fix: auth role and rename dir

This commit is contained in:
Methapon2001 2023-11-29 17:18:08 +07:00
parent 2dd8b2b92d
commit d5e4cc7315
No known key found for this signature in database
GPG key ID: 849924FEF46BD132
5 changed files with 13 additions and 5 deletions

View file

@ -35,7 +35,11 @@ export async function expressAuthentication(
throw new HttpError(HttpStatusCode.UNAUTHORIZED, "Invalid token provided.");
}
if (scopes && !scopes.some((v) => payload.resource_access[payload.azp].roles.includes(v))) {
if (
scopes &&
scopes.length > 0 &&
scopes.some((v) => !payload.resource_access[payload.azp].roles.includes(v))
) {
throw new HttpError(HttpStatusCode.FORBIDDEN, "You are not allowed to perform this action.");
}