fix(middlewares): add error catcher
This commit is contained in:
OxSaitama
parent
69585af4db
commit
3049dfcd75
@ -4,21 +4,28 @@ import { NextFunction, Request, Response } from "express";
|
||||
import Container from "typedi";
|
||||
|
||||
export default function authHandler(req: Request, response: Response, next: NextFunction) {
|
||||
const authHeader = req.headers["authorization"];
|
||||
const token = authHeader && authHeader.split(" ")[1];
|
||||
try {
|
||||
const authHeader = req.headers["authorization"];
|
||||
const token = authHeader && authHeader.split(" ")[1];
|
||||
|
||||
if (!token) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Missing token in authorization header");
|
||||
return;
|
||||
}
|
||||
|
||||
const authService = Container.get(AuthService);
|
||||
authService.verifyAccessToken(token, (err, userPayload) => {
|
||||
if (err) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Error while verifying token");
|
||||
if (!token) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Missing token in authorization header");
|
||||
return;
|
||||
}
|
||||
req.body.user = userPayload;
|
||||
next();
|
||||
});
|
||||
|
||||
const authService = Container.get(AuthService);
|
||||
authService.verifyAccessToken(token, (err, userPayload) => {
|
||||
if (err) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Error while verifying token");
|
||||
return;
|
||||
}
|
||||
req.body.user = userPayload;
|
||||
next();
|
||||
});
|
||||
|
||||
} catch (error) {
|
||||
console.log(error);
|
||||
response.status(HttpCodes.INTERNAL_ERROR).send("Internal server error");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
@ -4,20 +4,28 @@ import { NextFunction, Request, Response } from "express";
|
||||
import Container from "typedi";
|
||||
|
||||
export default async function documentHandler(req: Request, response: Response, next: NextFunction) {
|
||||
const customerId = req.body.user.customerId;
|
||||
const uid = req.path && req.path.split("/")[5];
|
||||
try {
|
||||
const customerId = req.body.user.customerId;
|
||||
const uid = req.path && req.path.split("/")[5];
|
||||
|
||||
if(!uid) {
|
||||
response.status(HttpCodes.BAD_REQUEST).send("Missing document uid");
|
||||
if (!uid) {
|
||||
response.status(HttpCodes.BAD_REQUEST).send("Missing document uid");
|
||||
return;
|
||||
}
|
||||
|
||||
const documentService = Container.get(DocumentsService);
|
||||
const document = await documentService.getByUid(uid);
|
||||
|
||||
if (document?.depositor_uid != customerId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Not authorized with this depositor");
|
||||
return;
|
||||
}
|
||||
|
||||
next();
|
||||
|
||||
} catch (error) {
|
||||
console.log(error);
|
||||
response.status(HttpCodes.INTERNAL_ERROR).send("Internal server error");
|
||||
return;
|
||||
}
|
||||
|
||||
const documentService = Container.get(DocumentsService);
|
||||
const document = await documentService.getByUid(uid);
|
||||
|
||||
if(document?.depositor_uid != customerId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Not authorized with this depositor");
|
||||
return;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -34,4 +34,6 @@ export default async function fileHandler(req: Request, response: Response, next
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
next();
|
||||
}
|
||||
|
||||
@ -6,39 +6,46 @@ import Container from "typedi";
|
||||
import DocumentTypesService from "@Services/super-admin/DocumentTypesService/DocumentTypesService";
|
||||
|
||||
export default async function deedHandler(req: Request, response: Response, next: NextFunction) {
|
||||
const officeId = req.body.user.office_Id;
|
||||
const uid = req.path && req.path.split("/")[5];
|
||||
const documentTypes: DocumentType[] = req.body.document_types;
|
||||
try {
|
||||
const officeId = req.body.user.office_Id;
|
||||
const uid = req.path && req.path.split("/")[5];
|
||||
const documentTypes: DocumentType[] = req.body.document_types;
|
||||
|
||||
if (uid) {
|
||||
const deedService = Container.get(DeedsService);
|
||||
const deed = await deedService.getByUidWithOffice(uid);
|
||||
if (uid) {
|
||||
const deedService = Container.get(DeedsService);
|
||||
const deed = await deedService.getByUidWithOffice(uid);
|
||||
|
||||
