Aaltronav/dougal-software
1
0
Fork 0
mirror of https://gitlab.com/wgp/dougal/software.git synced 2025-12-06 09:17:08 +00:00
Code Issues Packages Projects Releases Activity

Add authorisation middleware.

Browse Source 
Defines three levels of access:
* read: anyone who is logged in
* write: `user` and `admin` roles
* admin: `admin` roles
This commit is contained in:
D. Berge
2020-10-12 19:42:02 +02:00
parent 5594b6863c
commit 3c86981dc6
2 changed files with 32 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
lib/www/server/api/middleware/auth/access.js Normal file
View File

@@ -0,0 +1,31 @@
async function read (req, res, next) {
if (req.user) {
next();
} else {
next({status: 403, message: "Access denied"});
}
}
async function write (req, res, next) {
if (req.user && (req.user.role == "user" || req.user.role == "admin")) {
next();
} else {
next({status: 403, message: "Access denied"});
}
}
async function admin (req, res, next) {
if (req.user && req.user.role == "admin") {
next();
} else {
next({status: 403, message: "Access denied"});
}
}
module.exports = {
read,
write,
admin
};

2
lib/www/server/api/middleware/auth/index.js
View File

@@ -1,4 +1,4 @@
exports.jwt = require('./jwt');
// exports.access = require('./access');
exports.authentify = require('./authentify');
exports.access = require('./access');