auth bugfix + licences

2026-04-25 17:56:06 +00:00
parent 84c3d9f9ba
commit e8b5c39a80
11 changed files with 362 additions and 67 deletions
--- a/src/services/authenticationManager.js
+++ b/src/services/authenticationManager.js
@@ -135,7 +135,7 @@ async resolvePermissions(objectGuid) {
        sAMAccountName: user.sAMAccountName
      },
      this.SECRET_KEY,
-      { expiresIn: '10s' }
+      { expiresIn: '1y' }
    );

    user.refreshtoken = token;
@@ -197,7 +197,17 @@ async resolvePermissions(objectGuid) {

  authenticate() {
    return async (req, res, next) => {
+
      try {
+
+        // 🔥 SKIP PUBLIC ROUTES
+        if (
+          req.path.startsWith('/login') ||
+          req.path.startsWith('/public')
+        ) {
+          return next();
+        }
+
        const sAMAccountName = req.cookies?.sAMAccountName;

        if (!sAMAccountName) {
@@ -206,23 +216,30 @@ async resolvePermissions(objectGuid) {

        const user = await this.findUser(sAMAccountName);

-        if (!user || !user.refreshtoken || !user.active) {
+        if (!user || !user.active) {
+          return res.redirect('/login');
+        }
+
+        let payload;
+
+        try {
+          payload = jwt.verify(user.refreshtoken, this.SECRET_KEY);
+        } catch {
          return res.redirect('/login');
        }

-        // jwt.verify(user.refreshtoken, this.SECRET_KEY);
-this.verifyUserToken(sAMAccountName)
-        // 🔥 LIVE RBAC RESOLUTION (bei JEDEM REQUEST)
        const rbac = await this.resolvePermissions(user.ObjectGUID);

        req.user = {
          ...user.toJSON(),
+          jwt: payload,
          groups: rbac.groups,
          roles: rbac.roles,
          permissions: rbac.permissions
        };
-console.log(req.user)
+
        next();
+
      } catch (err) {
        console.error(err);
        return res.redirect('/login');