barmar/tethys.backend
1
0
Fork 0
forked from geolba/tethys.backend
Code Pull requests Activity

- additional functionality for DatasetController.ts

Browse source 
- additional validation rules like 'uniqueArray'
- additional Lucid models like BaseModel.ts for filling attributes, Title.ts, Description.ts
- npm updates for @adonisjs/core
This commit is contained in:
Kaimbacher 2023-06-22 17:20:04 +02:00
parent c4f4eff0d9
commit e0ff71b117
44 changed files with 2002 additions and 1556 deletions
Download patch file Download diff file Expand all files Collapse all files

105
app/Middleware/Auth.ts
View file

@ -1,6 +1,6 @@
import { AuthenticationException } from '@adonisjs/auth/build/standalone'
import type { GuardsList } from '@ioc:Adonis/Addons/Auth'
import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
import { AuthenticationException } from '@adonisjs/auth/build/standalone';
import type { GuardsList } from '@ioc:Adonis/Addons/Auth';
import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext';
/**
* Auth middleware is meant to restrict un-authenticated access to a given route
@ -10,67 +10,58 @@ import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
* of named middleware.
*/
export default class AuthMiddleware {
/**
* The URL to redirect to when request is Unauthorized
*/
protected redirectTo = '/app/login'
/**
* Authenticates the current HTTP request against a custom set of defined
* guards.
*
* The authentication loop stops as soon as the user is authenticated using any
* of the mentioned guards and that guard will be used by the rest of the code
* during the current request.
*/
protected async authenticate(auth: HttpContextContract['auth'], guards: (keyof GuardsList)[]) {
/**
* Hold reference to the guard last attempted within the for loop. We pass
* the reference of the guard to the "AuthenticationException", so that
* it can decide the correct response behavior based upon the guard
* driver
* The URL to redirect to when request is Unauthorized
*/
let guardLastAttempted: string | undefined
protected redirectTo = '/app/login';
for (let guard of guards) {
guardLastAttempted = guard
if (await auth.use(guard).check()) {
/**
* Authenticates the current HTTP request against a custom set of defined
* guards.
*
* The authentication loop stops as soon as the user is authenticated using any
* of the mentioned guards and that guard will be used by the rest of the code
* during the current request.
*/
protected async authenticate(auth: HttpContextContract['auth'], guards: (keyof GuardsList)[]) {
/**
* Instruct auth to use the given guard as the default guard for
* the rest of the request, since the user authenticated
* succeeded here
* Hold reference to the guard last attempted within the for loop. We pass
* the reference of the guard to the "AuthenticationException", so that
* it can decide the correct response behavior based upon the guard
* driver
*/
auth.defaultGuard = guard
return true
}
let guardLastAttempted: string | undefined;
for (let guard of guards) {
guardLastAttempted = guard;
if (await auth.use(guard).check()) {
/**
* Instruct auth to use the given guard as the default guard for
* the rest of the request, since the user authenticated
* succeeded here
*/
auth.defaultGuard = guard;
return true;
}
}
/**
* Unable to authenticate using any guard
*/
throw new AuthenticationException('Unauthorized access', 'E_UNAUTHORIZED_ACCESS', guardLastAttempted, this.redirectTo);
}
/**
* Unable to authenticate using any guard
* Handle request
*/
throw new AuthenticationException(
'Unauthorized access',
'E_UNAUTHORIZED_ACCESS',
guardLastAttempted,
this.redirectTo,
)
}
/**
* Handle request
*/
public async handle (
{ auth }: HttpContextContract,
next: () => Promise<void>,
customGuards: (keyof GuardsList)[]
) {
/**
* Uses the user defined guards or the default guard mentioned in
* the config file
*/
const guards = customGuards.length ? customGuards : [auth.name]
await this.authenticate(auth, guards)
await next()
}
public async handle({ auth }: HttpContextContract, next: () => Promise<void>, customGuards: (keyof GuardsList)[]) {
/**
* Uses the user defined guards or the default guard mentioned in
* the config file
*/
const guards = customGuards.length ? customGuards : [auth.name];
await this.authenticate(auth, guards);
await next();
}
}

