From 3049dfcd75c5cd66b3fdb12d1e3767cba55134e3 Mon Sep 17 00:00:00 2001 From: OxSaitama Date: Tue, 25 Jul 2023 11:34:38 +0200 Subject: [PATCH] fix(middlewares): add error catcher --- src/app/middlewares/AuthHandler.ts | 35 +++--- .../CustomerHandler/DocumentHandler.ts | 34 +++--- .../CustomerHandler/FileHandler.ts | 2 + .../OfficeMembershipHandlers/DeedHandler.ts | 61 ++++++----- .../DeedTypeHandler.ts | 67 ++++++------ .../DocumentHandler.ts | 93 ++++++++-------- .../DocumentTypeHandler.ts | 47 ++++---- .../OfficeMembershipHandlers/FileHandler.ts | 68 ++++++------ .../OfficeMembershipHandlers/FolderHandler.ts | 101 ++++++++++-------- .../OfficeRoleHandler.ts | 47 ++++---- .../OfficeMembershipHandlers/UserHandler.ts | 46 ++++---- src/app/middlewares/RulesHandler.ts | 43 ++++---- src/common/config/variables/Variables.ts | 5 +- 13 files changed, 362 insertions(+), 287 deletions(-) diff --git a/src/app/middlewares/AuthHandler.ts b/src/app/middlewares/AuthHandler.ts index 4166834e..bd3f1293 100644 --- a/src/app/middlewares/AuthHandler.ts +++ b/src/app/middlewares/AuthHandler.ts @@ -4,21 +4,28 @@ import { NextFunction, Request, Response } from "express"; import Container from "typedi"; export default function authHandler(req: Request, response: Response, next: NextFunction) { - const authHeader = req.headers["authorization"]; - const token = authHeader && authHeader.split(" ")[1]; + try { + const authHeader = req.headers["authorization"]; + const token = authHeader && authHeader.split(" ")[1]; - if (!token) { - response.status(HttpCodes.UNAUTHORIZED).send("Missing token in authorization header"); - return; - } - - const authService = Container.get(AuthService); - authService.verifyAccessToken(token, (err, userPayload) => { - if (err) { - response.status(HttpCodes.UNAUTHORIZED).send("Error while verifying token"); + if (!token) { + response.status(HttpCodes.UNAUTHORIZED).send("Missing token in authorization header"); return; } - req.body.user = userPayload; - next(); - }); + + const authService = Container.get(AuthService); + authService.verifyAccessToken(token, (err, userPayload) => { + if (err) { + response.status(HttpCodes.UNAUTHORIZED).send("Error while verifying token"); + return; + } + req.body.user = userPayload; + next(); + }); + + } catch (error) { + console.log(error); + response.status(HttpCodes.INTERNAL_ERROR).send("Internal server error"); + return; + } } diff --git a/src/app/middlewares/CustomerHandler/DocumentHandler.ts b/src/app/middlewares/CustomerHandler/DocumentHandler.ts index 8963aab8..f263f7dd 100644 --- a/src/app/middlewares/CustomerHandler/DocumentHandler.ts +++ b/src/app/middlewares/CustomerHandler/DocumentHandler.ts @@ -4,20 +4,28 @@ import { NextFunction, Request, Response } from "express"; import Container from "typedi"; export default async function documentHandler(req: Request, response: Response, next: NextFunction) { - const customerId = req.body.user.customerId; - const uid = req.path && req.path.split("/")[5]; + try { + const customerId = req.body.user.customerId; + const uid = req.path && req.path.split("/")[5]; - if(!uid) { - response.status(HttpCodes.BAD_REQUEST).send("Missing document uid"); + if (!uid) { + response.status(HttpCodes.BAD_REQUEST).send("Missing document uid"); + return; + } + + const documentService = Container.get(DocumentsService); + const document = await documentService.getByUid(uid); + + if (document?.depositor_uid != customerId) { + response.status(HttpCodes.UNAUTHORIZED).send("Not authorized with this depositor"); + return; + } + + next(); + + } catch (error) { + console.log(error); + response.status(HttpCodes.INTERNAL_ERROR).send("Internal server error"); return; } - - const documentService = Container.get(DocumentsService); - const document = await documentService.getByUid(uid); - - if(document?.depositor_uid != customerId) { - response.status(HttpCodes.UNAUTHORIZED).send("Not authorized with this depositor"); - return; - } - } diff --git a/src/app/middlewares/CustomerHandler/FileHandler.ts