if (!deed) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("Deed not found");
|
||||
return;
|
||||
}
|
||||
|
||||
if (deed.deed_type.office.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if (documentTypes) {
|
||||
const documentTypeService = Container.get(DocumentTypesService);
|
||||
documentTypes.forEach(async (documentType) => {
|
||||
const deedTypeWithOffice = await documentTypeService.getByUidWithOffice(documentType.uid!);
|
||||
if (!deedTypeWithOffice) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("Deed type not found");
|
||||
if (!deed) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("Deed not found");
|
||||
return;
|
||||
}
|
||||
if (deedTypeWithOffice.office?.uid != officeId) {
|
||||
|
||||
if (deed.deed_type.office.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
next();
|
||||
if (documentTypes) {
|
||||
const documentTypeService = Container.get(DocumentTypesService);
|
||||
documentTypes.forEach(async (documentType) => {
|
||||
const deedTypeWithOffice = await documentTypeService.getByUidWithOffice(documentType.uid!);
|
||||
if (!deedTypeWithOffice) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("Deed type not found");
|
||||
return;
|
||||
}
|
||||
if (deedTypeWithOffice.office?.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
next();
|
||||
|
||||
} catch (error) {
|
||||
console.log(error);
|
||||
response.status(HttpCodes.INTERNAL_ERROR).send("Internal server error");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
@ -6,45 +6,52 @@ import Container from "typedi";
|
||||
import DocumentTypesService from "@Services/super-admin/DocumentTypesService/DocumentTypesService";
|
||||
|
||||
export default async function deedTypeHandler(req: Request, response: Response, next: NextFunction) {
|
||||
const officeId = req.body.user.office_Id;
|
||||
const uid = req.path && req.path.split("/")[5];
|
||||
const documentTypes: DocumentType[] = req.body.document_types;
|
||||
const office = req.body.office;
|
||||
try {
|
||||
const officeId = req.body.user.office_Id;
|
||||
const uid = req.path && req.path.split("/")[5];
|
||||
const documentTypes: DocumentType[] = req.body.document_types;
|
||||
const office = req.body.office;
|
||||
|
||||
if (office && office.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
|
||||
if (uid) {
|
||||
const deedTypeService = Container.get(DeedTypesService);
|
||||
const deedType = await deedTypeService.getByUidWithOffice(uid!);
|
||||
|
||||
if (!deedType) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("Deed type not found");
|
||||
return;
|
||||
}
|
||||
|
||||
if (deedType.office.uid != officeId) {
|
||||
if (office && office.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if (documentTypes) {
|
||||
const documentTypeService = Container.get(DocumentTypesService);
|
||||
documentTypes.forEach(async (documentType) => {
|
||||
const documentTypeWithOffice = await documentTypeService.getByUidWithOffice(documentType.uid!);
|
||||
if (!documentTypeWithOffice) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("Document type not found");
|
||||
if (uid) {
|
||||
const deedTypeService = Container.get(DeedTypesService);
|
||||
const deedType = await deedTypeService.getByUidWithOffice(uid!);
|
||||
|
||||
if (!deedType) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("Deed type not found");
|
||||
return;
|
||||
}
|
||||
if (documentTypeWithOffice.office?.uid != officeId) {
|
||||
|
||||
if (deedType.office.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
next();
|
||||
if (documentTypes) {
|
||||
const documentTypeService = Container.get(DocumentTypesService);
|
||||
documentTypes.forEach(async (documentType) => {
|
||||
const documentTypeWithOffice = await documentTypeService.getByUidWithOffice(documentType.uid!);
|
||||
if (!documentTypeWithOffice) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("Document type not found");
|
||||
return;
|
||||
}
|
||||
if (documentTypeWithOffice.office?.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
next();
|
||||
|
||||
} catch (error) {
|
||||
console.log(error);
|
||||
response.status(HttpCodes.INTERNAL_ERROR).send("Internal server error");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
@ -8,51 +8,58 @@ import DocumentTypesService from "@Services/super-admin/DocumentTypesService/Doc
