Added 'form' authorization
This commit is contained in:
parent
09662877ea
commit
aa8fdda13d
@ -1,8 +1,9 @@
|
||||
import { PrismaClient } from "@prisma/client"
|
||||
import { getDBForm, getDBFormByUser } from "../db"
|
||||
import { getDBForm, getDBFormAuthor, getDBFormByUser } from "../db"
|
||||
import { FullForm } from "../db/types"
|
||||
|
||||
import { Form as GraphqlForm, FormSubmission } from "../typeDefs/typeDefs.gen"
|
||||
import { JwtPayloadType } from "../types"
|
||||
|
||||
const getForm = async (
|
||||
db: PrismaClient,
|
||||
@ -50,4 +51,27 @@ const getForms = async (
|
||||
return forms
|
||||
}
|
||||
|
||||
export { getForm, getForms }
|
||||
const checkRightsAndResolve = async (
|
||||
user: JwtPayloadType,
|
||||
expected: JwtPayloadType,
|
||||
controller: any
|
||||
) => {
|
||||
if (
|
||||
(!expected.id || user.id == expected.id) &&
|
||||
(!expected.admin || expected.admin)
|
||||
)
|
||||
return controller()
|
||||
throw new Error("Authentification error")
|
||||
}
|
||||
|
||||
const getFormAuthor = async (db: PrismaClient, id: number) => {
|
||||
const author = await getDBFormAuthor(db, id)
|
||||
|
||||
if (!author) throw Error("Not found")
|
||||
|
||||
const authorId = author.author.id
|
||||
|
||||
return authorId
|
||||
}
|
||||
|
||||
export { getForm, getForms, checkRightsAndResolve, getFormAuthor }
|
||||
|
@ -45,4 +45,19 @@ const getDBFormByUser = async (db: PrismaClient, id: number) => {
|
||||
})
|
||||
}
|
||||
|
||||
export { getDBForm, getDBFormByUser }
|
||||
const getDBFormAuthor = async (db: PrismaClient, id: number) => {
|
||||
return await db.form.findOne({
|
||||
where: {
|
||||
id,
|
||||
},
|
||||
select: {
|
||||
author: {
|
||||
select: {
|
||||
id: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
export { getDBForm, getDBFormByUser, getDBFormAuthor }
|
||||
|
12
src/index.ts
12
src/index.ts
@ -1,12 +1,11 @@
|
||||
import { ApolloServer } from "apollo-server-express"
|
||||
import express from "express"
|
||||
import expressJwt from "express-jwt"
|
||||
import jwt from 'jsonwebtoken'
|
||||
import { PrismaClient } from "@prisma/client"
|
||||
|
||||
import typeDefs from "./typeDefs"
|
||||
import resolvers from "./resolvers"
|
||||
import { ApolloContextType } from "./types"
|
||||
import { ApolloContextType, JwtPayloadType } from "./types"
|
||||
|
||||
const app = express()
|
||||
|
||||
@ -21,10 +20,15 @@ app.use(
|
||||
const server = new ApolloServer({
|
||||
typeDefs,
|
||||
resolvers,
|
||||
context: async ({ req }): Promise<ApolloContextType> => {
|
||||
context: async ({
|
||||
req,
|
||||
}: {
|
||||
req: Request & { user: JwtPayloadType }
|
||||
}): Promise<ApolloContextType> => {
|
||||
const db = new PrismaClient()
|
||||
const user = req.user || null
|
||||
|
||||
return { db }
|
||||
return { db, user }
|
||||
},
|
||||
})
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
import { getForm, getForms } from "../controllers"
|
||||
import { checkRightsAndResolve, getForm, getFormAuthor, getForms } from "../controllers"
|
||||
import {
|
||||
Form,
|
||||
QueryFormArgs,
|
||||
@ -11,10 +11,18 @@ import { ApolloContextType } from "../types"
|
||||
const formQuery: Resolver<Form, {}, ApolloContextType, QueryFormArgs> = async (
|
||||
_,
|
||||
{ id },
|
||||
{ db }
|
||||
{ db, user }
|
||||
) => {
|
||||
try {
|
||||
return await getForm(db, id)
|
||||
const authorId = await getFormAuthor(db, id)
|
||||
|
||||
const getFormById = () => getForm(db, id)
|
||||
|
||||
return await checkRightsAndResolve(
|
||||
user!,
|
||||
{ id: authorId, admin: false },
|
||||
getFormById
|
||||
)
|
||||
} catch (err) {
|
||||
return err
|
||||
}
|
||||
|
@ -1,6 +1,6 @@
|
||||
import jwt from "jsonwebtoken"
|
||||
import { MutationLoginArgs, Resolver, User } from "../typeDefs/typeDefs.gen"
|
||||
import { ApolloContextType, JwtPayload } from "../types"
|
||||
import { ApolloContextType, JwtPayloadType } from "../types"
|
||||
|
||||
const loginResolver: Resolver<
|
||||
User,
|
||||
@ -9,7 +9,7 @@ const loginResolver: Resolver<
|
||||
MutationLoginArgs
|
||||
> = async (_, { id, admin }, { db }) => {
|
||||
try {
|
||||
const payload: JwtPayload = {
|
||||
const payload: JwtPayloadType = {
|
||||
id,
|
||||
admin,
|
||||
}
|
||||
|
@ -2,10 +2,11 @@ import { PrismaClient } from "@prisma/client"
|
||||
import {} from 'express-jwt'
|
||||
|
||||
export type ApolloContextType = {
|
||||
db: PrismaClient
|
||||
db: PrismaClient,
|
||||
user: JwtPayloadType | null
|
||||
}
|
||||
|
||||
export type JwtPayload = {
|
||||
export type JwtPayloadType = {
|
||||
id: number,
|
||||
admin: boolean
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user