UNPKG

@topgroup/diginext

Version:

A BUILD SERVER & CLI to deploy apps to any Kubernetes clusters.

76 lines (75 loc) 3.74 kB
"use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; var desc = Object.getOwnPropertyDescriptor(m, k); if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { desc = { enumerable: true, get: function() { return m[k]; } }; } Object.defineProperty(o, k2, desc); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.apiAccessTokenHandler = void 0; const response_1 = require("diginext-utils/dist/response"); const lodash_1 = require("lodash"); const mongodb_1 = require("../plugins/mongodb"); const apiAccessTokenHandler = async (req, res, next) => { const { ApiKeyUserService } = await Promise.resolve().then(() => __importStar(require("../services"))); const apiKeyUserSvc = new ApiKeyUserService(); // extract API key from headers const access_token = req.headers["x-api-key"].toString(); let apiKeyAccount = await apiKeyUserSvc.findOne({ "token.access_token": access_token }, { populate: ["workspaces", "activeWorkspace", "roles", "activeRole"], ignorable: true, }); if (apiKeyAccount) { // check active workspace if (!apiKeyAccount.activeWorkspace) { const workspaces = apiKeyAccount.workspaces; if (workspaces.length === 1) { apiKeyAccount = await apiKeyUserSvc.updateOne({ _id: apiKeyAccount._id }, { activeWorkspace: workspaces[0]._id, "token.refresh_token": access_token }, { populate: ["roles", "workspaces", "activeWorkspace"] }); } } req.workspace = apiKeyAccount.activeWorkspace; // role const { roles = [] } = apiKeyAccount; const activeRole = roles.find((role) => { var _a; return mongodb_1.MongoDB.toString(role.workspace) === mongodb_1.MongoDB.toString((_a = apiKeyAccount.activeWorkspace) === null || _a === void 0 ? void 0 : _a._id) && !role.deletedAt; }); if (activeRole && apiKeyAccount.activeRole !== activeRole._id) apiKeyAccount = await apiKeyUserSvc.updateOne({ _id: apiKeyAccount._id }, { activeRole: activeRole._id }, { populate: ["roles", "workspaces", "activeWorkspace", "activeRole"] }); req.role = apiKeyAccount.activeRole = activeRole; // WHY???? if ((0, lodash_1.isEmpty)(apiKeyAccount.activeWorkspace)) delete apiKeyAccount.activeWorkspace; if ((0, lodash_1.isEmpty)(apiKeyAccount.activeRole)) delete apiKeyAccount.activeRole; // if (isEmpty(apiKeyAccount.activeWorkspace) && isEmpty(apiKeyAccount.activeRole)) return Response.rejected(res, "Permissions denied."); // user req.user = apiKeyAccount; res.locals.user = apiKeyAccount; return next(); } else { return response_1.Response.rejected(res, "API access token is invalid."); } // next(); // return res.status(401).json({ message: "Invalid token" }); }; exports.apiAccessTokenHandler = apiAccessTokenHandler;