UNPKG

create-cf-planetscale-app

Version:

Create a Cloudflare workers app for building production ready RESTful APIs using Hono

github.com/OultimoCoder/cloudflare-planetscale-hono-boilerplate

OultimoCoder/cloudflare-planetscale-hono-boilerplate

66 lines (59 loc) 2.36 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
import jwt, { JwtPayload } from '@tsndr/cloudflare-worker-jwt' import { MiddlewareHandler } from 'hono' import httpStatus from 'http-status' import { Environment } from '../../bindings' import { getConfig } from '../config/config' import { roleRights, Permission, Role } from '../config/roles' import { tokenTypes } from '../config/tokens' import { getUserById } from '../services/user.service' import { ApiError } from '../utils/api-error' const authenticate = async (jwtToken: string, secret: string) => { let authorized = false let payload try { authorized = await jwt.verify(jwtToken, secret) const decoded = jwt.decode(jwtToken) payload = decoded.payload as JwtPayload authorized = authorized && payload.type === tokenTypes.ACCESS } catch {} return { authorized, payload } } export const auth = (...requiredRights: Permission[]): MiddlewareHandler<Environment> => async (c, next) => { const credentials = c.req.raw.headers.get('Authorization') const config = getConfig(c.env) if (!credentials) { throw new ApiError(httpStatus.UNAUTHORIZED, 'Please authenticate') } const parts = credentials.split(/\s+/) if (parts.length !== 2) { throw new ApiError(httpStatus.UNAUTHORIZED, 'Please authenticate') } const jwtToken = parts[1] const { authorized, payload } = await authenticate(jwtToken, config.jwt.secret) if (!authorized || !payload || !payload.sub) { throw new ApiError(httpStatus.UNAUTHORIZED, 'Please authenticate') } if (requiredRights.length) { const userRights = roleRights[payload.role as Role] const hasRequiredRights = requiredRights.every((requiredRight) => (userRights as unknown as string[]).includes(requiredRight) ) if (!hasRequiredRights && c.req.param('userId') !== payload.sub) { throw new ApiError(httpStatus.FORBIDDEN, 'Forbidden') } } if (!payload.isEmailVerified) { const user = await getUserById(payload.sub, config['database']) if (!user) { throw new ApiError(httpStatus.UNAUTHORIZED, 'Please authenticate') } const url = new URL(c.req.url) if (url.pathname !== '/v1/auth/send-verification-email') { throw new ApiError(httpStatus.FORBIDDEN, 'Please verify your email') } } c.set('payload', payload) await next() }