From be60b5a602af1e7d7d76cbb3ccdac22a96b8ed8f Mon Sep 17 00:00:00 2001 From: monoid Date: Sun, 10 Jan 2021 18:56:28 +0900 Subject: [PATCH] guest mode permission --- src/login.ts | 6 ++++-- src/permission/permission.ts | 10 +++++----- src/setting.ts | 10 +++++++--- 3 files changed, 16 insertions(+), 10 deletions(-) diff --git a/src/login.ts b/src/login.ts index 2922e1b..776c3fe 100644 --- a/src/login.ts +++ b/src/login.ts @@ -14,7 +14,7 @@ type PayloadInfo = { } export type UserState = { - user?:PayloadInfo + user:PayloadInfo }; const isUserState = (obj:object|string):obj is PayloadInfo =>{ @@ -76,8 +76,10 @@ export const LogoutMiddleware = (ctx:Koa.Context,next:Koa.Next)=>{ export const UserMiddleWare = async (ctx:Koa.ParameterizedContext,next:Koa.Next)=>{ const secretKey = get_setting().jwt_secretkey; const payload = ctx.cookies.get(loginTokenName); + const setting = get_setting(); if(payload == undefined){ - ctx.state['user'] = undefined; + ctx.state['user'] = {username:"", + permission:setting.guest}; return await next(); } const o = verify(payload,secretKey); diff --git a/src/permission/permission.ts b/src/permission/permission.ts index b7d5e71..232731a 100644 --- a/src/permission/permission.ts +++ b/src/permission/permission.ts @@ -37,22 +37,22 @@ export enum Permission{ export const createPermissionCheckMiddleware = (...permissions:string[]) => async (ctx: Koa.ParameterizedContext,next:Koa.Next)=>{ const user = ctx.state['user']; - if(user === undefined){ - return sendError(401,"you are guest. login needed."); - } if(user.username === "admin"){ return await next(); } const user_permission = user.permission; //if permissions is not subset of user permission if(!permissions.map(p=>user_permission.includes(p)).every(x=>x)){ - return sendError(403,"do not have permission"); + if(user.username === ""){ + return sendError(401,"you are guest. login needed."); + } + else return sendError(403,"do not have permission"); } await next(); } export const AdminOnlyMiddleware = async (ctx: Koa.ParameterizedContext,next:Koa.Next)=>{ const user = ctx.state['user']; - if(user === undefined || user.username !== "admin"){ + if(user.username !== "admin"){ return sendError(403,"admin only"); } await next(); diff --git a/src/setting.ts b/src/setting.ts index d5d44fb..6378071 100644 --- a/src/setting.ts +++ b/src/setting.ts @@ -1,14 +1,18 @@ import { Settings } from '@material-ui/icons'; import { randomBytes } from 'crypto'; import { existsSync, readFileSync, writeFileSync } from 'fs'; +import { Permission } from './permission/permission'; export type Setting = { /** * if true, server will bind on '127.0.0.1' rather than '0.0.0.0' */ localmode: boolean, - - guest: boolean, + + /** + * guest permission + */ + guest: (Permission)[], /** * JWT secret key. if you change its value, all access tokens are invalidated. */ @@ -30,7 +34,7 @@ export type Setting = { const default_setting:Setting = { localmode: true, - guest:false, + guest:[], jwt_secretkey:"itsRandom", port:8080, mode:"production",