manuel.sowada/radixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bugfix rbac

Browse Source
This commit is contained in:
Manuel Sowada
2026-04-27 15:49:56 +02:00
parent 2ab69bda98
commit 5f494bb837
6 changed files with 93 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
src/services/rbacManager.js
View File

@@ -151,6 +151,82 @@ class RBACManager {
};
}
// =========================================================
// 🔥 MIDDLEWARE BLEIBT HIER
// =========================================================
authenticate() {
return async (req, res, next) => {
try {
// =====================================================
// 🔥 GLOBAL PUBLIC ROUTE BYPASS (ROBUST)
// =====================================================
const url = req.originalUrl.split('?')[0];
const publicRoutes = [
'/login',
'/public'
];
const isPublicRoute = publicRoutes.some(route =>
url === route || url.startsWith(route + '/')
);
if (isPublicRoute) {
return next();
}
// =====================================================
// 🔐 AUTH FLOW
// =====================================================
const sAMAccountName = req.cookies?.sAMAccountName;
if (!sAMAccountName) {
return res.redirect('/login');
}
const user = await this.db.get('authentication').findOne( { where: { sAMAccountName } } );
if (!user || !user.active) {
return res.redirect('/login');
}
let payload;
try {
payload = jwt.verify(user.refreshtoken, this.SECRET_KEY);
} catch {
return res.redirect('/login');
}
const rbac = await this.resolvePermissions(user.ObjectGUID);
const normalized = this.normalize(rbac.permissions);
const isSuperAdmin = this.isSuperAdmin(normalized);
req.user = {
...user.toJSON(),
jwt: payload,
groups: rbac.groups,
roles: rbac.roles,
permissions: normalized,
isSuperAdmin
};
next();
} catch (err) {
console.error(err);
return res.redirect('/login');
}
};
}
normalize(permissions) {
return permissions.map(p => ({
scope: p.scope,