Skip to content
Snippets Groups Projects
Commit 9354feb9 authored by michael.minelli's avatar michael.minelli
Browse files

Add a middleware for security verifications

parent 920c5574
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
ExpressAPI/src/middlewares/SecurityMiddleware.ts 0 → 100644
+ 51
0
View file @ 9354feb9
import express from 'express';
import { StatusCodes } from 'http-status-codes';
import SecurityCheckType from '../types/SecurityCheckType';
import logger from '../shared/logging/WinstonLogger';
import ApiRequest from '../models/ApiRequest';
class SecurityMiddleware {
private static _instance: SecurityMiddleware;
private constructor() { }
public static get instance(): SecurityMiddleware {
if ( !SecurityMiddleware._instance ) {
SecurityMiddleware._instance = new SecurityMiddleware();
}
return SecurityMiddleware._instance;
}
//Check if at least ONE rule match. It's NOT an AND but it's a OR function. For IsJuryUnlock, IsStudentUnlock and IsScheduleUnlock it's cumulative
check(...checkTypes: Array<SecurityCheckType>): (req: ApiRequest, res: express.Response, next: express.NextFunction) => void {
return async (req: ApiRequest, res: express.Response, next: express.NextFunction) => {
let isAllowed = checkTypes.length === 0;
if ( !isAllowed ) {
for ( let checkType of checkTypes ) {
try {
switch ( checkType ) {
default:
isAllowed = isAllowed || false;
break;
}
} catch ( e ) {
logger.error('Security check failed !!! => ' + e);
isAllowed = isAllowed || false;
}
}
}
if ( !isAllowed ) {
return req.session.sendResponse(res, StatusCodes.FORBIDDEN);
}
return next();
};
}
}
export default SecurityMiddleware.instance;
ExpressAPI/src/types/SecurityCheckType.ts 0 → 100644
+ 5
0
View file @ 9354feb9
enum SecurityCheckType {
}
export default SecurityCheckType;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment