rbac outsourced
This commit is contained in:
@@ -135,7 +135,7 @@ const server = https.createServer(httpsOptions, app);
|
||||
databaseModel.set('roleModel', require(`@models/roleModel`)(service.get('sqlManager').getInstance('main')));
|
||||
databaseModel.set('rolePermissionsModel', require(`@models/rolePermissionsModel`)(service.get('sqlManager').getInstance('main')));
|
||||
|
||||
service.set('authenticationManager', new AuthenticationManager(databaseModel.get('authentication'), app.locals.configuration.integration.token.secret, databaseModel));
|
||||
service.set('authenticationManager', new AuthenticationManager(databaseModel.get('authentication'), app.locals.configuration.integration.token.secret));
|
||||
service.set('rbacManager', new RBACManager(databaseModel));
|
||||
|
||||
service.set('activeDirectoryManager', new ActiveDirectory(app.locals.configuration.integration.activedirectory))
|
||||
@@ -155,6 +155,7 @@ const server = https.createServer(httpsOptions, app);
|
||||
exports.helpers = helpers;
|
||||
|
||||
// app.use(service.get('vaultifyManager').createMiddleware());
|
||||
app.use(service.get('rbacManager').requirePermissionMiddleware());
|
||||
|
||||
app.use(express.urlencoded({ extended: true }));
|
||||
app.use(express.json());
|
||||
@@ -228,7 +229,6 @@ const server = https.createServer(httpsOptions, app);
|
||||
//#endregion
|
||||
|
||||
app.use(service.get('authenticationManager').authenticate());
|
||||
app.use(service.get('authenticationManager').requirePermissionMiddleware());
|
||||
|
||||
//#region Implements sockets
|
||||
require(`${app.locals.path.source}/sockets/mainSocket.js`)(
|
||||
|
||||
@@ -2,10 +2,9 @@ const jwt = require('jsonwebtoken');
|
||||
const bcrypt = require('bcryptjs');
|
||||
|
||||
class AuthenticationManager {
|
||||
constructor(model, secretKey, rbacService) {
|
||||
constructor(model, secretKey) {
|
||||
this.Authentication = model;
|
||||
this.SECRET_KEY = secretKey;
|
||||
this.rbac = rbacService;
|
||||
}
|
||||
|
||||
// =========================================================
|
||||
@@ -189,51 +188,6 @@ class AuthenticationManager {
|
||||
};
|
||||
}
|
||||
|
||||
// =========================================================
|
||||
// 🔐 GLOBAL RBAC MIDDLEWARE (app.use)
|
||||
// =========================================================
|
||||
//
|
||||
// USAGE:
|
||||
// app.get('/admin/users', (req, res) => {
|
||||
// if (!req.auth.hasPermission([
|
||||
// { scope: 'USER', action: 'READ', resource: 'USERS' }
|
||||
// ])) {
|
||||
// return res.status(403).send('Forbidden');
|
||||
// }
|
||||
|
||||
// res.json({ ok: true });
|
||||
// });
|
||||
requirePermissionMiddleware() {
|
||||
return async (req, res, next) => {
|
||||
try {
|
||||
|
||||
// 🔥 wenn noch kein User da ist → Auth Middleware fehlt
|
||||
if (!req.user) {
|
||||
return next(); // oder 401 wenn du streng sein willst
|
||||
}
|
||||
|
||||
const rbac = this.rbac;
|
||||
|
||||
const permissions = req.user.permissions || [];
|
||||
const isSuperAdmin = req.user.isSuperAdmin || false;
|
||||
|
||||
req.auth = {
|
||||
permissions,
|
||||
isSuperAdmin,
|
||||
hasPermission: (required) =>
|
||||
rbac.hasPermission(permissions, required, isSuperAdmin)
|
||||
};
|
||||
|
||||
return next();
|
||||
|
||||
next();
|
||||
|
||||
} catch (err) {
|
||||
console.error('[RBAC MIDDLEWARE ERROR]', err);
|
||||
return res.status(500).json({ message: 'RBAC Fehler' });
|
||||
}
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = AuthenticationManager;
|
||||
@@ -104,6 +104,53 @@ class RBACManager {
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
// =========================================================
|
||||
// 🔐 GLOBAL RBAC MIDDLEWARE (app.use)
|
||||
// =========================================================
|
||||
//
|
||||
// USAGE:
|
||||
// app.get('/admin/users', (req, res) => {
|
||||
// if (!req.auth.hasPermission([
|
||||
// { scope: 'USER', action: 'READ', resource: 'USERS' }
|
||||
// ])) {
|
||||
// return res.status(403).send('Forbidden');
|
||||
// }
|
||||
|
||||
// res.json({ ok: true });
|
||||
// });
|
||||
requirePermissionMiddleware() {
|
||||
return async (req, res, next) => {
|
||||
try {
|
||||
|
||||
// 🔥 wenn noch kein User da ist → Auth Middleware fehlt
|
||||
if (!req.user) {
|
||||
return next(); // oder 401 wenn du streng sein willst
|
||||
}
|
||||
|
||||
const rbac = this.rbac;
|
||||
|
||||
const permissions = req.user.permissions || [];
|
||||
const isSuperAdmin = req.user.isSuperAdmin || false;
|
||||
|
||||
req.auth = {
|
||||
permissions,
|
||||
isSuperAdmin,
|
||||
hasPermission: (required) =>
|
||||
rbac.hasPermission(permissions, required, isSuperAdmin)
|
||||
};
|
||||
|
||||
return next();
|
||||
|
||||
next();
|
||||
|
||||
} catch (err) {
|
||||
console.error('[RBAC MIDDLEWARE ERROR]', err);
|
||||
return res.status(500).json({ message: 'RBAC Fehler' });
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
normalize(permissions) {
|
||||
return permissions.map(p => ({
|
||||
scope: p.scope,
|
||||
|
||||
Reference in New Issue
Block a user