initial commit

2023-03-03 16:54:28 +01:00 · 2023-03-03 16:54:28 +01:00 · 4fc3bb0a01
commit 4fc3bb0a01
202 changed files with 41729 additions and 0 deletions
--- a/app/Middleware/Auth.ts
+++ b/app/Middleware/Auth.ts
@ -0,0 +1,76 @@
+import { AuthenticationException } from '@adonisjs/auth/build/standalone'
+import type { GuardsList } from '@ioc:Adonis/Addons/Auth'
+import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
+
+/**
+ * Auth middleware is meant to restrict un-authenticated access to a given route
+ * or a group of routes.
+ *
+ * You must register this middleware inside `start/kernel.ts` file under the list
+ * of named middleware.
+ */
+export default class AuthMiddleware {
+  /**
+   * The URL to redirect to when request is Unauthorized
+   */
+  protected redirectTo = '/app/login'
+
+  /**
+   * Authenticates the current HTTP request against a custom set of defined
+   * guards.
+   *
+   * The authentication loop stops as soon as the user is authenticated using any
+   * of the mentioned guards and that guard will be used by the rest of the code
+   * during the current request.
+   */
+  protected async authenticate(auth: HttpContextContract['auth'], guards: (keyof GuardsList)[]) {
+    /**
+     * Hold reference to the guard last attempted within the for loop. We pass
+     * the reference of the guard to the "AuthenticationException", so that
+     * it can decide the correct response behavior based upon the guard
+     * driver
+     */
+    let guardLastAttempted: string | undefined
+
+    for (let guard of guards) {
+      guardLastAttempted = guard
+
+      if (await auth.use(guard).check()) {
+        /**
+         * Instruct auth to use the given guard as the default guard for
+         * the rest of the request, since the user authenticated
+         * succeeded here
+         */
+        auth.defaultGuard = guard
+        return true
+      }
+    }
+
+    /**
+     * Unable to authenticate using any guard
+     */
+    throw new AuthenticationException(
+      'Unauthorized access',
+      'E_UNAUTHORIZED_ACCESS',
+      guardLastAttempted,
+      this.redirectTo,
+    )
+  }
+
+  /**
+   * Handle request
+   */
+  public async handle (
+    { auth }: HttpContextContract,
+    next: () => Promise<void>,
+    customGuards: (keyof GuardsList)[]
+  ) {
+    /**
+     * Uses the user defined guards or the default guard mentioned in
+     * the config file
+     */
+    const guards = customGuards.length ? customGuards : [auth.name]
+    await this.authenticate(auth, guards)
+    await next()
+  }
+}
--- a/app/Middleware/Can.ts
+++ b/app/Middleware/Can.ts
@ -0,0 +1,85 @@
+import { HttpContextContract } from '@ioc:Adonis/Core/HttpContext';
+import Config from '@ioc:Adonis/Core/Config';
+import Database from '@ioc:Adonis/Lucid/Database';
+import User from 'App/Models/User';
+import { Exception } from '@adonisjs/core/build/standalone';
+
+const permissionTable = Config.get('rolePermission.permission_table', 'permissions');
+const rolePermissionTable = Config.get('rolePermission.role_permission_table', 'role_has_permissions');
+const roleTable = Config.get('rolePermission.role_table', 'roles');
+const userRoleTable = Config.get('rolePermission.user_role_table', 'link_accounts_roles');
+
+/**
+ * Permission authentication to check if user has any of the specified permissions
+ *
+ * Should be called after auth middleware
+ */
+export default class Can {
+	/**
+	 * Handle request
+	 */
+	public async handle(
+		{ auth, response }: HttpContextContract,
+		next: () => Promise<void>,
+		permissionNames: string[]
+	) {
+		/**
+		 * Check if user is logged-in
+		 */
+		let user = await auth.user;
+		if (!user) {
+			return response.unauthorized({ error: 'Must be logged in' });
