backend: Simplify room authorization middleware by removing redundant authentication checks for moderators
This commit is contained in:
juancarmore
parent
a08da5dc75
commit
c774a437f9
@ -45,14 +45,10 @@ export const configureCreateRoomAuth = async (req: Request, res: Response, next:
|
|||||||
/**
|
/**
|
||||||
* Middleware that configures authorization for accessing a specific room.
|
* Middleware that configures authorization for accessing a specific room.
|
||||||
*
|
*
|
||||||
* This middleware runs after authentication and applies additional authorization rules
|
|
||||||
* based on the user's role and global authentication settings.
|
|
||||||
*
|
|
||||||
* - If there is no token in the session, the user is granted access (admin or API key).
|
* - If there is no token in the session, the user is granted access (admin or API key).
|
||||||
* - If the user does not belong to the requested room, access is denied.
|
* - If the user does not belong to the requested room, access is denied.
|
||||||
* - If the user is a moderator and global authentication requires it,
|
|
||||||
* an extra validation step is added with `withAuth(tokenAndRoleValidator(UserRole.USER))`.
|
|
||||||
* - If the user is not a moderator, access is denied.
|
* - If the user is not a moderator, access is denied.
|
||||||
|
* - If the user is a moderator and belongs to the room, access is granted.
|
||||||
*/
|
*/
|
||||||
export const configureRoomAuthorization = async (req: Request, res: Response, next: NextFunction) => {
|
export const configureRoomAuthorization = async (req: Request, res: Response, next: NextFunction) => {
|
||||||
const roomId = req.params.roomId as string;
|
const roomId = req.params.roomId as string;
|
||||||
@ -73,29 +69,13 @@ export const configureRoomAuthorization = async (req: Request, res: Response, ne
|
|||||||
return rejectRequestFromMeetError(res, error);
|
return rejectRequestFromMeetError(res, error);
|
||||||
}
|
}
|
||||||
|
|
||||||
const globalPrefService = container.get(MeetStorageService);
|
|
||||||
let authMode: AuthMode;
|
|
||||||
|
|
||||||
try {
|
|
||||||
const { securityPreferences } = await globalPrefService.getGlobalPreferences();
|
|
||||||
authMode = securityPreferences.authentication.authMode;
|
|
||||||
} catch (error) {
|
|
||||||
return handleError(res, error, 'checking authentication preferences');
|
|
||||||
}
|
|
||||||
|
|
||||||
// If the user is a moderator, it is necessary to add the user role validator
|
|
||||||
// in case the room requires some authentication
|
|
||||||
if (role === ParticipantRole.MODERATOR) {
|
|
||||||
if (authMode !== AuthMode.NONE) {
|
|
||||||
return withAuth(tokenAndRoleValidator(UserRole.USER))(req, res, next);
|
|
||||||
}
|
|
||||||
|
|
||||||
return next();
|
|
||||||
}
|
|
||||||
|
|
||||||
// If the user is not a moderator, it is not allowed to access the resource
|
// If the user is not a moderator, it is not allowed to access the resource
|
||||||
const error = errorInsufficientPermissions();
|
if (role !== ParticipantRole.MODERATOR) {
|
||||||
return rejectRequestFromMeetError(res, error);
|
const error = errorInsufficientPermissions();
|
||||||
|
return rejectRequestFromMeetError(res, error);
|
||||||
|
}
|
||||||
|
|
||||||
|
return next();
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user