feat: protect route

2023-11-17 16:43:07 +07:00 · 2023-11-17 16:43:07 +07:00 · b5b3b02d09
commit b5b3b02d09
parent 083e984c89
4 changed files with 60 additions and 8 deletions
--- a/Prototype/server/src/controllers/cabinetController.ts
+++ b/Prototype/server/src/controllers/cabinetController.ts
@ -1,4 +1,17 @@
-import { Body, Controller, Delete, Get, Path, Post, Put, Route, SuccessResponse, Tags } from "tsoa";
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Path,
+  Post,
+  Put,
+  Route,
+  Security,
+  SuccessResponse,
+  Tags,
+  Request,
+} from "tsoa";
 import * as Minio from "minio";
 import minioClient from "../storage";

@ -17,12 +30,16 @@ export class CabinetController extends Controller {

  @Post("/")
  @Tags("Cabinet")
+  @Security("bearerAuth")
  @SuccessResponse(HttpStatusCode.CREATED)
-  public async createCabinet(@Body() body: { name: string }) {
+  public async createCabinet(
+    @Request() request: { user: { preferred_username: string } },
+    @Body() body: { name: string },
+  ) {
    const uploaded = await minioClient
      .putObject("ehr", `${body.name}/.keep`, "", 0, {
        createdAt: new Date().toISOString(),
-        createdBy: "SomeUser",
+        createdBy: request.user.preferred_username,
      })
      .catch((e) => console.error(e));

@ -33,6 +50,7 @@ export class CabinetController extends Controller {

  @Put("/{cabinetName}")
  @Tags("Cabinet")
+  @Security("bearerAuth")
  @SuccessResponse(HttpStatusCode.NO_CONTENT, "Success")
  public async editCabinet(
    @Path() cabinetName: string,
@ -66,6 +84,7 @@ export class CabinetController extends Controller {

  @Delete("/{cabinetName}")
  @Tags("Cabinet")
+  @Security("bearerAuth")
  @SuccessResponse(HttpStatusCode.NO_CONTENT)
  public async deleteCabinet(@Path() cabinetName: string) {
    return new Promise((resolve, reject) => {
--- a/Prototype/server/src/controllers/drawerController.ts
+++ b/Prototype/server/src/controllers/drawerController.ts
@ -1,4 +1,17 @@
-import { Body, Controller, Delete, Get, Path, Post, Put, Route, SuccessResponse, Tags } from "tsoa";
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Path,
+  Post,
+  Put,
+  Request,
+  Route,
+  Security,
+  SuccessResponse,
+  Tags,
+} from "tsoa";
 import * as Minio from "minio";
 import minioClient from "../storage";

@ -17,8 +30,13 @@ export class DrawerController extends Controller {

  @Post("/{cabinetName}/drawer")
  @Tags("Drawer")
+  @Security("bearerAuth")
  @SuccessResponse(HttpStatusCode.CREATED)
-  public async createDrawer(@Path() cabinetName: string, @Body() body: { name: string }) {
+  public async createDrawer(
+    @Request() request: { user: { preferred_username: string } },
+    @Path() cabinetName: string,
+    @Body() body: { name: string },
+  ) {
    if (!(await pathExist(`${cabinetName}/`))) {
      throw new HttpError(HttpStatusCode.PRECONDITION_FAILED, "Cabinet cannot be found.");
    }
@ -26,7 +44,7 @@ export class DrawerController extends Controller {
    const uploaded = await minioClient
      .putObject("ehr", `${cabinetName}/${body.name}/.keep`, "", 0, {
        createdAt: new Date().toISOString(),
-        createdBy: "SomeUser",
+        createdBy: request.user.preferred_username,
      })
      .catch((e) => console.error(e));

@ -39,6 +57,7 @@ export class DrawerController extends Controller {

  @Put("/{cabinetName}/drawer/{drawerName}")
  @Tags("Drawer")
+  @Security("bearerAuth")
  @SuccessResponse(HttpStatusCode.NO_CONTENT)
  public async editDrawer(
    @Path() cabinetName: string,
@ -78,6 +97,7 @@ export class DrawerController extends Controller {

