From b46198eb472aebd7ca02d59fb064114e58c87f14 Mon Sep 17 00:00:00 2001 From: Josh Moore Date: Sat, 21 Oct 2023 22:02:35 -0600 Subject: [PATCH] feat: added login checker/redirection flow --- backend/app.ts | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/backend/app.ts b/backend/app.ts index 5a2d82f..bb8fc5a 100644 --- a/backend/app.ts +++ b/backend/app.ts @@ -1,4 +1,4 @@ -import { ServerConfiguration } from 'ass'; +import { AssUser, ServerConfiguration } from 'ass'; import fs from 'fs-extra'; import tailwindcss from 'tailwindcss'; @@ -9,7 +9,7 @@ import { path, isProd } from '@tycrek/joint'; import { epcss } from '@tycrek/express-postcss'; import { log } from './log'; -import { ensureFiles } from './data'; +import { ensureFiles, get } from './data'; import { UserConfig } from './UserConfig'; import { MySql } from './sql/mysql'; import { buildFrontendRouter } from './routers/_frontend'; @@ -38,6 +38,24 @@ const assMetaMiddleware = (port: number, proxied: boolean): RequestHandler => next(); }; +/** + * Custom middleware to verify user access + */ +const loginRedirectMiddleware = async (req: Request, res: Response, next: NextFunction) => { + + // If auth doesn't exist yet, make the user login + if (!req.session.ass?.auth) res.redirect('/login'); + else { + const user = (await get('users', req.session.ass.auth.uid)) as AssUser; + + // Check if user is admin + if (req.baseUrl === '/admin' && !user.admin) { + log.warn('Admin verification failed', user.username, user.id); + res.sendStatus(403); + } else next(); + } +}; + /** * Main function. * Yes I'm using main() in TS, cry about it @@ -140,8 +158,8 @@ async function main() { // Basic page routers app.use('/setup', buildFrontendRouter('setup', false)); app.use('/login', buildFrontendRouter('login')); - app.use('/admin', buildFrontendRouter('admin')); - app.use('/user', buildFrontendRouter('user')); + app.use('/admin', loginRedirectMiddleware, buildFrontendRouter('admin')); + app.use('/user', loginRedirectMiddleware, buildFrontendRouter('user')); // Advanced routers app.use('/api', (await import('./routers/api.js')).router);