diff --git a/src/api/middlewares/authMiddleware.js b/src/api/middlewares/authMiddleware.js
index 13d0d27..d67c567 100644
--- a/src/api/middlewares/authMiddleware.js
+++ b/src/api/middlewares/authMiddleware.js
@@ -1,6 +1,7 @@
import { validateJwtToken } from '#util/jwtUtils.js';
import { DbUser, UserType } from '#db/schemas/index.js';
import { SafeNSoundError } from '#util/error.js';
+import { getUserById } from '#db/dbAccess/index.js';
const shouldLogAuth = !!process.env['LOG_AUTH'];
function logAuth(...params) {
@@ -32,7 +33,9 @@ export async function useAuthentication(req, res, next) {
));
logAuth('Token data:', auth);
- // req.user = auth;
+ req.user = await getUserById(auth.sub);
+ logAuth('User data:', req.user);
+
next();
}
@@ -57,22 +60,14 @@ export async function requireAuth(req, res, next) {
*/
export function requireRole(options) {
return async function (req, res, next) {
- res.status(401).send(
- new SafeNSoundError({
- errCode: 'UNAUTHORIZED',
- message: 'Unauthorized'
- })
- );
-
- const user = (req.user = await DbUser.findById(auth.id).exec());
-
// admin can do everything
- if (user.type == UserType.ADMIN) {
+ if (req.user.type === UserType.ADMIN) {
next();
return;
}
- if (options.roles && !options.roles.includes(user.type)) {
+ if (options.roles && !options.roles.includes(req.user.type)) {
+ logAuth('User is missing roles', options.roles);
res.status(401).send(
new SafeNSoundError({
errCode: 'UNAUTHORIZED',
diff --git a/src/api/middlewares/errorMiddleware.js b/src/api/middlewares/errorMiddleware.js
index b8de68e..72b6166 100644
--- a/src/api/middlewares/errorMiddleware.js
+++ b/src/api/middlewares/errorMiddleware.js
@@ -1,5 +1,6 @@
import { SafeNSoundError } from '#util/error.js';
import { MongoServerError } from 'mongodb';
+import * as joi from 'joi';
export function handleErrors(err, req, res, _next) {
if (err instanceof MongoServerError) {
@@ -14,6 +15,13 @@ export function handleErrors(err, req, res, _next) {
err = newErr;
}
+ } else if (err instanceof joi.ValidationError) {
+ const newErr = new SafeNSoundError({
+ errCode: 'JOI_VALIDATION_ERROR',
+ message: err.message,
+ validation_details: err.details
+ });
+ err = newErr;
}
if (err instanceof SafeNSoundError) {
diff --git a/src/api/routes.js b/src/api/routes.js
index 1853b57..279b1ef 100644
--- a/src/api/routes.js
+++ b/src/api/routes.js
@@ -78,7 +78,7 @@ export function registerRoutes(app) {
routeMethod
);
app[routeMethodName](route.path, [
- ...routeMethod.middlewares,
+ ...(routeMethod.middlewares || []),
routeMethod.method
]);
routeCount++;
diff --git a/src/api/routes/alarmRoutes.js b/src/api/routes/alarmRoutes.js
index 438b0d3..07a97c2 100644
--- a/src/api/routes/alarmRoutes.js
+++ b/src/api/routes/alarmRoutes.js
@@ -6,6 +6,7 @@ import {
import { UserType } from '#db/schemas/index.js';
import { RouteMethod } from '#api/RouteDescription.js';
import { getUserById } from '#db/dbAccess/index.js';
+import { AlarmDto } from '#dto/AlarmDto.js';
/**
* @type {RouteDescription}
@@ -25,7 +26,7 @@ export const alarmByUserRoute = {
middlewares: [requireMonitor],
description: 'Clear the alarm for a monitored user',
async method(req, res) {
- const user = await getUserById(req.params.id).exec();
+ const user = await getUserById(req.params.id);
user.alarm = null;
await user.save();
res.status(204).send();
@@ -47,7 +48,7 @@ export const alarmListRoute = {
console.log(req.user.monitoredUsers);
const alarms = [];
for (const userId of req.user.monitoredUsers) {
- const user = await getUserById(userId).exec();
+ const user = await getUserById(userId);
if (user.alarm) {
alarms.push({
user: userId,
@@ -78,7 +79,7 @@ export const alarmRoute = {
middlewares: [requireUser],
description: 'Raise an alarm',
async method(req, res) {
- req.user.alarm = req.body;
+ req.user.alarm = AlarmDto.create(req.body);
await req.user.save();
res.status(204).send();
}
diff --git a/src/api/routes/budgetRoutes.js b/src/api/routes/budgetRoutes.js
index a7ea097..bcb9711 100644
--- a/src/api/routes/budgetRoutes.js
+++ b/src/api/routes/budgetRoutes.js
@@ -56,7 +56,7 @@ export const addBudgetByUserRoute = {
});
}
- const user = await getUserById(req.params.id).exec();
+ const user = await getUserById(req.params.id);
const amount = parseFloat(req.query.amount);
if (isNaN(amount) || amount <= 0) {
throw new SafeNSoundError({
diff --git a/src/db/dbAccess/user.js b/src/db/dbAccess/user.js
index 3900c16..3bb06b6 100644
--- a/src/db/dbAccess/user.js
+++ b/src/db/dbAccess/user.js
@@ -8,7 +8,7 @@ import { generateJwtToken } from '#util/jwtUtils.js';
async function whoAmI(token) {}
export async function getUserById(id) {
- const user = await DbUser.findById(id);
+ const user = await DbUser.findById(id).exec();
if (!user) {
throw new SafeNSoundError({
errCode: 'ENTITY_NOT_FOUND',
diff --git a/src/dto/AlarmDto.js b/src/dto/AlarmDto.js
new file mode 100644
index 0000000..281311d
--- /dev/null
+++ b/src/dto/AlarmDto.js
@@ -0,0 +1,27 @@
+import { SafeNSoundError } from '#util/error.js';
+import Joi from 'joi';
+import { AlarmType } from '#db/schemas/index.js';
+
+/**
+ * Generic authentication DTO.
+ */
+export class AlarmDto {
+ static schema = new Joi.object({
+ createdAt: Joi.date().optional(),
+ reason: Joi.string().valid(...Object.values(AlarmType))
+ });
+
+ createdAt;
+ reason;
+
+ static async create(data) {
+ const obj = new AlarmDto();
+ for (const key of Object.keys(data)) {
+ if (key in obj) {
+ obj[key] = data[key];
+ }
+ }
+
+ return await AlarmDto.schema.validateAsync(obj);
+ }
+}
diff --git a/src/dto/auth/AuthDto.js b/src/dto/auth/AuthDto.js
index 22e2620..0a4c8dd 100644
--- a/src/dto/auth/AuthDto.js
+++ b/src/dto/auth/AuthDto.js
@@ -23,15 +23,6 @@ export class AuthDto {
}
}
- try {
- return await AuthDto.schema.validateAsync(obj);
- } catch (e) {
- console.log(e);
- throw new SafeNSoundError({
- errCode: 'JOI_VALIDATION_ERROR',
- message: e.message,
- validation_details: e.details
- });
- }
+ return await AuthDto.schema.validateAsync(obj);
}
}
|
