guest mode permission
This commit is contained in:
parent
6e3e2426c8
commit
be60b5a602
@ -14,7 +14,7 @@ type PayloadInfo = {
|
|||||||
}
|
}
|
||||||
|
|
||||||
export type UserState = {
|
export type UserState = {
|
||||||
user?:PayloadInfo
|
user:PayloadInfo
|
||||||
};
|
};
|
||||||
|
|
||||||
const isUserState = (obj:object|string):obj is PayloadInfo =>{
|
const isUserState = (obj:object|string):obj is PayloadInfo =>{
|
||||||
@ -76,8 +76,10 @@ export const LogoutMiddleware = (ctx:Koa.Context,next:Koa.Next)=>{
|
|||||||
export const UserMiddleWare = async (ctx:Koa.ParameterizedContext<UserState>,next:Koa.Next)=>{
|
export const UserMiddleWare = async (ctx:Koa.ParameterizedContext<UserState>,next:Koa.Next)=>{
|
||||||
const secretKey = get_setting().jwt_secretkey;
|
const secretKey = get_setting().jwt_secretkey;
|
||||||
const payload = ctx.cookies.get(loginTokenName);
|
const payload = ctx.cookies.get(loginTokenName);
|
||||||
|
const setting = get_setting();
|
||||||
if(payload == undefined){
|
if(payload == undefined){
|
||||||
ctx.state['user'] = undefined;
|
ctx.state['user'] = {username:"",
|
||||||
|
permission:setting.guest};
|
||||||
return await next();
|
return await next();
|
||||||
}
|
}
|
||||||
const o = verify(payload,secretKey);
|
const o = verify(payload,secretKey);
|
||||||
|
@ -37,22 +37,22 @@ export enum Permission{
|
|||||||
|
|
||||||
export const createPermissionCheckMiddleware = (...permissions:string[]) => async (ctx: Koa.ParameterizedContext<UserState>,next:Koa.Next)=>{
|
export const createPermissionCheckMiddleware = (...permissions:string[]) => async (ctx: Koa.ParameterizedContext<UserState>,next:Koa.Next)=>{
|
||||||
const user = ctx.state['user'];
|
const user = ctx.state['user'];
|
||||||
if(user === undefined){
|
|
||||||
return sendError(401,"you are guest. login needed.");
|
|
||||||
}
|
|
||||||
if(user.username === "admin"){
|
if(user.username === "admin"){
|
||||||
return await next();
|
return await next();
|
||||||
}
|
}
|
||||||
const user_permission = user.permission;
|
const user_permission = user.permission;
|
||||||
//if permissions is not subset of user permission
|
//if permissions is not subset of user permission
|
||||||
if(!permissions.map(p=>user_permission.includes(p)).every(x=>x)){
|
if(!permissions.map(p=>user_permission.includes(p)).every(x=>x)){
|
||||||
return sendError(403,"do not have permission");
|
if(user.username === ""){
|
||||||
|
return sendError(401,"you are guest. login needed.");
|
||||||
|
}
|
||||||
|
else return sendError(403,"do not have permission");
|
||||||
}
|
}
|
||||||
await next();
|
await next();
|
||||||
}
|
}
|
||||||
export const AdminOnlyMiddleware = async (ctx: Koa.ParameterizedContext<UserState>,next:Koa.Next)=>{
|
export const AdminOnlyMiddleware = async (ctx: Koa.ParameterizedContext<UserState>,next:Koa.Next)=>{
|
||||||
const user = ctx.state['user'];
|
const user = ctx.state['user'];
|
||||||
if(user === undefined || user.username !== "admin"){
|
if(user.username !== "admin"){
|
||||||
return sendError(403,"admin only");
|
return sendError(403,"admin only");
|
||||||
}
|
}
|
||||||
await next();
|
await next();
|
||||||
|
@ -1,14 +1,18 @@
|
|||||||
import { Settings } from '@material-ui/icons';
|
import { Settings } from '@material-ui/icons';
|
||||||
import { randomBytes } from 'crypto';
|
import { randomBytes } from 'crypto';
|
||||||
import { existsSync, readFileSync, writeFileSync } from 'fs';
|
import { existsSync, readFileSync, writeFileSync } from 'fs';
|
||||||
|
import { Permission } from './permission/permission';
|
||||||
|
|
||||||
export type Setting = {
|
export type Setting = {
|
||||||
/**
|
/**
|
||||||
* if true, server will bind on '127.0.0.1' rather than '0.0.0.0'
|
* if true, server will bind on '127.0.0.1' rather than '0.0.0.0'
|
||||||
*/
|
*/
|
||||||
localmode: boolean,
|
localmode: boolean,
|
||||||
|
|
||||||
guest: boolean,
|
/**
|
||||||
|
* guest permission
|
||||||
|
*/
|
||||||
|
guest: (Permission)[],
|
||||||
/**
|
/**
|
||||||
* JWT secret key. if you change its value, all access tokens are invalidated.
|
* JWT secret key. if you change its value, all access tokens are invalidated.
|
||||||
*/
|
*/
|
||||||
@ -30,7 +34,7 @@ export type Setting = {
|
|||||||
const default_setting:Setting = {
|
const default_setting:Setting = {
|
||||||
|
|
||||||
localmode: true,
|
localmode: true,
|
||||||
guest:false,
|
guest:[],
|
||||||
jwt_secretkey:"itsRandom",
|
jwt_secretkey:"itsRandom",
|
||||||
port:8080,
|
port:8080,
|
||||||
mode:"production",
|
mode:"production",
|
||||||
|
Loading…
Reference in New Issue
Block a user