rbac outsourced
This commit is contained in:
@@ -2,10 +2,9 @@ const jwt = require('jsonwebtoken');
|
||||
const bcrypt = require('bcryptjs');
|
||||
|
||||
class AuthenticationManager {
|
||||
constructor(model, secretKey, rbacService) {
|
||||
constructor(model, secretKey) {
|
||||
this.Authentication = model;
|
||||
this.SECRET_KEY = secretKey;
|
||||
this.rbac = rbacService;
|
||||
}
|
||||
|
||||
// =========================================================
|
||||
@@ -189,51 +188,6 @@ class AuthenticationManager {
|
||||
};
|
||||
}
|
||||
|
||||
// =========================================================
|
||||
// 🔐 GLOBAL RBAC MIDDLEWARE (app.use)
|
||||
// =========================================================
|
||||
//
|
||||
// USAGE:
|
||||
// app.get('/admin/users', (req, res) => {
|
||||
// if (!req.auth.hasPermission([
|
||||
// { scope: 'USER', action: 'READ', resource: 'USERS' }
|
||||
// ])) {
|
||||
// return res.status(403).send('Forbidden');
|
||||
// }
|
||||
|
||||
// res.json({ ok: true });
|
||||
// });
|
||||
requirePermissionMiddleware() {
|
||||
return async (req, res, next) => {
|
||||
try {
|
||||
|
||||
// 🔥 wenn noch kein User da ist → Auth Middleware fehlt
|
||||
if (!req.user) {
|
||||
return next(); // oder 401 wenn du streng sein willst
|
||||
}
|
||||
|
||||
const rbac = this.rbac;
|
||||
|
||||
const permissions = req.user.permissions || [];
|
||||
const isSuperAdmin = req.user.isSuperAdmin || false;
|
||||
|
||||
req.auth = {
|
||||
permissions,
|
||||
isSuperAdmin,
|
||||
hasPermission: (required) =>
|
||||
rbac.hasPermission(permissions, required, isSuperAdmin)
|
||||
};
|
||||
|
||||
return next();
|
||||
|
||||
next();
|
||||
|
||||
} catch (err) {
|
||||
console.error('[RBAC MIDDLEWARE ERROR]', err);
|
||||
return res.status(500).json({ message: 'RBAC Fehler' });
|
||||
}
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = AuthenticationManager;
|
||||
Reference in New Issue
Block a user