125
app/Middleware/Can.ts
View file

@ -15,71 +15,74 @@ const userRoleTable = Config.get('rolePermission.user_role_table', 'link_account
* Should be called after auth middleware
*/
export default class Can {
/**
* Handle request
*/
public async handle(
{ auth, response }: HttpContextContract,
next: () => Promise<void>,
permissionNames: string[]
) {
/**
* Check if user is logged-in
*/
let user = await auth.user;
if (!user) {
return response.unauthorized({ error: 'Must be logged in' });
}
let hasPermission = await this.checkHasPermissions(user, permissionNames);
if (!hasPermission) {
// return response.unauthorized({
// error: `Doesn't have required role(s): ${permissionNames.join(',')}`,
// });
throw new Exception(`Doesn't have required permission(s): ${permissionNames.join(',')}`, 401);
}
await next();
}
/**
* Handle request
*/
public async handle({ auth, response }: HttpContextContract, next: () => Promise<void>, permissionNames: string[]) {
/**
* Check if user is logged-in
*/
let user = await auth.user;
if (!user) {
return response.unauthorized({ error: 'Must be logged in' });
}
let hasPermission = await this.checkHasPermissions(user, permissionNames);
if (!hasPermission) {
// return response.unauthorized({
// error: `Doesn't have required role(s): ${permissionNames.join(',')}`,
// });
throw new Exception(`Doesn't have required permission(s): ${permissionNames.join(',')}`, 401);
}
await next();
}
private async checkHasPermissions(user: User, permissionNames: Array<string>): Promise<boolean> {
let rolePlaceHolder = '(';
let placeholders = new Array(permissionNames.length).fill('?');
rolePlaceHolder += placeholders.join(',');
rolePlaceHolder += ')';
private async checkHasPermissions(user: User, permissionNames: Array<string>): Promise<boolean> {
let rolePlaceHolder = '(';
let placeholders = new Array(permissionNames.length).fill('?');
rolePlaceHolder += placeholders.join(',');
rolePlaceHolder += ')';
// let test = user
// .related('roles')
// .query()
// .count('permissions.name')
// .innerJoin('gba.role_has_permissions', function () {
// this.on('gba.role_has_permissions.role_id', 'roles.id');
// })
// .innerJoin('gba.permissions', function () {
// this.on('role_has_permissions.permission_id', 'permissions.id');
// })
// .andWhereIn('permissions.name', permissionNames);
// let test = user
// .related('roles')
// .query()
// .count('permissions.name')
// .innerJoin('gba.role_has_permissions', function () {
// this.on('gba.role_has_permissions.role_id', 'roles.id');
// })
// .innerJoin('gba.permissions', function () {
// this.on('role_has_permissions.permission_id', 'permissions.id');
// })
// .andWhereIn('permissions.name', permissionNames);
// select "permissions"."name"
// from "gba"."roles"
// inner join "gba"."link_accounts_roles" on "roles"."id" = "link_accounts_roles"."role_id"
// inner join "gba"."role_has_permissions" on "gba"."role_has_permissions"."role_id" = "roles"."id"
// inner join "gba"."permissions" on "role_has_permissions"."permission_id" = "permissions"."id"
// where ("permissions"."name" in ('dataset-list', 'dataset-publish'))
// from "gba"."roles"
// inner join "gba"."link_accounts_roles" on "roles"."id" = "link_accounts_roles"."role_id"
// inner join "gba"."role_has_permissions" on "gba"."role_has_permissions"."role_id" = "roles"."id"
// inner join "gba"."permissions" on "role_has_permissions"."permission_id" = "permissions"."id"
// where ("permissions"."name" in ('dataset-list', 'dataset-publish'))
// and ("link_accounts_roles"."account_id" = 1)
let {
rows: {
0: { permissioncount },
},
} = await Database.rawQuery(
'SELECT count("p"."name") as permissionCount FROM ' + roleTable +
' r INNER JOIN ' + userRoleTable + ' ur ON ur.role_id=r.id AND "ur"."account_id"=? ' +
' INNER JOIN ' + rolePermissionTable + ' rp ON rp.role_id=r.id ' +
' INNER JOIN ' + permissionTable + ' p ON rp.permission_id=p.id AND "p"."name" in ' +
rolePlaceHolder +
' LIMIT 1',
[user.id, ...permissionNames]
);
let {
rows: {
0: { permissioncount },
},
} = await Database.rawQuery(
'SELECT count("p"."name") as permissionCount FROM ' +
roleTable +
' r INNER JOIN ' +
userRoleTable +
' ur ON ur.role_id=r.id AND "ur"."account_id"=? ' +
' INNER JOIN ' +
rolePermissionTable +
' rp ON rp.role_id=r.id ' +
' INNER JOIN ' +
permissionTable +
' p ON rp.permission_id=p.id AND "p"."name" in ' +
rolePlaceHolder +
' LIMIT 1',
[user.id, ...permissionNames],
);
return permissioncount > 0;
}
return permissioncount > 0;
}
}

