docs: add requireAdmin and docs for requireUser

2026-01-03 18:29:14 +01:00
parent 518eeec8e8
commit 355338e397
3 changed files with 56 additions and 5 deletions
--- a/src/data-source.ts
+++ b/src/data-source.ts
@@ -15,5 +15,5 @@ export const AppDataSource = new DataSource({
 	entities: [__dirname + '/entities/*.ts'],
 	migrations: [__dirname + '/migrations/*.ts'],
 	subscribers: [],
-	parseInt8: true
+	parseInt8: true // https://github.com/typeorm/typeorm/issues/9341#issuecomment-1268986627
 })
--- a/src/middleware/requireAdmin.ts
+++ b/src/middleware/requireAdmin.ts
@@ -0,0 +1,38 @@
+import { Request, Response, NextFunction } from 'express';
+import { ErrorDTO } from '../schemas/miscSchema';
+import * as jwt from '../tools/jwt';
+
+/**
+ * Checks if user has administrative privileges.
+ * 
+ * This needs to happen AFTER ensuring this is not a guest session.
+ * So: use requireUser first, and after that requireAdmin to enforce
+ * admin privilege requirement.
+ *
+ * @param      {Request}                  req     The request
+ * @param      {Response}                 res     The resource
+ * @param      {(Function|NextFunction)}  next    The next
+ * @return     {any}                      Next function on success, unauthorized error otherwise
+ */
+const requireAdmin = (req: Request, res: Response, next: NextFunction) => {
+	const user: jwt.JwtStatus = res.locals.user;
+	let error: ErrorDTO | null = null;
+
+	// Check if role is set to 1 (1 = admin, 0 = standard user).
+	if (user.decoded?.role !== 1)
+		error = {
+			status: 'error',
+			error: 'Unauthorized, admin access required',
+			code: 'unauthorized_non_admin'
+		};
+
+	// It is? Send 401 unauthorized.
+	if (error !== null)
+		return res.status(401)
+				  .send(error);
+
+	// Otherwise jump to next endpoint.
+	return next();
+};
+
+export default requireAdmin;
--- a/src/middleware/requireUser.ts
+++ b/src/middleware/requireUser.ts
@@ -1,7 +1,20 @@
-import { Request, Response, NextFunction } from "express";
-import { ErrorDTO } from "../schemas/miscSchema";
-import * as jwt from "../tools/jwt";
+import { Request, Response, NextFunction } from 'express';
+import { ErrorDTO } from '../schemas/miscSchema';
+import * as jwt from '../tools/jwt';

+/**
+ * Checks if user is singed in.
+ * Returns 401 when user is unauthorized.
+ * 
+ * To check if user is an admin, chain requireUser and requireAdmin together.
+ * So: use requireUser first, and after that requireAdmin to enforce
+ * admin privilege requirement.
+ *
+ * @param      {Request}                  req     The request
+ * @param      {Response}                 res     The resource
+ * @param      {(Function|NextFunction)}  next    The next
+ * @return     {any}                      Next function on success, unauthorized error otherwise
+ */
 const requireUser = (req: Request, res: Response, next: NextFunction) => {
 	const user: jwt.JwtStatus = res.locals.user;
 	let error: ErrorDTO | null = null;