|
||||
import OfficeFoldersService from "@Services/super-admin/OfficeFoldersService/OfficeFoldersService";
|
||||
|
||||
export default async function documentHandler(req: Request, response: Response, next: NextFunction) {
|
||||
const officeId = req.body.user.office_Id;
|
||||
const uid = req.path && req.path.split("/")[5];
|
||||
const documentType: DocumentType = req.body.document_type;
|
||||
const folder: OfficeFolder = req.body.folder;
|
||||
try {
|
||||
const officeId = req.body.user.office_Id;
|
||||
const uid = req.path && req.path.split("/")[5];
|
||||
const documentType: DocumentType = req.body.document_type;
|
||||
const folder: OfficeFolder = req.body.folder;
|
||||
|
||||
if (folder) {
|
||||
const officeFolderService = Container.get(OfficeFoldersService);
|
||||
const officeFolderWithOffice = await officeFolderService.getByUidWithOffice(folder.uid!);
|
||||
if (!officeFolderWithOffice) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("Folder not found");
|
||||
return;
|
||||
if (folder) {
|
||||
const officeFolderService = Container.get(OfficeFoldersService);
|
||||
const officeFolderWithOffice = await officeFolderService.getByUidWithOffice(folder.uid!);
|
||||
if (!officeFolderWithOffice) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("Folder not found");
|
||||
return;
|
||||
}
|
||||
if (officeFolderWithOffice.office?.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
}
|
||||
if (officeFolderWithOffice.office?.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
|
||||
if (documentType) {
|
||||
const documentTypeService = Container.get(DocumentTypesService);
|
||||
const documentTypeWithOffice = await documentTypeService.getByUidWithOffice(documentType.uid!);
|
||||
if (!documentTypeWithOffice) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("Document type not found");
|
||||
return;
|
||||
}
|
||||
if (documentTypeWithOffice.office?.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if (uid) {
|
||||
const documentService = Container.get(DocumentsService);
|
||||
const document = await documentService.getByUidWithOffice(uid!);
|
||||
|
||||
if (!document) {
|
||||
response.sendStatus(HttpCodes.NOT_FOUND);
|
||||
return;
|
||||
}
|
||||
|
||||
if (document.document_type.office.uid != officeId) {
|
||||
response.sendStatus(HttpCodes.UNAUTHORIZED);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
next();
|
||||
|
||||
} catch (error) {
|
||||
console.log(error);
|
||||
response.status(HttpCodes.INTERNAL_ERROR).send("Internal server error");
|
||||
return;
|
||||
}
|
||||
|
||||
if (documentType) {
|
||||
const documentTypeService = Container.get(DocumentTypesService);
|
||||
const documentTypeWithOffice = await documentTypeService.getByUidWithOffice(documentType.uid!);
|
||||
if (!documentTypeWithOffice) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("Document type not found");
|
||||
return;
|
||||
}
|
||||
if (documentTypeWithOffice.office?.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if (uid) {
|
||||
const documentService = Container.get(DocumentsService);
|
||||
const document = await documentService.getByUidWithOffice(uid!);
|
||||
|
||||
if (!document) {
|
||||
response.sendStatus(HttpCodes.NOT_FOUND);
|
||||
return;
|
||||
}
|
||||
|
||||
if (document.document_type.office.uid != officeId) {
|
||||
response.sendStatus(HttpCodes.UNAUTHORIZED);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
next();
|
||||
}
|
||||
|
||||
@ -4,29 +4,36 @@ import Container from "typedi";
|
||||
import DocumentTypesService from "@Services/super-admin/DocumentTypesService/DocumentTypesService";
|
||||
|
||||
export default async function documentTypeHandler(req: Request, response: Response, next: NextFunction) {
|
||||
const officeId = req.body.user.office_Id;
|
||||
const uid = req.path && req.path.split("/")[5];
|
||||
const office = req.body.office;
|
||||
try {
|
||||
const officeId = req.body.user.office_Id;
|
||||
const uid = req.path && req.path.split("/")[5];
|
||||
const office = req.body.office;
|
||||
|
||||
if (office && office.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
|
||||
if (uid) {
|
||||
const documentTypeService = Container.get(DocumentTypesService);
|
||||
const documentType = await documentTypeService.getByUidWithOffice(uid!);
