From be60b5a602af1e7d7d76cbb3ccdac22a96b8ed8f Mon Sep 17 00:00:00 2001
From: monoid <qaswedfr55@gmail.com>
Date: Sun, 10 Jan 2021 18:56:28 +0900
Subject: [PATCH] guest mode permission

---
 src/login.ts                 |  6 ++++--
 src/permission/permission.ts | 10 +++++-----
 src/setting.ts               | 10 +++++++---
 3 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/src/login.ts b/src/login.ts
index 2922e1b..776c3fe 100644
--- a/src/login.ts
+++ b/src/login.ts
@@ -14,7 +14,7 @@ type PayloadInfo = {
 }
 
 export type UserState = {
-    user?:PayloadInfo
+    user:PayloadInfo
 };
 
 const isUserState = (obj:object|string):obj is PayloadInfo =>{
@@ -76,8 +76,10 @@ export const LogoutMiddleware = (ctx:Koa.Context,next:Koa.Next)=>{
 export const UserMiddleWare = async (ctx:Koa.ParameterizedContext<UserState>,next:Koa.Next)=>{
     const secretKey = get_setting().jwt_secretkey;
     const payload = ctx.cookies.get(loginTokenName);
+    const setting = get_setting();
     if(payload == undefined){
-        ctx.state['user'] = undefined;
+        ctx.state['user'] = {username:"",
+        permission:setting.guest};
         return await next();
     }
     const o = verify(payload,secretKey);
diff --git a/src/permission/permission.ts b/src/permission/permission.ts
index b7d5e71..232731a 100644
--- a/src/permission/permission.ts
+++ b/src/permission/permission.ts
@@ -37,22 +37,22 @@ export enum Permission{
 
 export const createPermissionCheckMiddleware = (...permissions:string[]) => async (ctx: Koa.ParameterizedContext<UserState>,next:Koa.Next)=>{
     const user = ctx.state['user'];
-    if(user === undefined){
-        return sendError(401,"you are guest. login needed.");
-    }
     if(user.username === "admin"){
         return await next();    
     }
     const user_permission = user.permission;
     //if permissions is not subset of user permission
     if(!permissions.map(p=>user_permission.includes(p)).every(x=>x)){
-        return sendError(403,"do not have permission");
+        if(user.username === ""){
+            return sendError(401,"you are guest. login needed.");
+        }
+        else return sendError(403,"do not have permission");
     }
     await next();
 }
 export const AdminOnlyMiddleware = async (ctx: Koa.ParameterizedContext<UserState>,next:Koa.Next)=>{
     const user = ctx.state['user'];
-    if(user === undefined || user.username !== "admin"){
+    if(user.username !== "admin"){
         return sendError(403,"admin only");
     }
     await next();    
diff --git a/src/setting.ts b/src/setting.ts
index d5d44fb..6378071 100644
--- a/src/setting.ts
+++ b/src/setting.ts
@@ -1,14 +1,18 @@
 import { Settings } from '@material-ui/icons';
 import { randomBytes } from 'crypto';
 import { existsSync, readFileSync, writeFileSync } from 'fs';
+import { Permission } from './permission/permission';
 
 export type Setting = {
     /**
      * if true, server will bind on '127.0.0.1' rather than '0.0.0.0'
      */
     localmode: boolean,
-    
-    guest: boolean,
+
+    /**
+     * guest permission
+     */
+    guest: (Permission)[],
     /**
      * JWT secret key. if you change its value, all access tokens are invalidated.
      */
@@ -30,7 +34,7 @@ export type Setting = {
 const default_setting:Setting = {
 
     localmode: true,
-    guest:false,
+    guest:[],
     jwt_secretkey:"itsRandom",
     port:8080,
     mode:"production",