From bdb1fc6a63cf82c1c39ed1330c575a067fd94fdf Mon Sep 17 00:00:00 2001 From: David Arranz Date: Sun, 8 Sep 2024 18:53:16 +0200 Subject: [PATCH] . --- .../express/passport/authMiddleware.ts | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/server/src/contexts/auth/infrastructure/express/passport/authMiddleware.ts b/server/src/contexts/auth/infrastructure/express/passport/authMiddleware.ts index fc72801..50d56ac 100644 --- a/server/src/contexts/auth/infrastructure/express/passport/authMiddleware.ts +++ b/server/src/contexts/auth/infrastructure/express/passport/authMiddleware.ts @@ -14,15 +14,20 @@ export const checkUser = composeMiddleware([ session: false, }), (req: Request, res: Response, next: NextFunction) => { - if (req.isAuthenticated()) { - return next(); + const _req = req as AuthenticatedRequest; + const user = _req.user; + + if (!user || !user.isUser) { + return generateExpressError(req, res, httpStatus.UNAUTHORIZED); } - return generateExpressError(req, res, httpStatus.UNAUTHORIZED); + return next(); }, ]); export const checkisAdmin = composeMiddleware([ - checkUser, + passport.authenticate("local-jwt", { + session: false, + }), (req: Request, res: Response, next: NextFunction) => { const _req = req as AuthenticatedRequest; const user = _req.user; @@ -35,7 +40,9 @@ export const checkisAdmin = composeMiddleware([ ]); export const checkAdminOrSelf = composeMiddleware([ - checkUser, + passport.authenticate("local-jwt", { + session: false, + }), (req: Request, res: Response, next: NextFunction) => { const _req = req as AuthenticatedRequest; const user = _req.user; @@ -46,7 +53,7 @@ export const checkAdminOrSelf = composeMiddleware([ return next(); } - if (user && userId) { + if (user && user.isUser && userId) { const paramIdOrError = ensureIdIsValid(userId); if (paramIdOrError.isSuccess && user.id.equals(paramIdOrError.object)) { return next();