manuel.sowada/radixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rbac outsourced

Browse Source
This commit is contained in:
Manuel Sowada
2026-04-26 07:43:31 +00:00
parent fa96ed5976
commit 2ab69bda98
3 changed files with 50 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server.js
View File

@@ -135,7 +135,7 @@ const server = https.createServer(httpsOptions, app);
databaseModel.set('roleModel', require(`@models/roleModel`)(service.get('sqlManager').getInstance('main'))); databaseModel.set('roleModel', require(`@models/roleModel`)(service.get('sqlManager').getInstance('main')));
databaseModel.set('rolePermissionsModel', require(`@models/rolePermissionsModel`)(service.get('sqlManager').getInstance('main'))); databaseModel.set('rolePermissionsModel', require(`@models/rolePermissionsModel`)(service.get('sqlManager').getInstance('main')));
service.set('authenticationManager', new AuthenticationManager(databaseModel.get('authentication'), app.locals.configuration.integration.token.secret, databaseModel)); service.set('authenticationManager', new AuthenticationManager(databaseModel.get('authentication'), app.locals.configuration.integration.token.secret));
service.set('rbacManager', new RBACManager(databaseModel)); service.set('rbacManager', new RBACManager(databaseModel));
service.set('activeDirectoryManager', new ActiveDirectory(app.locals.configuration.integration.activedirectory)) service.set('activeDirectoryManager', new ActiveDirectory(app.locals.configuration.integration.activedirectory))
@@ -155,6 +155,7 @@ const server = https.createServer(httpsOptions, app);
exports.helpers = helpers; exports.helpers = helpers;
// app.use(service.get('vaultifyManager').createMiddleware()); // app.use(service.get('vaultifyManager').createMiddleware());
app.use(service.get('rbacManager').requirePermissionMiddleware());
app.use(express.urlencoded({ extended: true })); app.use(express.urlencoded({ extended: true }));
app.use(express.json()); app.use(express.json());
@@ -228,7 +229,6 @@ const server = https.createServer(httpsOptions, app);
//#endregion //#endregion
app.use(service.get('authenticationManager').authenticate()); app.use(service.get('authenticationManager').authenticate());
app.use(service.get('authenticationManager').requirePermissionMiddleware());
//#region Implements sockets //#region Implements sockets
require(`${app.locals.path.source}/sockets/mainSocket.js`)( require(`${app.locals.path.source}/sockets/mainSocket.js`)(

48
src/services/authenticationManager.js
View File

@@ -2,10 +2,9 @@ const jwt = require('jsonwebtoken');
const bcrypt = require('bcryptjs'); const bcrypt = require('bcryptjs');
class AuthenticationManager { class AuthenticationManager {
constructor(model, secretKey, rbacService) { constructor(model, secretKey) {
this.Authentication = model; this.Authentication = model;
this.SECRET_KEY = secretKey; this.SECRET_KEY = secretKey;
this.rbac = rbacService;
} }
// ========================================================= // =========================================================
@@ -189,51 +188,6 @@ class AuthenticationManager {
}; };
} }
// =========================================================
// 🔐 GLOBAL RBAC MIDDLEWARE (app.use)
// =========================================================
//
// USAGE:
// app.get('/admin/users', (req, res) => {
// if (!req.auth.hasPermission([
// { scope: 'USER', action: 'READ', resource: 'USERS' }
// ])) {
// return res.status(403).send('Forbidden');
// }
// res.json({ ok: true });
// });
requirePermissionMiddleware() {
return async (req, res, next) => {
try {
// 🔥 wenn noch kein User da ist → Auth Middleware fehlt
if (!req.user) {
return next(); // oder 401 wenn du streng sein willst
}
const rbac = this.rbac;
const permissions = req.user.permissions || [];
const isSuperAdmin = req.user.isSuperAdmin || false;
req.auth = {
permissions,
isSuperAdmin,
hasPermission: (required) =>
rbac.hasPermission(permissions, required, isSuperAdmin)
};
return next();
next();
} catch (err) {
console.error('[RBAC MIDDLEWARE ERROR]', err);
return res.status(500).json({ message: 'RBAC Fehler' });
}
};
}
} }
module.exports = AuthenticationManager; module.exports = AuthenticationManager;

47
src/services/rbacManager.js
View File

@@ -104,6 +104,53 @@ class RBACManager {
); );
} }
// =========================================================
// 🔐 GLOBAL RBAC MIDDLEWARE (app.use)
// =========================================================
//
// USAGE:
// app.get('/admin/users', (req, res) => {
// if (!req.auth.hasPermission([
// { scope: 'USER', action: 'READ', resource: 'USERS' }
// ])) {
// return res.status(403).send('Forbidden');
// }
// res.json({ ok: true });
// });
requirePermissionMiddleware() {
return async (req, res, next) => {
try {
// 🔥 wenn noch kein User da ist → Auth Middleware fehlt
if (!req.user) {
return next(); // oder 401 wenn du streng sein willst
}
const rbac = this.rbac;
const permissions = req.user.permissions || [];
const isSuperAdmin = req.user.isSuperAdmin || false;
req.auth = {
permissions,
isSuperAdmin,
hasPermission: (required) =>
rbac.hasPermission(permissions, required, isSuperAdmin)
};
return next();
next();
} catch (err) {
console.error('[RBAC MIDDLEWARE ERROR]', err);
return res.status(500).json({ message: 'RBAC Fehler' });
}
};
}
normalize(permissions) { normalize(permissions) {
return permissions.map(p => ({ return permissions.map(p => ({
scope: p.scope, scope: p.scope,