diff --git a/server.js b/server.js index 6735bc5..bb32de6 100644 --- a/server.js +++ b/server.js @@ -135,7 +135,7 @@ const server = https.createServer(httpsOptions, app); databaseModel.set('roleModel', require(`@models/roleModel`)(service.get('sqlManager').getInstance('main'))); databaseModel.set('rolePermissionsModel', require(`@models/rolePermissionsModel`)(service.get('sqlManager').getInstance('main'))); - service.set('authenticationManager', new AuthenticationManager(databaseModel.get('authentication'), app.locals.configuration.integration.token.secret, databaseModel)); + service.set('authenticationManager', new AuthenticationManager(databaseModel.get('authentication'), app.locals.configuration.integration.token.secret)); service.set('rbacManager', new RBACManager(databaseModel)); service.set('activeDirectoryManager', new ActiveDirectory(app.locals.configuration.integration.activedirectory)) @@ -155,6 +155,7 @@ const server = https.createServer(httpsOptions, app); exports.helpers = helpers; // app.use(service.get('vaultifyManager').createMiddleware()); + app.use(service.get('rbacManager').requirePermissionMiddleware()); app.use(express.urlencoded({ extended: true })); app.use(express.json()); @@ -228,7 +229,6 @@ const server = https.createServer(httpsOptions, app); //#endregion app.use(service.get('authenticationManager').authenticate()); - app.use(service.get('authenticationManager').requirePermissionMiddleware()); //#region Implements sockets require(`${app.locals.path.source}/sockets/mainSocket.js`)( diff --git a/src/services/authenticationManager.js b/src/services/authenticationManager.js index 8b5dbbd..859033e 100644 --- a/src/services/authenticationManager.js +++ b/src/services/authenticationManager.js @@ -2,10 +2,9 @@ const jwt = require('jsonwebtoken'); const bcrypt = require('bcryptjs'); class AuthenticationManager { - constructor(model, secretKey, rbacService) { + constructor(model, secretKey) { this.Authentication = model; this.SECRET_KEY = secretKey; - this.rbac = rbacService; } // ========================================================= @@ -189,51 +188,6 @@ class AuthenticationManager { }; } - // ========================================================= - // 🔐 GLOBAL RBAC MIDDLEWARE (app.use) - // ========================================================= - // - // USAGE: - // app.get('/admin/users', (req, res) => { - // if (!req.auth.hasPermission([ - // { scope: 'USER', action: 'READ', resource: 'USERS' } - // ])) { - // return res.status(403).send('Forbidden'); - // } - - // res.json({ ok: true }); - // }); - requirePermissionMiddleware() { - return async (req, res, next) => { - try { - - // 🔥 wenn noch kein User da ist → Auth Middleware fehlt - if (!req.user) { - return next(); // oder 401 wenn du streng sein willst - } - - const rbac = this.rbac; - - const permissions = req.user.permissions || []; - const isSuperAdmin = req.user.isSuperAdmin || false; - - req.auth = { - permissions, - isSuperAdmin, - hasPermission: (required) => - rbac.hasPermission(permissions, required, isSuperAdmin) - }; - - return next(); - - next(); - - } catch (err) { - console.error('[RBAC MIDDLEWARE ERROR]', err); - return res.status(500).json({ message: 'RBAC Fehler' }); - } - }; - } } module.exports = AuthenticationManager; \ No newline at end of file diff --git a/src/services/rbacManager.js b/src/services/rbacManager.js index 2494753..37be2dd 100644 --- a/src/services/rbacManager.js +++ b/src/services/rbacManager.js @@ -104,6 +104,53 @@ class RBACManager { ); } + + // ========================================================= + // 🔐 GLOBAL RBAC MIDDLEWARE (app.use) + // ========================================================= + // + // USAGE: + // app.get('/admin/users', (req, res) => { + // if (!req.auth.hasPermission([ + // { scope: 'USER', action: 'READ', resource: 'USERS' } + // ])) { + // return res.status(403).send('Forbidden'); + // } + + // res.json({ ok: true }); + // }); + requirePermissionMiddleware() { + return async (req, res, next) => { + try { + + // 🔥 wenn noch kein User da ist → Auth Middleware fehlt + if (!req.user) { + return next(); // oder 401 wenn du streng sein willst + } + + const rbac = this.rbac; + + const permissions = req.user.permissions || []; + const isSuperAdmin = req.user.isSuperAdmin || false; + + req.auth = { + permissions, + isSuperAdmin, + hasPermission: (required) => + rbac.hasPermission(permissions, required, isSuperAdmin) + }; + + return next(); + + next(); + + } catch (err) { + console.error('[RBAC MIDDLEWARE ERROR]', err); + return res.status(500).json({ message: 'RBAC Fehler' }); + } + }; + } + normalize(permissions) { return permissions.map(p => ({ scope: p.scope,