b/src/app/middlewares/CustomerHandler/FileHandler.ts index 3f86ccb9..0c9d82a1 100644 --- a/src/app/middlewares/CustomerHandler/FileHandler.ts +++ b/src/app/middlewares/CustomerHandler/FileHandler.ts @@ -34,4 +34,6 @@ export default async function fileHandler(req: Request, response: Response, next return; } } + + next(); } diff --git a/src/app/middlewares/OfficeMembershipHandlers/DeedHandler.ts b/src/app/middlewares/OfficeMembershipHandlers/DeedHandler.ts index 7ca6d7fc..f4986dc7 100644 --- a/src/app/middlewares/OfficeMembershipHandlers/DeedHandler.ts +++ b/src/app/middlewares/OfficeMembershipHandlers/DeedHandler.ts @@ -6,39 +6,46 @@ import Container from "typedi"; import DocumentTypesService from "@Services/super-admin/DocumentTypesService/DocumentTypesService"; export default async function deedHandler(req: Request, response: Response, next: NextFunction) { - const officeId = req.body.user.office_Id; - const uid = req.path && req.path.split("/")[5]; - const documentTypes: DocumentType[] = req.body.document_types; + try { + const officeId = req.body.user.office_Id; + const uid = req.path && req.path.split("/")[5]; + const documentTypes: DocumentType[] = req.body.document_types; - if (uid) { - const deedService = Container.get(DeedsService); - const deed = await deedService.getByUidWithOffice(uid); + if (uid) { + const deedService = Container.get(DeedsService); + const deed = await deedService.getByUidWithOffice(uid); - if (!deed) { - response.status(HttpCodes.NOT_FOUND).send("Deed not found"); - return; - } - - if (deed.deed_type.office.uid != officeId) { - response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); - return; - } - } - - if (documentTypes) { - const documentTypeService = Container.get(DocumentTypesService); - documentTypes.forEach(async (documentType) => { - const deedTypeWithOffice = await documentTypeService.getByUidWithOffice(documentType.uid!); - if (!deedTypeWithOffice) { - response.status(HttpCodes.NOT_FOUND).send("Deed type not found"); + if (!deed) { + response.status(HttpCodes.NOT_FOUND).send("Deed not found"); return; } - if (deedTypeWithOffice.office?.uid != officeId) { + + if (deed.deed_type.office.uid != officeId) { response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); return; } - }); - } + } - next(); + if (documentTypes) { + const documentTypeService = Container.get(DocumentTypesService); + documentTypes.forEach(async (documentType) => { + const deedTypeWithOffice = await documentTypeService.getByUidWithOffice(documentType.uid!); + if (!deedTypeWithOffice) { + response.status(HttpCodes.NOT_FOUND).send("Deed type not found"); + return; + } + if (deedTypeWithOffice.office?.uid != officeId) { + response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); + return; + } + }); + } + + next(); + + } catch (error) { + console.log(error); + response.status(HttpCodes.INTERNAL_ERROR).send("Internal server error"); + return; + } } diff --git a/src/app/middlewares/OfficeMembershipHandlers/DeedTypeHandler.ts b/src/app/middlewares/OfficeMembershipHandlers/DeedTypeHandler.ts index 2836b3d5..d3e04e43 100644 --- a/src/app/middlewares/OfficeMembershipHandlers/DeedTypeHandler.ts +++ b/src/app/middlewares/OfficeMembershipHandlers/DeedTypeHandler.ts @@ -6,45 +6,52 @@ import Container from "typedi"; import DocumentTypesService from "@Services/super-admin/DocumentTypesService/DocumentTypesService"; export default async function deedTypeHandler(req: Request, response: Response, next: NextFunction) { - const officeId = req.body.user.office_Id; - const uid = req.path && req.path.split("/")[5]; - const documentTypes: DocumentType[] = req.body.document_types; - const office = req.body.office; + try { + const officeId = req.body.user.office_Id; + const uid = req.path && req.path.split("/")[5]; + const documentTypes: DocumentType[] = req.body.document_types; + const office = req.body.office; - if (office && office.uid != officeId) { - response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); - return; - } - - if (uid) { - const deedTypeService = Container.get(DeedTypesService); - const deedType = await deedTypeService.getByUidWithOffice(uid!); - - if (!deedType) { - response.status(HttpCodes.NOT_FOUND).send("Deed type not found"); - return; - } - - if (deedType.office.uid != officeId) { + if (office && office.uid != officeId) { response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); return; } - } - if (documentTypes) { - const documentTypeService = Container.get(DocumentTypesService); - documentTypes.forEach(async (documentType) => { - const documentTypeWithOffice = await documentTypeService.getByUidWithOffice(documentType.uid!); - if (!documentTypeWithOffice) { - response.status(HttpCodes.NOT_FOUND).send("Document type not found"); + if (uid) { + const deedTypeService = Container.get(DeedTypesService); + const deedType = await deedTypeService.getByUidWithOffice(uid!); + + if (!deedType) { + response.status(HttpCodes.NOT_FOUND).send("Deed type not found"); return; } - if (documentTypeWithOffice.office?.uid != officeId) { + + if (deedType.office.uid != officeId) { response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); return; } - }); - } + } - next(); + if (documentTypes) { + const documentTypeService = Container.get(DocumentTypesService); + documentTypes.forEach(async (documentType) => { + const documentTypeWithOffice = await documentTypeService.getByUidWithOffice(documentType.uid!); + if (!documentTypeWithOffice) { + response.status(HttpCodes.NOT_FOUND).send("Document type not found"); + return; + } + if (documentTypeWithOffice.office?.uid != officeId) { + response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); + return; + } + }); + } + + next(); + + } catch (error) { + console.log(error); + response.status(HttpCodes.INTERNAL_ERROR).send("Internal server error"); + return; + } } diff --git a/src/app/middlewares/OfficeMembershipHandlers/DocumentHandler.ts b/src/app/middlewares/OfficeMembershipHandlers/DocumentHandler.ts index 62470f16..9d684de0 100644 --- a/src/app/middlewares/OfficeMembershipHandlers/DocumentHandler.ts +++ b/src/app/middlewares/OfficeMembershipHandlers/DocumentHandler.ts @@ -8,51 +8,58 @@ import DocumentTypesService from "@Services/super-admin/DocumentTypesService/Doc import OfficeFoldersService from "@Services/super-admin/OfficeFoldersService/OfficeFoldersService"; export default async function documentHandler(req: Request, response: Response, next: NextFunction) { - const officeId = req.body.user.office_Id; - const uid = req.path && req.path.split("/")[5]; - const documentType: DocumentType = req.body.document_type; - const folder: OfficeFolder = req.body.folder; + try { + const officeId = req.body.user.office_Id; + const uid = req.path && req.path.split("/")[5]; + const documentType: DocumentType = req.body.document_type; + const folder: OfficeFolder = req.body.folder; - if (folder) { - const officeFolderService = Container.get(OfficeFoldersService); - const officeFolderWithOffice = await officeFolderService.getByUidWithOffice(folder.uid!); - if (!officeFolderWithOffice) { - response.status(HttpCodes.NOT_FOUND).send("Folder not found"); - return; + if (folder) { + const officeFolderService = Container.get(OfficeFoldersService); + const officeFolderWithOffice = await officeFolderService.getByUidWithOffice(folder.uid!); + if (!officeFolderWithOffice) { + response.status(HttpCodes.NOT_FOUND).send("Folder not found"); + return; + } + if (officeFolderWithOffice.office?.uid != officeId) { + response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); + return; + } } - if (officeFolderWithOffice.office?.uid != officeId) { - response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); - return; + + if (documentType) { + const documentTypeService = Container.get(DocumentTypesService); + const documentTypeWithOffice = await documentTypeService.getByUidWithOffice(documentType.uid!); + if (!documentTypeWithOffice) { + response.status(HttpCodes.NOT_FOUND).send("Document