|
||||
|
||||
if (!documentType) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("Document type not found");
|
||||
return;
|
||||
}
|
||||
|
||||
if (documentType.office.uid != officeId) {
|
||||
if (office && office.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
next();
|
||||
if (uid) {
|
||||
const documentTypeService = Container.get(DocumentTypesService);
|
||||
const documentType = await documentTypeService.getByUidWithOffice(uid!);
|
||||
|
||||
if (!documentType) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("Document type not found");
|
||||
return;
|
||||
}
|
||||
|
||||
if (documentType.office.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
next();
|
||||
|
||||
} catch (error) {
|
||||
console.log(error);
|
||||
response.status(HttpCodes.INTERNAL_ERROR).send("Internal server error");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
@ -5,38 +5,44 @@ import FilesService from "@Services/common/FilesService/FilesService";
|
||||
import DocumentsService from "@Services/super-admin/DocumentsService/DocumentsService";
|
||||
|
||||
export default async function fileHandler(req: Request, response: Response, next: NextFunction) {
|
||||
const officeId = req.body.user.office_Id;
|
||||
let uid = req.path && req.path.split("/")[5];
|
||||
const document = req.body.document;
|
||||
try {
|
||||
const officeId = req.body.user.office_Id;
|
||||
let uid = req.path && req.path.split("/")[5];
|
||||
const document = req.body.document;
|
||||
|
||||
if (document) {
|
||||
const documentService = Container.get(DocumentsService);
|
||||
const documentWithOffice = await documentService.getByUidWithOffice(document.uid!);
|
||||
if (!documentWithOffice) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("Document not found");
|
||||
return;
|
||||
if (document) {
|
||||
const documentService = Container.get(DocumentsService);
|
||||
const documentWithOffice = await documentService.getByUidWithOffice(document.uid!);
|
||||
if (!documentWithOffice) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("Document not found");
|
||||
return;
|
||||
}
|
||||
if (documentWithOffice.folder.office?.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
}
|
||||
if (documentWithOffice.folder.office?.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
|
||||
if (uid === "download") uid = req.path && req.path.split("/")[6];
|
||||
|
||||
if (uid) {
|
||||
const fileService = Container.get(FilesService);
|
||||
const file = await fileService.getByUidWithOffice(uid!);
|
||||
|
||||
if (!file) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("File not found");
|
||||
return;
|
||||
}
|
||||
if (file.document.folder.office.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
next();
|
||||
} catch (error) {
|
||||
console.log(error);
|
||||
response.status(HttpCodes.INTERNAL_ERROR).send("Internal server error");
|
||||
return;
|
||||
}
|
||||
|
||||
if (uid === "download") uid = req.path && req.path.split("/")[6];
|
||||
|
||||
if (uid) {
|
||||
const fileService = Container.get(FilesService);
|
||||
const file = await fileService.getByUidWithOffice(uid!);
|
||||
|
||||
if (!file) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("File not found");
|
||||
return;
|
||||
}
|
||||
if (file.document.folder.office.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
next();
|
||||
}
|
||||
|
||||
@ -5,55 +5,62 @@ import OfficeFoldersService from "@Services/super-admin/OfficeFoldersService/Off
|
||||
import DeedTypesService from "@Services/super-admin/DeedTypesService/DeedTypesService";
|
||||
|
||||
export default async function folderHandler(req: Request, response: Response, next: NextFunction) {
|
||||
const officeId = req.body.user.office_Id;
|
||||
const uid = req.path && req.path.split("/")[5];
|
||||
const office = req.body.office;
|
||||
const officeFolderNumber = req.body.folder_number;
|
||||
const deed = req.body.deed;
|
||||
try {
|
||||
const officeId = req.body.user.office_Id;
|
||||
const uid = req.path && req.path.split("/")[5];
|
||||
const office = req.body.office;
|
||||
const officeFolderNumber = req.body.folder_number;
|
||||
const deed = req.body.deed;
|
||||
|
||||
if (office && office.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
|
||||
if (deed) {
|
