From 34c3f274184e45addce1c609de6772dc3df09261 Mon Sep 17 00:00:00 2001
From: Methapon2001 <61303214+Methapon2001@users.noreply.github.com>
Date: Fri, 24 Nov 2023 13:49:08 +0700
Subject: [PATCH] feat: auth role

---
 Services/server/src/utils/auth.ts | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/Services/server/src/utils/auth.ts b/Services/server/src/utils/auth.ts
index 407238a..20cf11f 100644
--- a/Services/server/src/utils/auth.ts
+++ b/Services/server/src/utils/auth.ts
@@ -17,7 +17,7 @@ const jwtVerify = createVerifier({
 export function expressAuthentication(
   request: express.Request,
   securityName: string,
-  _scopes?: string[],
+  scopes?: string[],
 ) {
   return new Promise(async (resolve, reject) => {
     if (securityName !== "bearerAuth") reject(new Error("Unknown authentication method."));
@@ -34,6 +34,12 @@ export function expressAuthentication(
       return reject(new HttpError(HttpStatusCode.UNAUTHORIZED, "Invalid token provided."));
     }
 
+    if (scopes && !scopes.every((v) => payload.resource_access[payload.azp].roles.includes(v))) {
+      return reject(
+        new HttpError(HttpStatusCode.FORBIDDEN, "You are not allowed to perform this action."),
+      );
+    }
+
     return resolve(payload);
   });
 }