type not found"); + return; + } + if (documentTypeWithOffice.office?.uid != officeId) { + response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); + return; + } } + + if (uid) { + const documentService = Container.get(DocumentsService); + const document = await documentService.getByUidWithOffice(uid!); + + if (!document) { + response.sendStatus(HttpCodes.NOT_FOUND); + return; + } + + if (document.document_type.office.uid != officeId) { + response.sendStatus(HttpCodes.UNAUTHORIZED); + return; + } + } + + next(); + + } catch (error) { + console.log(error); + response.status(HttpCodes.INTERNAL_ERROR).send("Internal server error"); + return; } - - if (documentType) { - const documentTypeService = Container.get(DocumentTypesService); - const documentTypeWithOffice = await documentTypeService.getByUidWithOffice(documentType.uid!); - if (!documentTypeWithOffice) { - response.status(HttpCodes.NOT_FOUND).send("Document type not found"); - return; - } - if (documentTypeWithOffice.office?.uid != officeId) { - response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); - return; - } - } - - if (uid) { - const documentService = Container.get(DocumentsService); - const document = await documentService.getByUidWithOffice(uid!); - - if (!document) { - response.sendStatus(HttpCodes.NOT_FOUND); - return; - } - - if (document.document_type.office.uid != officeId) { - response.sendStatus(HttpCodes.UNAUTHORIZED); - return; - } - } - - next(); } diff --git a/src/app/middlewares/OfficeMembershipHandlers/DocumentTypeHandler.ts b/src/app/middlewares/OfficeMembershipHandlers/DocumentTypeHandler.ts index 250487cd..9c8c8071 100644 --- a/src/app/middlewares/OfficeMembershipHandlers/DocumentTypeHandler.ts +++ b/src/app/middlewares/OfficeMembershipHandlers/DocumentTypeHandler.ts @@ -4,29 +4,36 @@ import Container from "typedi"; import DocumentTypesService from "@Services/super-admin/DocumentTypesService/DocumentTypesService"; export default async function documentTypeHandler(req: Request, response: Response, next: NextFunction) { - const officeId = req.body.user.office_Id; - const uid = req.path && req.path.split("/")[5]; - const office = req.body.office; + try { + const officeId = req.body.user.office_Id; + const uid = req.path && req.path.split("/")[5]; + const office = req.body.office; - if (office && office.uid != officeId) { - response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); - return; - } - - if (uid) { - const documentTypeService = Container.get(DocumentTypesService); - const documentType = await documentTypeService.getByUidWithOffice(uid!); - - if (!documentType) { - response.status(HttpCodes.NOT_FOUND).send("Document type not found"); - return; - } - - if (documentType.office.uid != officeId) { + if (office && office.uid != officeId) { response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); return; } - } - next(); + if (uid) { + const documentTypeService = Container.get(DocumentTypesService); + const documentType = await documentTypeService.getByUidWithOffice(uid!); + + if (!documentType) { + response.status(HttpCodes.NOT_FOUND).send("Document type not found"); + return; + } + + if (documentType.office.uid != officeId) { + response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); + return; + } + } + + next(); + + } catch (error) { + console.log(error); + response.status(HttpCodes.INTERNAL_ERROR).send("Internal server error"); + return; + } } diff --git a/src/app/middlewares/OfficeMembershipHandlers/FileHandler.ts b/src/app/middlewares/OfficeMembershipHandlers/FileHandler.ts index d91ad586..64556871 100644 --- a/src/app/middlewares/OfficeMembershipHandlers/FileHandler.ts +++ b/src/app/middlewares/OfficeMembershipHandlers/FileHandler.ts @@ -5,38 +5,44 @@ import FilesService from "@Services/common/FilesService/FilesService"; import DocumentsService from "@Services/super-admin/DocumentsService/DocumentsService"; export default async function fileHandler(req: Request, response: Response, next: NextFunction) { - const