||||
const deedTypeService = Container.get(DeedTypesService);
|
||||
const deedTypeWithOffice = await deedTypeService.getByUidWithOffice(deed.deed_type.uid!);
|
||||
if (!deedTypeWithOffice) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("Deed type not found");
|
||||
return;
|
||||
}
|
||||
if (deedTypeWithOffice.office.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this deed type");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
const officeFolderService = Container.get(OfficeFoldersService);
|
||||
|
||||
if (officeFolderNumber && req.method == "POST") {
|
||||
const officeFoldersWithSameNumber = await officeFolderService.get({
|
||||
where: { folder_number: officeFolderNumber, office: { uid: officeId } },
|
||||
});
|
||||
if (officeFoldersWithSameNumber.length) {
|
||||
response.status(HttpCodes.BAD_REQUEST).send("Office number already used");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if (uid) {
|
||||
const officeFolder = await officeFolderService.getByUidWithOffice(uid!);
|
||||
|
||||
if (!officeFolder) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("Office folder not found");
|
||||
return;
|
||||
}
|
||||
|
||||
if (officeFolder.office.uid != officeId) {
|
||||
if (office && office.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
next();
|
||||
if (deed && deed.deed_type) {
|
||||
const deedTypeService = Container.get(DeedTypesService);
|
||||
const deedTypeWithOffice = await deedTypeService.getByUidWithOffice(deed.deed_type.uid!);
|
||||
if (!deedTypeWithOffice) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("Deed type not found");
|
||||
return;
|
||||
}
|
||||
if (deedTypeWithOffice.office.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this deed type");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
const officeFolderService = Container.get(OfficeFoldersService);
|
||||
|
||||
if (officeFolderNumber && req.method == "POST") {
|
||||
const officeFoldersWithSameNumber = await officeFolderService.get({
|
||||
where: { folder_number: officeFolderNumber, office: { uid: officeId } },
|
||||
});
|
||||
if (officeFoldersWithSameNumber.length) {
|
||||
response.status(HttpCodes.BAD_REQUEST).send("Office number already used");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if (uid) {
|
||||
const officeFolder = await officeFolderService.getByUidWithOffice(uid!);
|
||||
|
||||
if (!officeFolder) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("Office folder not found");
|
||||
return;
|
||||
}
|
||||
|
||||
if (officeFolder.office.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
next();
|
||||
|
||||
} catch (error) {
|
||||
console.log(error);
|
||||
response.status(HttpCodes.INTERNAL_ERROR).send("Internal server error");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
@ -4,29 +4,36 @@ import Container from "typedi";
|
||||
import OfficeRolesService from "@Services/super-admin/OfficeRolesService/OfficeRolesService";
|
||||
|
||||
export default async function officeRoleHandler(req: Request, response: Response, next: NextFunction) {
|
||||
const officeId = req.body.user.office_Id;
|
||||
const uid = req.path && req.path.split("/")[5];
|
||||
const office = req.body.office;
|
||||
try {
|
||||
const officeId = req.body.user.office_Id;
|
||||
const uid = req.path && req.path.split("/")[5];
|
||||
const office = req.body.office;
|
||||
|
||||
if (office && office.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
|
||||
if (uid) {
|
||||
const officeRoleService = Container.get(OfficeRolesService);
|
||||
const officeRole = await officeRoleService.getByUidWithOffice(uid!);
|
||||
|
||||
if (!officeRole) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("Office role not found");
|
||||
return;
|
||||
}
|
||||
|
||||
if (officeRole.office.uid != officeId) {
|
||||
if (office && office.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
next();
|
||||
if (uid) {
|
||||
const officeRoleService = Container.get(OfficeRolesService);
|
||||
const officeRole = await officeRoleService.getByUidWithOffice(uid!);
|
||||
|
||||
if (!officeRole) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("Office role not found");
|
||||
return;
|
||||
}
|
||||
|
||||
if (officeRole.office.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
next();
|