  @Delete("/{cabinetName}/drawer/{drawerName}")
  @Tags("Drawer")
+  @Security("bearerAuth")
  @SuccessResponse(HttpStatusCode.NO_CONTENT)
  public async deleteDrawer(@Path() cabinetName: string, @Path() drawerName: string) {
    return new Promise((resolve, reject) => {
--- a/Prototype/server/src/controllers/folderController.ts
+++ b/Prototype/server/src/controllers/folderController.ts
@ -7,7 +7,9 @@ import {
  Post,
  Put,
  Query,
+  Request,
  Route,
+  Security,
  SuccessResponse,
  Tags,
 } from "tsoa";
@ -39,8 +41,10 @@ export class FolderController extends Controller {

  @Post("/{cabinetName}/drawer/{drawerName}/folder")
  @Tags("Folder")
+  @Security("bearerAuth")
  @SuccessResponse(HttpStatusCode.CREATED)
  public async createFolder(
+    @Request() request: { user: { preferred_username: string } },
    @Body() body: { name: string },
    @Path() cabinetName: string,
    @Path() drawerName: string,
@ -52,7 +56,7 @@ export class FolderController extends Controller {
    const uploaded = await minioClient
      .putObject("ehr", `${cabinetName}/${drawerName}/${body.name}/.keep`, "", 0, {
        createdAt: new Date().toISOString(),
-        createdBy: "SomeUser",
+        createdBy: request.user.preferred_username,
      })
      .catch((e) => console.error(e));

@ -65,6 +69,7 @@ export class FolderController extends Controller {

  @Put("/{cabinetName}/drawer/{drawerName}/folder/{folderName}")
  @Tags("Folder")
+  @Security("bearerAuth")
  @SuccessResponse(HttpStatusCode.NO_CONTENT)
  public async editFolder(
    @Body() body: { name: string },
@ -110,6 +115,7 @@ export class FolderController extends Controller {

  @Delete("/{cabinetName}/drawer/{drawerName}/folder/{folderName}")
  @Tags("Folder")
+  @Security("bearerAuth")
  @SuccessResponse(HttpStatusCode.NO_CONTENT)
  public async deleteFolder(
    @Path() cabinetName: string,
--- a/Prototype/server/src/controllers/subFolderController.ts
+++ b/Prototype/server/src/controllers/subFolderController.ts
@ -7,7 +7,9 @@ import {
  Post,
  Put,
  Query,
+  Request,
  Route,
+  Security,
  SuccessResponse,
  Tags,
 } from "tsoa";
@ -23,6 +25,7 @@ import minioClient from "../storage";
 export class SubFolderController extends Controller {
  @Get("/{cabinetName}/drawer/{drawerName}/folder/{folderName}/subfolder")
  @Tags("SubFolder")
+  @Security("bearerAuth")
  @SuccessResponse(HttpStatusCode.OK)
  public async listFolder(
    @Path() cabinetName: string,
@ -40,8 +43,10 @@ export class SubFolderController extends Controller {

  @Post("/{cabinetName}/drawer/{drawerName}/folder/{folderName}/subfolder")
  @Tags("SubFolder")
+  @Security("bearerAuth")
  @SuccessResponse(HttpStatusCode.CREATED)
  public async createFolder(
+    @Request() request: { user: { preferred_username: string } },
    @Body() body: { name: string },
    @Path() cabinetName: string,
    @Path() drawerName: string,
@ -57,7 +62,7 @@ export class SubFolderController extends Controller {
    const uploaded = await minioClient
      .putObject("ehr", `${cabinetName}/${drawerName}/${folderName}/${body.name}/.keep`, "", 0, {
        createdAt: new Date().toISOString(),
-        createdBy: "SomeUser",
+        createdBy: request.user.preferred_username,
      })
      .catch((e) => console.error(e));

@ -70,6 +75,7 @@ export class SubFolderController extends Controller {

  @Put("/{cabinetName}/drawer/{drawerName}/folder/{folderName}/subfolder/{subFolderName}")
  @Tags("SubFolder")
+  @Security("bearerAuth")
  @SuccessResponse(HttpStatusCode.NO_CONTENT)
  public async editFolder(
    @Body() body: { name: string },
@ -116,6 +122,7 @@ export class SubFolderController extends Controller {

  @Delete("/{cabinetName}/drawer/{drawerName}/folder/{folderName}/subfolder/{subFolderName}")
  @Tags("SubFolder")
+  @Security("bearerAuth")
  @SuccessResponse(HttpStatusCode.NO_CONTENT)
  public async deleteFolder(
    @Path() cabinetName: string,