From e8d668cde0c94a40350d9bcac341ede509743553 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Minelli?= <michael@minelli.me> Date: Tue, 6 Jun 2023 20:19:31 +0200 Subject: [PATCH] SecurityMiddleware => Add check if connected --- ExpressAPI/src/middlewares/SecurityMiddleware.ts | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/ExpressAPI/src/middlewares/SecurityMiddleware.ts b/ExpressAPI/src/middlewares/SecurityMiddleware.ts index 73c5d82..6e895eb 100644 --- a/ExpressAPI/src/middlewares/SecurityMiddleware.ts +++ b/ExpressAPI/src/middlewares/SecurityMiddleware.ts @@ -18,9 +18,15 @@ class SecurityMiddleware { return SecurityMiddleware._instance; } - //Check if at least ONE rule match. It's NOT an AND but it's a OR function. For IsJuryUnlock, IsStudentUnlock and IsScheduleUnlock it's cumulative - check(...checkTypes: Array<SecurityCheckType>): (req: ApiRequest, res: express.Response, next: express.NextFunction) => void { + // First check if connected then check if at least ONE rule match. It's NOT an AND but it's a OR function. + check(checkIfConnected: boolean, ...checkTypes: Array<SecurityCheckType>): (req: ApiRequest, res: express.Response, next: express.NextFunction) => void { return async (req: ApiRequest, res: express.Response, next: express.NextFunction) => { + if ( checkIfConnected ) { + if ( req.session.profile.userID === null ) { + return req.session.sendResponse(res, StatusCodes.UNAUTHORIZED); + } + } + let isAllowed = checkTypes.length === 0; if ( !isAllowed ) { -- GitLab