100
app/Middleware/Is.ts
View file

@ -1,11 +1,11 @@
import { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
import Config from '@ioc:Adonis/Core/Config'
import Database from '@ioc:Adonis/Lucid/Database'
import User from 'App/Models/User'
import { HttpContextContract } from '@ioc:Adonis/Core/HttpContext';
import Config from '@ioc:Adonis/Core/Config';
import Database from '@ioc:Adonis/Lucid/Database';
import User from 'App/Models/User';
// import { Exception } from '@adonisjs/core/build/standalone'
const roleTable = Config.get('rolePermission.role_table', 'roles')
const userRoleTable = Config.get('rolePermission.user_role_table', 'user_roles')
const roleTable = Config.get('rolePermission.role_table', 'roles');
const userRoleTable = Config.get('rolePermission.user_role_table', 'user_roles');
/**
* Role authentication to check if user has any of the specified roles
@ -13,54 +13,50 @@ const userRoleTable = Config.get('rolePermission.user_role_table', 'user_roles')
* Should be called after auth middleware
*/
export default class Is {
/**
* Handle request
*/
public async handle(
{ auth, response }: HttpContextContract,
next: () => Promise<void>,
roleNames: string[]
) {
/**
* Check if user is logged-in or not.
* Handle request
*/
let user = await auth.user
if (!user) {
return response.unauthorized({ error: 'Must be logged in' })
public async handle({ auth, response }: HttpContextContract, next: () => Promise<void>, roleNames: string[]) {
/**
* Check if user is logged-in or not.
*/
let user = await auth.user;
if (!user) {
return response.unauthorized({ error: 'Must be logged in' });
}
let hasRole = await this.checkHasRoles(user, roleNames);
if (!hasRole) {
return response.unauthorized({
error: `Doesn't have required role(s): ${roleNames.join(',')}`,
});
// return new Exception(`Doesn't have required role(s): ${roleNames.join(',')}`,
// 401,
// "E_INVALID_AUTH_UID");
}
await next();
}
let hasRole = await this.checkHasRoles(user, roleNames)
if (!hasRole) {
return response.unauthorized({
error: `Doesn't have required role(s): ${roleNames.join(',')}`,
})
// return new Exception(`Doesn't have required role(s): ${roleNames.join(',')}`,
// 401,
// "E_INVALID_AUTH_UID");
private async checkHasRoles(user: User, roleNames: Array<string>): Promise<boolean> {
let rolePlaceHolder = '(';
let placeholders = new Array(roleNames.length).fill('?');
rolePlaceHolder += placeholders.join(',');
rolePlaceHolder += ')';
let {
0: {
0: { roleCount },
},
} = await Database.rawQuery(
'SELECT count(`ur`.`id`) as roleCount FROM ' +
userRoleTable +
' ur INNER JOIN ' +
roleTable +
' r ON ur.role_id=r.id WHERE `ur`.`user_id`=? AND `r`.`name` in ' +
rolePlaceHolder +
' LIMIT 1',
[user.id, ...roleNames],
);
return roleCount > 0;
}
await next()
}
private async checkHasRoles(user: User, roleNames: Array<string>): Promise<boolean> {
let rolePlaceHolder = '('
let placeholders = new Array(roleNames.length).fill('?')
rolePlaceHolder += placeholders.join(',')
rolePlaceHolder += ')'
let {
0: {
0: { roleCount },
},
} = await Database.rawQuery(
'SELECT count(`ur`.`id`) as roleCount FROM ' +
userRoleTable +
' ur INNER JOIN ' +
roleTable +
' r ON ur.role_id=r.id WHERE `ur`.`user_id`=? AND `r`.`name` in ' +
rolePlaceHolder +
' LIMIT 1',
[user.id, ...roleNames]
)
return roleCount > 0
}
}

