kittyteam/kittyBE
3
1
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 5 Wiki Activity

docs: add requireAdmin and docs for requireUser

Browse Source
This commit is contained in:
sherl
2026-01-03 18:29:14 +01:00
parent 518eeec8e8
commit 355338e397
3 changed files with 56 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/data-source.ts
View File

@@ -15,5 +15,5 @@ export const AppDataSource = new DataSource({
entities: [__dirname + '/entities/*.ts'], entities: [__dirname + '/entities/*.ts'],
migrations: [__dirname + '/migrations/*.ts'], migrations: [__dirname + '/migrations/*.ts'],
subscribers: [], subscribers: [],
parseInt8: true parseInt8: true // https://github.com/typeorm/typeorm/issues/9341#issuecomment-1268986627
}) })

38
src/middleware/requireAdmin.ts Normal file
View File

@@ -0,0 +1,38 @@
import { Request, Response, NextFunction } from 'express';
import { ErrorDTO } from '../schemas/miscSchema';
import * as jwt from '../tools/jwt';
/**
* Checks if user has administrative privileges.
*
* This needs to happen AFTER ensuring this is not a guest session.
* So: use requireUser first, and after that requireAdmin to enforce
* admin privilege requirement.
*
* @param {Request} req The request
* @param {Response} res The resource
* @param {(Function|NextFunction)} next The next
* @return {any} Next function on success, unauthorized error otherwise
*/
const requireAdmin = (req: Request, res: Response, next: NextFunction) => {
const user: jwt.JwtStatus = res.locals.user;
let error: ErrorDTO | null = null;
// Check if role is set to 1 (1 = admin, 0 = standard user).
if (user.decoded?.role !== 1)
error = {
status: 'error',
error: 'Unauthorized, admin access required',
code: 'unauthorized_non_admin'
};
// It is? Send 401 unauthorized.
if (error !== null)
return res.status(401)
.send(error);
// Otherwise jump to next endpoint.
return next();
};
export default requireAdmin;

19
src/middleware/requireUser.ts
View File

@@ -1,7 +1,20 @@
import { Request, Response, NextFunction } from "express"; import { Request, Response, NextFunction } from 'express';
import { ErrorDTO } from "../schemas/miscSchema"; import { ErrorDTO } from '../schemas/miscSchema';
import * as jwt from "../tools/jwt"; import * as jwt from '../tools/jwt';
/**
* Checks if user is singed in.
* Returns 401 when user is unauthorized.
*
* To check if user is an admin, chain requireUser and requireAdmin together.
* So: use requireUser first, and after that requireAdmin to enforce
* admin privilege requirement.
*
* @param {Request} req The request
* @param {Response} res The resource
* @param {(Function|NextFunction)} next The next
* @return {any} Next function on success, unauthorized error otherwise
*/
const requireUser = (req: Request, res: Response, next: NextFunction) => { const requireUser = (req: Request, res: Response, next: NextFunction) => {
const user: jwt.JwtStatus = res.locals.user; const user: jwt.JwtStatus = res.locals.user;
let error: ErrorDTO | null = null; let error: ErrorDTO | null = null;