officeId = req.body.user.office_Id; - let uid = req.path && req.path.split("/")[5]; - const document = req.body.document; - - if (document) { - const documentService = Container.get(DocumentsService); - const documentWithOffice = await documentService.getByUidWithOffice(document.uid!); - if (!documentWithOffice) { - response.status(HttpCodes.NOT_FOUND).send("Document not found"); - return; + try { + const officeId = req.body.user.office_Id; + let uid = req.path && req.path.split("/")[5]; + const document = req.body.document; + + if (document) { + const documentService = Container.get(DocumentsService); + const documentWithOffice = await documentService.getByUidWithOffice(document.uid!); + if (!documentWithOffice) { + response.status(HttpCodes.NOT_FOUND).send("Document not found"); + return; + } + if (documentWithOffice.folder.office?.uid != officeId) { + response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); + return; + } } - if (documentWithOffice.folder.office?.uid != officeId) { - response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); - return; + + if (uid === "download") uid = req.path && req.path.split("/")[6]; + + if (uid) { + const fileService = Container.get(FilesService); + const file = await fileService.getByUidWithOffice(uid!); + + if (!file) { + response.status(HttpCodes.NOT_FOUND).send("File not found"); + return; + } + if (file.document.folder.office.uid != officeId) { + response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); + return; + } } + + next(); + } catch (error) { + console.log(error); + response.status(HttpCodes.INTERNAL_ERROR).send("Internal server error"); + return; } - - if (uid === "download") uid = req.path && req.path.split("/")[6]; - - if (uid) { - const fileService = Container.get(FilesService); - const file = await fileService.getByUidWithOffice(uid!); - - if (!file) { - response.status(HttpCodes.NOT_FOUND).send("File not found"); - return; - } - if (file.document.folder.office.uid != officeId) { - response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); - return; - } - } - - next(); } diff --git a/src/app/middlewares/OfficeMembershipHandlers/FolderHandler.ts b/src/app/middlewares/OfficeMembershipHandlers/FolderHandler.ts index 1b3de999..5993fa7b 100644 --- a/src/app/middlewares/OfficeMembershipHandlers/FolderHandler.ts +++ b/src/app/middlewares/OfficeMembershipHandlers/FolderHandler.ts @@ -5,55 +5,62 @@ import OfficeFoldersService from "@Services/super-admin/OfficeFoldersService/Off import DeedTypesService from "@Services/super-admin/DeedTypesService/DeedTypesService"; export default async function folderHandler(req: Request, response: Response, next: NextFunction) { - const officeId = req.body.user.office_Id; - const uid = req.path && req.path.split("/")[5]; - const office = req.body.office; - const officeFolderNumber = req.body.folder_number; - const deed = req.body.deed; - - if (office && office.uid != officeId) { - response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); - return; - } - - if (deed) { - const deedTypeService = Container.get(DeedTypesService); - const deedTypeWithOffice = await deedTypeService.getByUidWithOffice(deed.deed_type.uid!); - if (!deedTypeWithOffice) { - response.status(HttpCodes.NOT_FOUND).send("Deed type not found"); - return; - } - if (deedTypeWithOffice.office.uid != officeId) { - response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this deed type"); - return; - } - } - - const officeFolderService = Container.get(OfficeFoldersService); - - if (officeFolderNumber && req.method == "POST") { - const officeFoldersWithSameNumber = await officeFolderService.get({ - where: { folder_number: officeFolderNumber, office: { uid: officeId } }, - }); - if (officeFoldersWithSameNumber.length) { - response.status(HttpCodes.BAD_REQUEST).send("Office number already used"); - return; - } - } - - if (uid) { - const officeFolder = await officeFolderService.getByUidWithOffice(uid!); - - if (!officeFolder) { - response.status(HttpCodes.NOT_FOUND).send("Office