||||
|
||||
} catch (error) {
|
||||
console.log(error);
|
||||
response.status(HttpCodes.INTERNAL_ERROR).send("Internal server error");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
@ -4,29 +4,35 @@ import Container from "typedi";
|
||||
import UsersService from "@Services/super-admin/UsersService/UsersService";
|
||||
|
||||
export default async function userHandler(req: Request, response: Response, next: NextFunction) {
|
||||
const officeId = req.body.user.office_Id;
|
||||
const uid = req.path && req.path.split("/")[5];
|
||||
const office = req.body.office_membership;
|
||||
try {
|
||||
const officeId = req.body.user.office_Id;
|
||||
const uid = req.path && req.path.split("/")[5];
|
||||
const office = req.body.office_membership;
|
||||
|
||||
if (office && office.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
|
||||
if (uid) {
|
||||
const userService = Container.get(UsersService);
|
||||
const user = await userService.getByUidWithOffice(uid!);
|
||||
|
||||
if (!user) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("User not found");
|
||||
return;
|
||||
}
|
||||
|
||||
if (user.office_membership.uid != officeId) {
|
||||
if (office && office.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
next();
|
||||
if (uid) {
|
||||
const userService = Container.get(UsersService);
|
||||
const user = await userService.getByUidWithOffice(uid!);
|
||||
|
||||
if (!user) {
|
||||
response.status(HttpCodes.NOT_FOUND).send("User not found");
|
||||
return;
|
||||
}
|
||||
|
||||
if (user.office_membership.uid != officeId) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this office");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
next();
|
||||
} catch (error) {
|
||||
console.log(error);
|
||||
response.status(HttpCodes.INTERNAL_ERROR).send("Internal server error");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
@ -2,25 +2,32 @@ import HttpCodes from "@Common/system/controller-pattern/HttpCodes";
|
||||
import { NextFunction, Request, Response } from "express";
|
||||
|
||||
export default async function ruleHandler(req: Request, response: Response, next: NextFunction) {
|
||||
const rules = req.body.user.rules;
|
||||
const service = req.path && req.path.split("/")[4];
|
||||
try {
|
||||
const rules = req.body.user.rules;
|
||||
const service = req.path && req.path.split("/")[4];
|
||||
|
||||
if(!rules){
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Missing rules in JWT");
|
||||
if (!rules) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Missing rules in JWT");
|
||||
return;
|
||||
}
|
||||
const namespace = req.path && req.path.split("/")[3];
|
||||
const role = req.body.user.role;
|
||||
|
||||
if (namespace != "notary" && role != namespace && role != "super-admin") {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this role");
|
||||
return;
|
||||
}
|
||||
|
||||
if (!rules.includes(req.method + " " + service)) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with those rules");
|
||||
return;
|
||||
}
|
||||
|
||||
next();
|
||||
|
||||
} catch (error) {
|
||||
console.log(error);
|
||||
response.status(HttpCodes.INTERNAL_ERROR).send("Internal server error");
|
||||
return;
|
||||
}
|
||||
const namespace = req.path && req.path.split("/")[3];
|
||||
const role = req.body.user.role;
|
||||
|
||||
if (namespace != "notary" && role != namespace && role != "super-admin") {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this role");
|
||||
return;
|
||||
}
|
||||
|
||||
if (!rules.includes(req.method + " " + service)) {
|
||||
response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with those rules");
|
||||
return;
|
||||
}
|
||||
|
||||
next();
|
||||
}
|
||||
|
||||
@ -88,7 +88,6 @@ export class BackendVariables {
|
||||
this.ENV = process.env["ENV"]!;
|
||||
}
|
||||
public async validate(groups?: string[]) {
|
||||
console.log(this);
|
||||
|
||||
const validationOptions = groups ? { groups } : undefined;
|
||||
|
||||
@ -98,8 +97,6 @@ export class BackendVariables {
|
||||
if (process.env["ENV"] === "dev") {
|
||||
throw error;
|
||||
}
|
||||
console.error(error);
|
||||
console.error(this);
|
||||
throw new Error("Some env variables are required!");
|
||||
}
|
||||
return this;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user