summary refs log tree commit diff
path: root/src/api
diff options
context:
space:
mode:
Diffstat (limited to 'src/api')
-rw-r--r--src/api/middlewares/authMiddleware.js19
-rw-r--r--src/api/middlewares/errorMiddleware.js8
-rw-r--r--src/api/routes.js2
-rw-r--r--src/api/routes/alarmRoutes.js7
-rw-r--r--src/api/routes/budgetRoutes.js2
5 files changed, 21 insertions, 17 deletions
diff --git a/src/api/middlewares/authMiddleware.js b/src/api/middlewares/authMiddleware.js

index 13d0d27..d67c567 100644
--- a/src/api/middlewares/authMiddleware.js
+++ b/src/api/middlewares/authMiddleware.js
@@ -1,6 +1,7 @@
 import { validateJwtToken } from '#util/jwtUtils.js';
 import { DbUser, UserType } from '#db/schemas/index.js';
 import { SafeNSoundError } from '#util/error.js';
+import { getUserById } from '#db/dbAccess/index.js';
 
 const shouldLogAuth = !!process.env['LOG_AUTH'];
 function logAuth(...params) {
@@ -32,7 +33,9 @@ export async function useAuthentication(req, res, next) {
     ));
     logAuth('Token data:', auth);
 
-    // req.user = auth;
+    req.user = await getUserById(auth.sub);
+    logAuth('User data:', req.user);
+
     next();
 }
 
@@ -57,22 +60,14 @@ export async function requireAuth(req, res, next) {
  */
 export function requireRole(options) {
     return async function (req, res, next) {
-        res.status(401).send(
-            new SafeNSoundError({
-                errCode: 'UNAUTHORIZED',
-                message: 'Unauthorized'
-            })
-        );
-
-        const user = (req.user = await DbUser.findById(auth.id).exec());
-
         // admin can do everything
-        if (user.type == UserType.ADMIN) {
+        if (req.user.type === UserType.ADMIN) {
             next();
             return;
         }
 
-        if (options.roles && !options.roles.includes(user.type)) {
+        if (options.roles && !options.roles.includes(req.user.type)) {
+            logAuth('User is missing roles', options.roles);
             res.status(401).send(
                 new SafeNSoundError({
                     errCode: 'UNAUTHORIZED',
diff --git a/src/api/middlewares/errorMiddleware.js b/src/api/middlewares/errorMiddleware.js

index b8de68e..72b6166 100644
--- a/src/api/middlewares/errorMiddleware.js
+++ b/src/api/middlewares/errorMiddleware.js
@@ -1,5 +1,6 @@
 import { SafeNSoundError } from '#util/error.js';
 import { MongoServerError } from 'mongodb';
+import * as joi from 'joi';
 
 export function handleErrors(err, req, res, _next) {
     if (err instanceof MongoServerError) {
@@ -14,6 +15,13 @@ export function handleErrors(err, req, res, _next) {
 
             err = newErr;
         }
+    } else if (err instanceof joi.ValidationError) {
+        const newErr = new SafeNSoundError({
+            errCode: 'JOI_VALIDATION_ERROR',
+            message: err.message,
+            validation_details: err.details
+        });
+        err = newErr;
     }
 
     if (err instanceof SafeNSoundError) {
diff --git a/src/api/routes.js b/src/api/routes.js

index 1853b57..279b1ef 100644
--- a/src/api/routes.js
+++ b/src/api/routes.js
@@ -78,7 +78,7 @@ export function registerRoutes(app) {
                 routeMethod
             );
             app[routeMethodName](route.path, [
-                ...routeMethod.middlewares,
+                ...(routeMethod.middlewares || []),
                 routeMethod.method
             ]);
             routeCount++;
diff --git a/src/api/routes/alarmRoutes.js b/src/api/routes/alarmRoutes.js

index 438b0d3..07a97c2 100644
--- a/src/api/routes/alarmRoutes.js
+++ b/src/api/routes/alarmRoutes.js
@@ -6,6 +6,7 @@ import {
 import { UserType } from '#db/schemas/index.js';
 import { RouteMethod } from '#api/RouteDescription.js';
 import { getUserById } from '#db/dbAccess/index.js';
+import { AlarmDto } from '#dto/AlarmDto.js';
 
 /**
  * @type {RouteDescription}
@@ -25,7 +26,7 @@ export const alarmByUserRoute = {
             middlewares: [requireMonitor],
             description: 'Clear the alarm for a monitored user',
             async method(req, res) {
-                const user = await getUserById(req.params.id).exec();
+                const user = await getUserById(req.params.id);
                 user.alarm = null;
                 await user.save();
                 res.status(204).send();
@@ -47,7 +48,7 @@ export const alarmListRoute = {
                 console.log(req.user.monitoredUsers);
                 const alarms = [];
                 for (const userId of req.user.monitoredUsers) {
-                    const user = await getUserById(userId).exec();
+                    const user = await getUserById(userId);
                     if (user.alarm) {
                         alarms.push({
                             user: userId,
@@ -78,7 +79,7 @@ export const alarmRoute = {
             middlewares: [requireUser],
             description: 'Raise an alarm',
             async method(req, res) {
-                req.user.alarm = req.body;
+                req.user.alarm = AlarmDto.create(req.body);
                 await req.user.save();
                 res.status(204).send();
             }
diff --git a/src/api/routes/budgetRoutes.js b/src/api/routes/budgetRoutes.js

index a7ea097..bcb9711 100644
--- a/src/api/routes/budgetRoutes.js
+++ b/src/api/routes/budgetRoutes.js
@@ -56,7 +56,7 @@ export const addBudgetByUserRoute = {
                         });
                 }
 
-                const user = await getUserById(req.params.id).exec();
+                const user = await getUserById(req.params.id);
                 const amount = parseFloat(req.query.amount);
                 if (isNaN(amount) || amount <= 0) {
                     throw new SafeNSoundError({
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-06-30 06:10:46 +0000