guest mode permission

This commit is contained in:
monoid 2021-01-10 18:56:28 +09:00
parent 6e3e2426c8
commit be60b5a602
3 changed files with 16 additions and 10 deletions

View File

@ -14,7 +14,7 @@ type PayloadInfo = {
} }
export type UserState = { export type UserState = {
user?:PayloadInfo user:PayloadInfo
}; };
const isUserState = (obj:object|string):obj is PayloadInfo =>{ const isUserState = (obj:object|string):obj is PayloadInfo =>{
@ -76,8 +76,10 @@ export const LogoutMiddleware = (ctx:Koa.Context,next:Koa.Next)=>{
export const UserMiddleWare = async (ctx:Koa.ParameterizedContext<UserState>,next:Koa.Next)=>{ export const UserMiddleWare = async (ctx:Koa.ParameterizedContext<UserState>,next:Koa.Next)=>{
const secretKey = get_setting().jwt_secretkey; const secretKey = get_setting().jwt_secretkey;
const payload = ctx.cookies.get(loginTokenName); const payload = ctx.cookies.get(loginTokenName);
const setting = get_setting();
if(payload == undefined){ if(payload == undefined){
ctx.state['user'] = undefined; ctx.state['user'] = {username:"",
permission:setting.guest};
return await next(); return await next();
} }
const o = verify(payload,secretKey); const o = verify(payload,secretKey);

View File

@ -37,22 +37,22 @@ export enum Permission{
export const createPermissionCheckMiddleware = (...permissions:string[]) => async (ctx: Koa.ParameterizedContext<UserState>,next:Koa.Next)=>{ export const createPermissionCheckMiddleware = (...permissions:string[]) => async (ctx: Koa.ParameterizedContext<UserState>,next:Koa.Next)=>{
const user = ctx.state['user']; const user = ctx.state['user'];
if(user === undefined){
return sendError(401,"you are guest. login needed.");
}
if(user.username === "admin"){ if(user.username === "admin"){
return await next(); return await next();
} }
const user_permission = user.permission; const user_permission = user.permission;
//if permissions is not subset of user permission //if permissions is not subset of user permission
if(!permissions.map(p=>user_permission.includes(p)).every(x=>x)){ if(!permissions.map(p=>user_permission.includes(p)).every(x=>x)){
return sendError(403,"do not have permission"); if(user.username === ""){
return sendError(401,"you are guest. login needed.");
}
else return sendError(403,"do not have permission");
} }
await next(); await next();
} }
export const AdminOnlyMiddleware = async (ctx: Koa.ParameterizedContext<UserState>,next:Koa.Next)=>{ export const AdminOnlyMiddleware = async (ctx: Koa.ParameterizedContext<UserState>,next:Koa.Next)=>{
const user = ctx.state['user']; const user = ctx.state['user'];
if(user === undefined || user.username !== "admin"){ if(user.username !== "admin"){
return sendError(403,"admin only"); return sendError(403,"admin only");
} }
await next(); await next();

View File

@ -1,14 +1,18 @@
import { Settings } from '@material-ui/icons'; import { Settings } from '@material-ui/icons';
import { randomBytes } from 'crypto'; import { randomBytes } from 'crypto';
import { existsSync, readFileSync, writeFileSync } from 'fs'; import { existsSync, readFileSync, writeFileSync } from 'fs';
import { Permission } from './permission/permission';
export type Setting = { export type Setting = {
/** /**
* if true, server will bind on '127.0.0.1' rather than '0.0.0.0' * if true, server will bind on '127.0.0.1' rather than '0.0.0.0'
*/ */
localmode: boolean, localmode: boolean,
guest: boolean, /**
* guest permission
*/
guest: (Permission)[],
/** /**
* JWT secret key. if you change its value, all access tokens are invalidated. * JWT secret key. if you change its value, all access tokens are invalidated.
*/ */
@ -30,7 +34,7 @@ export type Setting = {
const default_setting:Setting = { const default_setting:Setting = {
localmode: true, localmode: true,
guest:false, guest:[],
jwt_secretkey:"itsRandom", jwt_secretkey:"itsRandom",
port:8080, port:8080,
mode:"production", mode:"production",