119
app/Middleware/Role.ts
View file

@ -7,77 +7,72 @@ import { Exception } from '@adonisjs/core/build/standalone';
const roleTable = Config.get('rolePermission.role_table', 'roles');
const userRoleTable = Config.get('rolePermission.user_role_table', 'link_accounts_roles');
// node ace make:middleware role
export default class Role {
// .middleware(['auth', 'role:admin,moderator'])
public async handle(
{ auth, response }: HttpContextContract,
next: () => Promise<void>,
userRoles: string[]
) {
// Check if user is logged-in or not.
// let expression = "";
// if (Array.isArray(args)) {
// expression = args.join(" || ");
// }
// .middleware(['auth', 'role:admin,moderator'])
public async handle({ auth, response }: HttpContextContract, next: () => Promise<void>, userRoles: string[]) {
// Check if user is logged-in or not.
// let expression = "";
// if (Array.isArray(args)) {
// expression = args.join(" || ");
// }
let user = await auth.user;
if (!user) {
return response.unauthorized({ error: 'Must be logged in' });
}
let user = await auth.user;
if (!user) {
return response.unauthorized({ error: 'Must be logged in' });
}
let hasRole = await this.checkHasRoles(user, userRoles);
if (!hasRole) {
// return response.unauthorized({
// error: `Doesn't have required role(s): ${userRoles.join(',')}`,
// // error: `Doesn't have required role(s)`,
// });
throw new Exception(`Doesn't have required role(s): ${userRoles.join(',')}`, 401);
}
let hasRole = await this.checkHasRoles(user, userRoles);
if (!hasRole) {
// return response.unauthorized({
// error: `Doesn't have required role(s): ${userRoles.join(',')}`,
// // error: `Doesn't have required role(s)`,
// });
throw new Exception(`Doesn't have required role(s): ${userRoles.join(',')}`, 401);
}
// code for middleware goes here. ABOVE THE NEXT CALL
await next();
}
// code for middleware goes here. ABOVE THE NEXT CALL
await next();
}
private async checkHasRoles(user: User, userRoles: string[]): Promise<boolean> {
// await user.load("roles");
// const ok = user.roles.map((role) => role.name);
// const roles = await user.getRoles();
private async checkHasRoles(user: User, userRoles: string[]): Promise<boolean> {
// await user.load("roles");
// const ok = user.roles.map((role) => role.name);
// const roles = await user.getRoles();
let rolePlaceHolder = '(';
let placeholders = new Array(userRoles.length).fill('?');
rolePlaceHolder += placeholders.join(',');
rolePlaceHolder += ')';
let rolePlaceHolder = '(';
let placeholders = new Array(userRoles.length).fill('?');
rolePlaceHolder += placeholders.join(',');
rolePlaceHolder += ')';
// const roles = await user
// .related('roles')
// .query()
// .count('*') // .select('name')
// .whereIn('name', userRoles);
// // .groupBy('name');
// const roles = await user
// .related('roles')
// .query()
// .count('*') // .select('name')
// .whereIn('name', userRoles);
// // .groupBy('name');
// select count(*) as roleCount
// from gba.roles
// inner join gba.link_accounts_roles
// on "roles"."id" = "link_accounts_roles"."role_id"
// where ("name" in ('administrator', 'editor')) and ("link_accounts_roles"."account_id" = 1)
// select count(*) as roleCount
// from gba.roles
// inner join gba.link_accounts_roles
// on "roles"."id" = "link_accounts_roles"."role_id"
// where ("name" in ('administrator', 'editor')) and ("link_accounts_roles"."account_id" = 1)
let {
rows: {
0: { rolecount },
},
} = await Database.rawQuery(
'SELECT count("r"."id") as roleCount FROM ' +
roleTable +
' r INNER JOIN ' +
userRoleTable +
' ur ON r.id=ur.role_id WHERE "ur"."account_id"=? AND "r"."name" in ' +
rolePlaceHolder +
' LIMIT 1',
[user.id, ...userRoles]
);
let {
rows: {
0: { rolecount },
},
} = await Database.rawQuery(
'SELECT count("r"."id") as roleCount FROM ' +
roleTable +
' r INNER JOIN ' +
userRoleTable +
' ur ON r.id=ur.role_id WHERE "ur"."account_id"=? AND "r"."name" in ' +
rolePlaceHolder +
' LIMIT 1',
[user.id, ...userRoles],
);
return rolecount > 0;
}
return rolecount > 0;
}
}

20
app/Middleware/SilentAuth.ts
View file

@ -1,4 +1,4 @@
import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext';
/**
* Silent auth middleware can be used as a global middleware to silent check
@ -7,15 +7,15 @@ import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
* The request continues as usual, even when the user is not logged-in.
*/
export default class SilentAuthMiddleware {
/**
* Handle request
*/
public async handle({ auth }: HttpContextContract, next: () => Promise<void>) {
/**
* Check if user is logged-in or not. If yes, then `ctx.auth.user` will be
* set to the instance of the currently logged in user.
* Handle request
*/
await auth.check()
await next()
}
public async handle({ auth }: HttpContextContract, next: () => Promise<void>) {
/**
* Check if user is logged-in or not. If yes, then `ctx.auth.user` will be
* set to the instance of the currently logged in user.
*/
await auth.check();
await next();
}
}