+		}
+		let hasPermission = await this.checkHasPermissions(user, permissionNames);
+		if (!hasPermission) {
+			// return response.unauthorized({
+			// 	error: `Doesn't have required role(s): ${permissionNames.join(',')}`,
+			// });
+			throw new Exception(`Doesn't have required permission(s): ${permissionNames.join(',')}`, 401);
+		}
+		await next();
+	}
+
+	private async checkHasPermissions(user: User, permissionNames: Array<string>): Promise<boolean> {
+		let rolePlaceHolder = '(';
+		let placeholders = new Array(permissionNames.length).fill('?');
+		rolePlaceHolder += placeholders.join(',');
+		rolePlaceHolder += ')';		
+
+		// let test = user
+		// 	.related('roles')
+		// 	.query()
+		// 	.count('permissions.name')
+		// 	.innerJoin('gba.role_has_permissions', function () {
+		// 		this.on('gba.role_has_permissions.role_id', 'roles.id');
+		// 	})
+		// 	.innerJoin('gba.permissions', function () {
+		// 		this.on('role_has_permissions.permission_id', 'permissions.id');
+		// 	})
+		// 	.andWhereIn('permissions.name', permissionNames);
+        
+        // select "permissions"."name"
+        // from "gba"."roles" 
+        // inner join "gba"."link_accounts_roles" on "roles"."id" = "link_accounts_roles"."role_id" 
+        // inner join "gba"."role_has_permissions" on "gba"."role_has_permissions"."role_id" = "roles"."id" 
+        // inner join "gba"."permissions" on "role_has_permissions"."permission_id" = "permissions"."id" 
+        // where ("permissions"."name" in ('dataset-list', 'dataset-publish')) 
+        // and ("link_accounts_roles"."account_id" = 1)
+
+		let {
+			rows: {
+				0: { permissioncount },
+			},
+		} = await Database.rawQuery(
+			'SELECT count("p"."name") as permissionCount FROM ' + roleTable + 
+            ' r INNER JOIN ' + 	userRoleTable + ' ur ON ur.role_id=r.id AND "ur"."account_id"=? ' +
+			' INNER JOIN ' + 	rolePermissionTable + ' rp ON rp.role_id=r.id ' +	
+            ' INNER JOIN ' + 	permissionTable + ' p ON rp.permission_id=p.id AND "p"."name" in ' +
+            rolePlaceHolder +
+				' LIMIT 1',
+			[user.id, ...permissionNames]
+		);
+
+		return permissioncount > 0;
+	}
+}
--- a/app/Middleware/Is.ts
+++ b/app/Middleware/Is.ts
@ -0,0 +1,66 @@
+import { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
+import Config from '@ioc:Adonis/Core/Config'
+import Database from '@ioc:Adonis/Lucid/Database'
+import User from 'App/Models/User'
+// import { Exception } from '@adonisjs/core/build/standalone'
+
+const roleTable = Config.get('rolePermission.role_table', 'roles')
+const userRoleTable = Config.get('rolePermission.user_role_table', 'user_roles')
+
+/**
+ * Role authentication to check if user has any of the specified roles
+ *
+ * Should be called after auth middleware
+ */
+export default class Is {
+  /**
+   * Handle request
+   */
+  public async handle(
+    { auth, response }: HttpContextContract,
+    next: () => Promise<void>,
+    roleNames: string[]
+  ) {
+    /**
+     * Check if user is logged-in or not.
+     */
+    let user = await auth.user
+    if (!user) {
+      return response.unauthorized({ error: 'Must be logged in' })
+    }
+    let hasRole = await this.checkHasRoles(user, roleNames)
+    if (!hasRole) {
+      return response.unauthorized({
+        error: `Doesn't have required role(s): ${roleNames.join(',')}`,
+      })
+      // return new Exception(`Doesn't have required role(s): ${roleNames.join(',')}`,
+      // 401,
+      // "E_INVALID_AUTH_UID");  
+    }
+    await next()
+  }
+
+  private async checkHasRoles(user: User, roleNames: Array<string>): Promise<boolean> {
+    let rolePlaceHolder = '('
+    let placeholders = new Array(roleNames.length).fill('?')
