string) { - return await this.PermissionOrgByUser(req, system, "GET", profileId) - } - public async PermissionOrgUserList(req: RequestWithUser, system: string, profileId: string) { - return await this.PermissionOrgByUser(req, system, "LIST", profileId) - } - public async PermissionOrgUserUpdate(req: RequestWithUser, system: string, profileId: string) { - return await this.PermissionOrgByUser(req, system, "UPDATE", profileId) - } + public async PermissionOrgUserCreate(req: RequestWithUser, system: string, profileId: string) { + return await this.PermissionOrgByUser(req, system, "CREATE", profileId); + } + public async PermissionOrgUserDelete(req: RequestWithUser, system: string, profileId: string) { + return await this.PermissionOrgByUser(req, system, "DELETE", profileId); + } + public async PermissionOrgUserGet(req: RequestWithUser, system: string, profileId: string) { + return await this.PermissionOrgByUser(req, system, "GET", profileId); + } + public async PermissionOrgUserList(req: RequestWithUser, system: string, profileId: string) { + return await this.PermissionOrgByUser(req, system, "LIST", profileId); + } + public async PermissionOrgUserUpdate(req: RequestWithUser, system: string, profileId: string) { + return await this.PermissionOrgByUser(req, system, "UPDATE", profileId); + } } -export default CheckAuth +export default CheckAuth; From 537a388bcb58e91141ecbe9fa1972de5fca103a2 Mon Sep 17 00:00:00 2001 From: "DESKTOP-2S5P7D1\\Windows 10" Date: Wed, 18 Dec 2024 18:59:51 +0700 Subject: [PATCH 3/3] =?UTF-8?q?=E0=B9=81=E0=B8=81=E0=B9=89=20=20throw=20er?= =?UTF-8?q?ror?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/interfaces/permission.ts | 18 +++++----- src/middlewares/logs.ts | 69 ++++++++++++++++++++---------------- 2 files changed, 47 insertions(+), 40 deletions(-) diff --git a/src/interfaces/permission.ts b/src/interfaces/permission.ts index b350083..b100be3 100644 --- a/src/interfaces/permission.ts +++ b/src/interfaces/permission.ts @@ -164,12 +164,12 @@ class CheckAuth { port: process.env.REDIS_PORT, }) const getAsync = promisify(redisClient.get).bind(redisClient) - let reply = await getAsync("org_" + keycloakId) - if (reply != null) { - reply = JSON.parse(reply) - } else { - try { - if (!keycloakId) throw "Error calling API No KeycloakId" + try { + let reply = await getAsync("org_" + keycloakId) + if (reply != null) { + reply = JSON.parse(reply) + } else { + if (!keycloakId) throw new Error("No KeycloakId provided") const x = await new CallAPI().GetData( { headers: { authorization: token }, @@ -187,10 +187,10 @@ class CheckAuth { } return data - } catch (error) { - console.error("Error calling API:", error) - throw error } + } catch (error) { + console.error("Error calling API:", error) + throw error } } public async PermissionCreate(req: RequestWithUser, system: string) { diff --git a/src/middlewares/logs.ts b/src/middlewares/logs.ts index 44245fc..739d707 100644 --- a/src/middlewares/logs.ts +++ b/src/middlewares/logs.ts @@ -19,12 +19,10 @@ const LOG_LEVEL_MAP: Record = { const elasticsearch = new Client({ node: `${process.env.ELASTICSEARCH_PROTOCOL}://${process.env.ELASTICSEARCH_HOST}:${process.env.ELASTICSEARCH_PORT}`, }) - async function logMiddleware(req: Request, res: Response, next: NextFunction) { if (!req.url.startsWith("/api/")) return next() let data: any - const originalJson = res.json res.json = function (v: any) { @@ -38,41 +36,50 @@ async function logMiddleware(req: Request, res: Response, next: NextFunction) { req.app.locals.logData = {} res.on("finish", async () => { - if (!req.url.startsWith("/api/")) return + try { + if (!req.url.startsWith("/api/")) return - const level = LOG_LEVEL_MAP[process.env.LOG_LEVEL ?? "debug"] || 4 + const level = LOG_LEVEL_MAP[process.env.LOG_LEVEL ?? "debug"] || 4 - if (level === 1 && res.statusCode < 500) return - if (level === 2 && res.statusCode < 400) return - if (level === 3 && res.statusCode < 200) return + if (level === 1 && res.statusCode < 500) return + if (level === 2 && res.statusCode < 400) return + if (level === 3 && res.statusCode < 200) return - let token: any - token = req.headers["authorization"] + const token = req.headers["authorization"] + let rootId = null - const rootId = await new permission().checkOrg(token, req.app.locals.logData.userId) + try { + rootId = token ? await new permission().checkOrg(token, req.app.locals.logData.userId) : null + } catch (err) { + console.warn("Error fetching rootId:", err) + } - const obj = { - logType: res.statusCode >= 500 ? "error" : res.statusCode >= 400 ? "warning" : "info", - ip: req.ip, - rootId: rootId ? rootId.orgRootId : null, - systemName: "probation", - startTimeStamp: timestamp, - endTimeStamp: new Date().toISOString(), - processTime: performance.now() - start, - host: req.hostname, - method: req.method, - endpoint: req.url, - responseCode: String(res.statusCode === 304 ? 200 : res.statusCode), - responseDescription: data?.message, - input: (level === 4 && JSON.stringify(req.body, null, 2)) || undefined, - output: (level === 4 && JSON.stringify(data, null, 2)) || undefined, - ...req.app.locals.logData, + const obj = { + logType: res.statusCode >= 500 ? "error" : res.statusCode >= 400 ? "warning" : "info", + ip: req.ip, + rootId: rootId?.orgRootId ?? null, + systemName: "evaluation", + startTimeStamp: timestamp, + endTimeStamp: new Date().toISOString(), + processTime: performance.now() - start, + host: req.hostname, + method: req.method, + endpoint: req.url, + responseCode: String(res.statusCode === 304 ? 200 : res.statusCode), + responseDescription: data?.message, + input: level === 4 ? JSON.stringify(req.body, null, 2) : undefined, + output: level === 4 ? JSON.stringify(data, null, 2) : undefined, + ...req.app.locals.logData, + } + + // Send log to Elasticsearch + await elasticsearch.index({ + index: ELASTICSEARCH_INDEX, + document: obj, + }) + } catch (err) { + console.error("Error in logMiddleware:", err) } - - elasticsearch.index({ - index: ELASTICSEARCH_INDEX, - document: obj, - }) }) return next()