folder not found"); - return; - } - - if (officeFolder.office.uid != officeId) { + try { + const officeId = req.body.user.office_Id; + const uid = req.path && req.path.split("/")[5]; + const office = req.body.office; + const officeFolderNumber = req.body.folder_number; + const deed = req.body.deed; + + if (office && office.uid != officeId) { response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); return; } - } + + if (deed && deed.deed_type) { + const deedTypeService = Container.get(DeedTypesService); + const deedTypeWithOffice = await deedTypeService.getByUidWithOffice(deed.deed_type.uid!); + if (!deedTypeWithOffice) { + response.status(HttpCodes.NOT_FOUND).send("Deed type not found"); + return; + } + if (deedTypeWithOffice.office.uid != officeId) { + response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this deed type"); + return; + } + } + + const officeFolderService = Container.get(OfficeFoldersService); + + if (officeFolderNumber && req.method == "POST") { + const officeFoldersWithSameNumber = await officeFolderService.get({ + where: { folder_number: officeFolderNumber, office: { uid: officeId } }, + }); + if (officeFoldersWithSameNumber.length) { + response.status(HttpCodes.BAD_REQUEST).send("Office number already used"); + return; + } + } + + if (uid) { + const officeFolder = await officeFolderService.getByUidWithOffice(uid!); + + if (!officeFolder) { + response.status(HttpCodes.NOT_FOUND).send("Office folder not found"); + return; + } + + if (officeFolder.office.uid != officeId) { + response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); + return; + } + } + + next(); - next(); + } catch (error) { + console.log(error); + response.status(HttpCodes.INTERNAL_ERROR).send("Internal server error"); + return; + } } diff --git a/src/app/middlewares/OfficeMembershipHandlers/OfficeRoleHandler.ts b/src/app/middlewares/OfficeMembershipHandlers/OfficeRoleHandler.ts index 51716731..c0e9f53f 100644 --- a/src/app/middlewares/OfficeMembershipHandlers/OfficeRoleHandler.ts +++ b/src/app/middlewares/OfficeMembershipHandlers/OfficeRoleHandler.ts @@ -4,29 +4,36 @@ import Container from "typedi"; import OfficeRolesService from "@Services/super-admin/OfficeRolesService/OfficeRolesService"; export default async function officeRoleHandler(req: Request, response: Response, next: NextFunction) { - const officeId = req.body.user.office_Id; - const uid = req.path && req.path.split("/")[5]; - const office = req.body.office; + try { + const officeId = req.body.user.office_Id; + const uid = req.path && req.path.split("/")[5]; + const office = req.body.office; - if (office && office.uid != officeId) { - response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); - return; - } - - if (uid) { - const officeRoleService = Container.get(OfficeRolesService); - const officeRole = await officeRoleService.getByUidWithOffice(uid!); - - if (!officeRole) { - response.status(HttpCodes.NOT_FOUND).send("Office role not found"); - return; - } - - if (officeRole.office.uid != officeId) { + if (office && office.uid != officeId) { response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); return; } - } - next(); + if (uid) { + const officeRoleService = Container.get(OfficeRolesService); + const officeRole = await officeRoleService.getByUidWithOffice(uid!); + + if (!officeRole) { + response.status(HttpCodes.NOT_FOUND).send("Office role not found"); + return; + } + + if (officeRole.office.uid != officeId) { + response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); + return; + } + } + + next(); + + } catch (error) { + console.log(error); + response.status(HttpCodes.INTERNAL_ERROR).send("Internal server error"); + return; + } } diff --git a/src/app/middlewares/OfficeMembershipHandlers/UserHandler.ts b/src/app/middlewares/OfficeMembershipHandlers/UserHandler.ts index a0a82207..ea05b60d 100644 --- a/src/app/middlewares/OfficeMembershipHandlers/UserHandler.ts +++ b/src/app/middlewares/OfficeMembershipHandlers/UserHandler.ts @@ -4,29 +4,35 @@ import Container from "typedi"; import UsersService from "@Services/super-admin/UsersService/UsersService"; export default async function userHandler(req: Request, response: Response, next: NextFunction) { - const officeId = req.body.user.office_Id; - const uid = req.path && req.path.split("/")[5]; - const office = req.body.office_membership; + try { + const officeId = req.body.user.office_Id; + const uid = req.path && req.path.split("/")[5]; + const office = req.body.office_membership; - if (office && office.uid != officeId) { - response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); - return; - } - - if (uid) { - const userService = Container.get(UsersService); - const user = await userService.getByUidWithOffice(uid!); - - if (!user) { - response.status(HttpCodes.NOT_FOUND).send("User not found"); - return; - } - - if (user.office_membership.uid != officeId) { + if (office && office.uid != officeId) { response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); return; } - } - next(); + if (uid) { + const userService = Container.get(UsersService); + const user = await userService.getByUidWithOffice(uid!); + + if (!user) { + response.status(HttpCodes.NOT_FOUND).send("User not found"); + return; + } + + if (user.office_membership.uid != officeId) { + response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office"); + return; + } + } + + next(); + } catch (error) { + console.log(error); + response.status(HttpCodes.INTERNAL_ERROR).send("Internal server error"); + return; + } } diff --git a/src/app/middlewares/RulesHandler.ts b/src/app/middlewares/RulesHandler.ts index 001cb4cd..83baab87 100644 --- a/src/app/middlewares/RulesHandler.ts +++ b/src/app/middlewares/RulesHandler.ts @@ -2,25 +2,32 @@ import HttpCodes from "@Common/system/controller-pattern/HttpCodes"; import { NextFunction, Request, Response } from "express"; export default async function ruleHandler(req: Request, response: Response, next: NextFunction) { - const rules = req.body.user.rules; - const service = req.path && req.path.split("/")[4]; + try { + const rules = req.body.user.rules; + const service = req.path && req.path.split("/")[4]; - if(!rules){ - response.status(HttpCodes.UNAUTHORIZED).send("Missing rules in JWT"); + if (!rules) { + response.status(HttpCodes.UNAUTHORIZED).send("Missing rules in JWT"); + return; + } + const namespace = req.path && req.path.split("/")[3]; + const role = req.body.user.role; + + if (namespace != "notary" && role != namespace && role != "super-admin") { + response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this role"); + return; + } + + if (!rules.includes(req.method + " " + service)) { + response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with those rules"); + return; + } + + next(); + + } catch (error) { + console.log(error); + response.status(HttpCodes.INTERNAL_ERROR).send("Internal server error"); return; } - const namespace = req.path && req.path.split("/")[3]; - const role = req.body.user.role; - - if (namespace != "notary" && role != namespace && role != "super-admin") { - response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this role"); - return; - } - - if (!rules.includes(req.method + " " + service)) { - response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with those rules"); - return; - } - - next(); } diff --git a/src/common/config/variables/Variables.ts b/src/common/config/variables/Variables.ts index cffedcf9..46e9affd 100644 --- a/src/common/config/variables/Variables.ts +++ b/src/common/config/variables/Variables.ts @@ -88,8 +88,7 @@ export class BackendVariables { this.ENV = process.env["ENV"]!; } public async validate(groups?: string[]) { - console.log(this); - + const validationOptions = groups ? { groups } : undefined; try { @@ -98,8 +97,6 @@ export class BackendVariables { if (process.env["ENV"] === "dev") { throw error; } - console.error(error); - console.error(this); throw new Error("Some env variables are required!"); } return this;