+    rolePlaceHolder += placeholders.join(',')
+    rolePlaceHolder += ')'
+
+    let {
+      0: {
+        0: { roleCount },
+      },
+    } = await Database.rawQuery(
+      'SELECT count(`ur`.`id`) as roleCount FROM ' +
+        userRoleTable +
+        ' ur INNER JOIN ' +
+        roleTable +
+        ' r ON ur.role_id=r.id WHERE `ur`.`user_id`=? AND `r`.`name` in ' +
+        rolePlaceHolder +
+        ' LIMIT 1',
+      [user.id, ...roleNames]
+    )
+
+    return roleCount > 0
+  }
+}
--- a/app/Middleware/Role.ts
+++ b/app/Middleware/Role.ts
@ -0,0 +1,83 @@
+import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext';
+import Database from '@ioc:Adonis/Lucid/Database';
+import Config from '@ioc:Adonis/Core/Config';
+import User from 'app/Models/User';
+import { Exception } from '@adonisjs/core/build/standalone';
+
+const roleTable = Config.get('rolePermission.role_table', 'roles');
+const userRoleTable = Config.get('rolePermission.user_role_table', 'link_accounts_roles');
+
+
+// node ace make:middleware role
+export default class Role {
+	// .middleware(['auth', 'role:admin,moderator'])
+	public async handle(
+		{ auth, response }: HttpContextContract,
+		next: () => Promise<void>,
+		userRoles: string[]
+	) {
+		// Check if user is logged-in or not.
+		// let expression = "";
+		// if (Array.isArray(args)) {
+		// 	expression = args.join(" || ");
+		// }
+
+		let user = await auth.user;
+		if (!user) {
+			return response.unauthorized({ error: 'Must be logged in' });
+		}
+
+		let hasRole = await this.checkHasRoles(user, userRoles);
+		if (!hasRole) {
+			// return response.unauthorized({
+			// 	error: `Doesn't have required role(s): ${userRoles.join(',')}`,
+			// 	// error: `Doesn't have required role(s)`,
+			// });
+			throw new Exception(`Doesn't have required role(s): ${userRoles.join(',')}`, 401);
+		}
+
+		// code for middleware goes here. ABOVE THE NEXT CALL
+		await next();
+	}
+
+	private async checkHasRoles(user: User, userRoles: string[]): Promise<boolean> {
+		// await user.load("roles");
+		// const ok = user.roles.map((role) => role.name);
+		// const roles = await user.getRoles();
+
+		let rolePlaceHolder = '(';
+		let placeholders = new Array(userRoles.length).fill('?');
+		rolePlaceHolder += placeholders.join(',');
+		rolePlaceHolder += ')';
+
+		// const roles = await user
+		// 	.related('roles')
+		// 	.query()
+		// 	.count('*')	// .select('name')
+		// 	.whereIn('name', userRoles);
+		// // .groupBy('name');
+
+		// select count(*) as roleCount
+		// from gba.roles
+		// inner join gba.link_accounts_roles
+		// on "roles"."id" = "link_accounts_roles"."role_id"
+		// where ("name" in ('administrator', 'editor')) and ("link_accounts_roles"."account_id" = 1)
+
+		let {
+			rows: {
+				0: { rolecount },
+			},
+		} = await Database.rawQuery(
+			'SELECT count("r"."id") as roleCount FROM ' +
+				roleTable +
+				' r INNER JOIN ' +
+				userRoleTable +
+				' ur ON r.id=ur.role_id WHERE "ur"."account_id"=? AND "r"."name" in ' +
+				rolePlaceHolder +
+				' LIMIT 1',
+			[user.id, ...userRoles]
+		);
+
+		return rolecount > 0;
+	}
+}
--- a/app/Middleware/SilentAuth.ts
+++ b/app/Middleware/SilentAuth.ts
@ -0,0 +1,21 @@
+import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
+
+/**
+ * Silent auth middleware can be used as a global middleware to silent check
+ * if the user is logged-in or not.
+ *
+ * The request continues as usual, even when the user is not logged-in.
+ */
+export default class SilentAuthMiddleware {
+  /**
+   * Handle request
+   */
+  public async handle({ auth }: HttpContextContract, next: () => Promise<void>) {
+    /**
+     * Check if user is logged-in or not. If yes, then `ctx.auth.user` will be
+     * set to the instance of the currently logged in user.
+     */
+    await auth.check()
+    await next()
+  }
+}