import axios from "axios" import { RequestWithUser } from "../middlewares/user" import CallAPI from "./call-api" import HttpError from "./http-error" import HttpStatus from "./http-status" import { promisify } from "util" class CheckAuth { private redis = require("redis") public async Permission(req: RequestWithUser, system: string, action: string) { if (req.headers.hasOwnProperty("api_key") && req.headers["api_key"] && req.headers["api_key"] == process.env.API_KEY) { return null } return await new CallAPI() .GetData(req, "/org/permission") .then(x => { let permission = false let role = x.roles.find((x: any) => x.authSysId == system) if (!role) throw "ไม่มีสิทธิ์เข้าระบบ" if (role.attrOwnership == "OWNER") return "OWNER" if (action.trim().toLocaleUpperCase() == "CREATE") permission = role.attrIsCreate if (action.trim().toLocaleUpperCase() == "DELETE") permission = role.attrIsDelete if (action.trim().toLocaleUpperCase() == "GET") permission = role.attrIsGet if (action.trim().toLocaleUpperCase() == "LIST") permission = role.attrIsList if (action.trim().toLocaleUpperCase() == "UPDATE") permission = role.attrIsUpdate if (permission == false) throw "ไม่มีสิทธิ์ใช้งานระบบนี้" return role.attrPrivilege }) .catch(x => { if (x.status != undefined) { throw new HttpError(x.status, x.message) } else { throw new HttpError(HttpStatus.FORBIDDEN, x) } }) } public async PermissionOrg(req: RequestWithUser, system: string, action: string) { if (req.headers.hasOwnProperty("api_key") && req.headers["api_key"] && req.headers["api_key"] == process.env.API_KEY) { return { root: null, child1: null, child2: null, child3: null, child4: null, } } return await new CallAPI() .GetData(req, `/org/permission/org/${system}/${action}`) .then(async x => { let privilege = x.privilege let data: any = { root: [null], child1: [null], child2: [null], child3: [null], child4: [null], privilege: [null], } let node = 4 if (x.orgChild1Id == null) { node = 0 } else if (x.orgChild2Id == null) { node = 1 } else if (x.orgChild3Id == null) { node = 2 } else if (x.orgChild4Id == null) { node = 3 } if (privilege == "OWNER") { data = { root: null, child1: null, child2: null, child3: null, child4: null, privilege: "OWNER", } } else if (privilege == "ROOT") { data = { root: [x.orgRootId], child1: null, child2: null, child3: null, child4: null, privilege: "ROOT", } } else if (privilege == "CHILD") { data = { root: node >= 0 ? [x.orgRootId] : null, child1: node >= 1 ? [x.orgChild1Id] : null, child2: node >= 2 ? [x.orgChild2Id] : null, child3: node >= 3 ? [x.orgChild3Id] : null, child4: node >= 4 ? [x.orgChild4Id] : null, privilege: "CHILD", } } else if (privilege == "NORMAL") { data = { root: [x.orgRootId], child1: [x.orgChild1Id], child2: [x.orgChild2Id], child3: [x.orgChild3Id], child4: [x.orgChild4Id], privilege: "NORMAL", } } else if (privilege == "SPECIFIC") { } return data }) .catch(x => { if (x.status != undefined) { throw new HttpError(x.status, x.message) } else { throw new HttpError(HttpStatus.FORBIDDEN, x) } }) } public async PermissionOrgByUser(req: RequestWithUser, system: string, action: string, profileId: string) { if (req.headers.hasOwnProperty("api_key") && req.headers["api_key"] && req.headers["api_key"] == process.env.API_KEY) { return true } return await new CallAPI() .GetData(req, `/org/permission/user/${system}/${action}/${profileId}`) .then(async x => { let org = x.org if (org.root != null) if (x.orgRootId != org.root[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล" if (org.child1 != null) if (x.orgChild1Id != org.child1[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล" if (org.child2 != null) if (x.orgChild2Id != org.child2[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล" if (org.child3 != null) if (x.orgChild3Id != org.child3[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล" if (org.child4 != null) if (x.orgChild4Id != org.child4[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล" return true }) .catch(x => { if (x.status != undefined) { throw new HttpError(x.status, x.message) } else { throw new HttpError(HttpStatus.FORBIDDEN, x) } }) } public async Workflow(req: RequestWithUser, id: string, sysName: string) { if (req.headers.hasOwnProperty("api_key") && req.headers["api_key"] && req.headers["api_key"] == process.env.API_KEY) { return null } return await new CallAPI() .PostData(req, "/org/workflow/keycloak/isofficer", { refId: id, sysName: sysName, }) .then(x => { return true }) .catch(x => { return false }) } public async checkOrg(token: any, keycloakId: string) { const redisClient = await this.redis.createClient({ host: process.env.REDIS_HOST, port: process.env.REDIS_PORT, }) const getAsync = promisify(redisClient.get).bind(redisClient) try { let reply = await getAsync("org_" + keycloakId) if (reply != null) { reply = JSON.parse(reply) } else { if (!keycloakId) throw new Error("No KeycloakId provided") const x = await new CallAPI().GetData( { headers: { authorization: token }, }, `/org/permission/checkOrg/${keycloakId}`, false ) const data = { orgRootId: x.orgRootId, orgChild1Id: x.orgChild1Id, orgChild2Id: x.orgChild2Id, orgChild3Id: x.orgChild3Id, orgChild4Id: x.orgChild4Id, } return data } } catch (error) { console.error("Error calling API:", error) throw error } } public async PermissionCreate(req: RequestWithUser, system: string) { return await this.Permission(req, system, "CREATE") } public async PermissionDelete(req: RequestWithUser, system: string) { return await this.Permission(req, system, "DELETE") } public async PermissionGet(req: RequestWithUser, system: string) { return await this.Permission(req, system, "GET") } public async PermissionList(req: RequestWithUser, system: string) { return await this.Permission(req, system, "LIST") } public async PermissionUpdate(req: RequestWithUser, system: string) { return await this.Permission(req, system, "UPDATE") } public async PermissionOrgCreate(req: RequestWithUser, system: string) { return await this.PermissionOrg(req, system, "CREATE") } public async PermissionOrgDelete(req: RequestWithUser, system: string) { return await this.PermissionOrg(req, system, "DELETE") } public async PermissionOrgGet(req: RequestWithUser, system: string) { return await this.PermissionOrg(req, system, "GET") } public async PermissionOrgList(req: RequestWithUser, system: string) { return await this.PermissionOrg(req, system, "LIST") } public async PermissionOrgUpdate(req: RequestWithUser, system: string) { return await this.PermissionOrg(req, system, "UPDATE") } public async PermissionOrgUserCreate(req: RequestWithUser, system: string, profileId: string) { return await this.PermissionOrgByUser(req, system, "CREATE", profileId) } public async PermissionOrgUserDelete(req: RequestWithUser, system: string, profileId: string) { return await this.PermissionOrgByUser(req, system, "DELETE", profileId) } public async PermissionOrgUserGet(req: RequestWithUser, system: string, profileId: string) { return await this.PermissionOrgByUser(req, system, "GET", profileId) } public async PermissionOrgUserList(req: RequestWithUser, system: string, profileId: string) { return await this.PermissionOrgByUser(req, system, "LIST", profileId) } public async PermissionOrgUserUpdate(req: RequestWithUser, system: string, profileId: string) { return await this.PermissionOrgByUser(req, system, "UPDATE", profileId) } } export default CheckAuth