open-source-mirrors
/
overseerr
mirror of https://github.com/sct/overseerr
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c6a133d4e5'
${ noResults }
overseerr/server/middleware/auth.ts

59 lines
1.5 KiB
Raw Blame History

import { getRepository } from '@server/datasource';
import { User } from '@server/entity/User';
import type {
Permission,
PermissionCheckOptions,
} from '@server/lib/permissions';
import { getSettings } from '@server/lib/settings';
export const checkUser: Middleware = async (req, _res, next) => {
const settings = getSettings();
let user: User | undefined | null;
if (req.header('X-API-Key') === settings.main.apiKey) {
const userRepository = getRepository(User);
let userId = 1; // Work on original administrator account
// If a User ID is provided, we will act on that user's behalf
if (req.header('X-API-User')) {
userId = Number(req.header('X-API-User'));
}
user = await userRepository.findOne({ where: { id: userId } });
} else if (req.session?.userId) {
const userRepository = getRepository(User);
user = await userRepository.findOne({
where: { id: req.session.userId },
});
}
if (user) {
req.user = user;
}
req.locale = user?.settings?.locale
? user.settings.locale
: settings.main.locale;
next();
};
export const isAuthenticated = (
permissions?: Permission | Permission[],
options?: PermissionCheckOptions
): Middleware => {
const authMiddleware: Middleware = (req, res, next) => {
if (!req.user || !req.user.hasPermission(permissions ?? 0, options)) {
res.status(403).json({
status: 403,
error: 'You do not have permission to access this endpoint',
});
} else {
next();
}
};
return authMiddleware;
};
Reference in new issue View Git Blame Copy Permalink