guest mode permission
This commit is contained in:
parent
6e3e2426c8
commit
be60b5a602
@ -14,7 +14,7 @@ type PayloadInfo = {
|
||||
}
|
||||
|
||||
export type UserState = {
|
||||
user?:PayloadInfo
|
||||
user:PayloadInfo
|
||||
};
|
||||
|
||||
const isUserState = (obj:object|string):obj is PayloadInfo =>{
|
||||
@ -76,8 +76,10 @@ export const LogoutMiddleware = (ctx:Koa.Context,next:Koa.Next)=>{
|
||||
export const UserMiddleWare = async (ctx:Koa.ParameterizedContext<UserState>,next:Koa.Next)=>{
|
||||
const secretKey = get_setting().jwt_secretkey;
|
||||
const payload = ctx.cookies.get(loginTokenName);
|
||||
const setting = get_setting();
|
||||
if(payload == undefined){
|
||||
ctx.state['user'] = undefined;
|
||||
ctx.state['user'] = {username:"",
|
||||
permission:setting.guest};
|
||||
return await next();
|
||||
}
|
||||
const o = verify(payload,secretKey);
|
||||
|
||||
@ -37,22 +37,22 @@ export enum Permission{
|
||||
|
||||
export const createPermissionCheckMiddleware = (...permissions:string[]) => async (ctx: Koa.ParameterizedContext<UserState>,next:Koa.Next)=>{
|
||||
const user = ctx.state['user'];
|
||||
if(user === undefined){
|
||||
return sendError(401,"you are guest. login needed.");
|
||||
}
|
||||
if(user.username === "admin"){
|
||||
return await next();
|
||||
}
|
||||
const user_permission = user.permission;
|
||||
//if permissions is not subset of user permission
|
||||
if(!permissions.map(p=>user_permission.includes(p)).every(x=>x)){
|
||||
return sendError(403,"do not have permission");
|
||||
if(user.username === ""){
|
||||
return sendError(401,"you are guest. login needed.");
|
||||
}
|
||||
else return sendError(403,"do not have permission");
|
||||
}
|
||||
await next();
|
||||
}
|
||||
export const AdminOnlyMiddleware = async (ctx: Koa.ParameterizedContext<UserState>,next:Koa.Next)=>{
|
||||
const user = ctx.state['user'];
|
||||
if(user === undefined || user.username !== "admin"){
|
||||
if(user.username !== "admin"){
|
||||
return sendError(403,"admin only");
|
||||
}
|
||||
await next();
|
||||
|
||||
@ -1,14 +1,18 @@
|
||||
import { Settings } from '@material-ui/icons';
|
||||
import { randomBytes } from 'crypto';
|
||||
import { existsSync, readFileSync, writeFileSync } from 'fs';
|
||||
import { Permission } from './permission/permission';
|
||||
|
||||
export type Setting = {
|
||||
/**
|
||||
* if true, server will bind on '127.0.0.1' rather than '0.0.0.0'
|
||||
*/
|
||||
localmode: boolean,
|
||||
|
||||
guest: boolean,
|
||||
|
||||
/**
|
||||
* guest permission
|
||||
*/
|
||||
guest: (Permission)[],
|
||||
/**
|
||||
* JWT secret key. if you change its value, all access tokens are invalidated.
|
||||
*/
|
||||
@ -30,7 +34,7 @@ export type Setting = {
|
||||
const default_setting:Setting = {
|
||||
|
||||
localmode: true,
|
||||
guest:false,
|
||||
guest:[],
|
||||
jwt_secretkey:"itsRandom",
|
||||
port:8080,
|
||||
mode:"production",
|
||||
|
||||
Loading…
Reference in New Issue
Block a user