-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: added jwt authorization with new role system based on numeric v…
…alues Signed-off-by: Varij Kapil <[email protected]>
- Loading branch information
1 parent
7e116e6
commit 79b24f9
Showing
9 changed files
with
123 additions
and
11 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| import * as jwt from 'jsonwebtoken'; | ||
| import configuration from '../common/env.config'; | ||
|
|
||
| const {jwtSecret} = configuration; | ||
|
|
||
| // created using the following tutorial : https://www.toptal.com/nodejs/secure-rest-api-in-nodejs | ||
|
|
||
| export default class AuthorizationValidationController { | ||
| static validJWTNeeded(req, res, next) { | ||
| if (req.headers['authorization']) { | ||
| try { | ||
| const authorization = req.headers['authorization'].split(' '); | ||
| if (authorization[0] !== 'Bearer') { | ||
| return res.status(401).send(); | ||
| } else { | ||
| req.jwt = jwt.verify(authorization[1], jwtSecret); | ||
| return next(); | ||
| } | ||
| } catch (err) { | ||
| return res.status(403).send(); | ||
| } | ||
| } else { | ||
| return res.status(401).send(); | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| // https://www.toptal.com/nodejs/secure-rest-api-in-nodejs | ||
|
|
||
| /*We can use the bitwise AND operator (bitmasking) to control the permissions. | ||
| If we set each required permission as a power of 2, we can treat each bit of the | ||
| 32bit integer as a single permission. | ||
| An admin can then have all permissions by setting their permission value to 2147483647. | ||
| That user could then have access to any route. | ||
| As another example, a user whose permission value was set to 7 would have permissions to | ||
| the roles marked with bits for values 1, 2, and 4 (two to the power of 0, 1, and 2).*/ | ||
|
|
||
| export default class PermissionController { | ||
| static minimumPermissionRequired(requiredPermissionLevel) { | ||
| return (req, res, next) => { | ||
| const userPermissionLevel = parseInt(req.jwt.roles); | ||
| if (userPermissionLevel & requiredPermissionLevel) { | ||
| return next(); | ||
| } else { | ||
| return res.status(403).send(); | ||
| } | ||
| }; | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| const configuration = { | ||
| jwtSecret: '', | ||
| jwtExpirationInSeconds: 36000, | ||
| permissions: { | ||
| USER: 1, | ||
| MANAGER: 4, | ||
| ADMIN: 2048 | ||
| } | ||
| }; | ||
|
|
||
| export default configuration; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| import config from './env.config'; | ||
|
|
||
| export default class RoleController { | ||
| static convertToInteger(roleName) { | ||
| if (this.__isAdmin(roleName)) { | ||
| return config.permissions.ADMIN; | ||
| } | ||
| if (this.__isManager(roleName)) { | ||
| return config.permissions.MANAGER; | ||
| } | ||
|
|
||
| return config.permissions.USER; | ||
| } | ||
|
|
||
| static __isAdmin(role) { | ||
| const lowerCaseRole = role.toLowerCase(); | ||
| return lowerCaseRole === 'admin' || lowerCaseRole === 'administrator' || lowerCaseRole === 'superuser'; | ||
| } | ||
|
|
||
| static __isManager(role) { | ||
| const lowerCaseRole = role.toLowerCase(); | ||
| return ( | ||
| lowerCaseRole === 'manager' || | ||
| lowerCaseRole === 'manage' || | ||
| lowerCaseRole === 'hr' || | ||
| lowerCaseRole === 'human resource' || | ||
| lowerCaseRole === 'resource' || | ||
| lowerCaseRole === 'ceo' || | ||
| lowerCaseRole === 'management' || | ||
| lowerCaseRole === 'cto' || | ||
| lowerCaseRole === 'coo' || | ||
| lowerCaseRole === 'finance' | ||
| ); | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,11 +1,26 @@ | ||
| import express from 'express'; | ||
| import multer from 'multer'; | ||
| import WorkdayController from '../controllers/workday.controller'; | ||
| import PermissionController from '../auth/permission.controller'; | ||
| import AuthorizationValidationController from '../auth/authorization.validation.controller'; | ||
| import configuration from '../common/env.config'; | ||
|
|
||
| const ADMIN = configuration.permissions.ADMIN; | ||
| const MANAGER = configuration.permissions.MANAGER; | ||
| const USER = configuration.permissions.USER; | ||
|
|
||
| const routes = express.Router(); | ||
| const upload = multer({storage: multer.memoryStorage()}); | ||
|
|
||
| routes.post('/:avatarId/upload', upload.single('reportFile'), WorkdayController.importTimelyFile); | ||
| routes.post('/:avatarId', WorkdayController.addWorkday); | ||
| routes.post('/:avatarId/upload', upload.single('reportFile'), [ | ||
| AuthorizationValidationController.validJWTNeeded, | ||
| PermissionController.minimumPermissionRequired(MANAGER), | ||
| WorkdayController.importTimelyFile | ||
| ]); | ||
| routes.post('/:avatarId', [ | ||
| AuthorizationValidationController.validJWTNeeded, | ||
| PermissionController.minimumPermissionRequired(MANAGER), | ||
| WorkdayController.addWorkday | ||
| ]); | ||
|
|
||
| export default routes; |