backend: Refactor authentication middleware usage across routes to enhance security and role validation

2025-03-21 01:33:01 +01:00 · 2025-03-21 01:33:01 +01:00 · e383d10fd6
commit e383d10fd6
parent a3e325c262
4 changed files with 58 additions and 17 deletions
--- a/backend/src/routes/global-preferences.routes.ts
+++ b/backend/src/routes/global-preferences.routes.ts
@ -4,12 +4,21 @@ import {
 	getAppearancePreferences,
 	updateAppearancePreferences
 } from '../controllers/global-preferences/appearance-preferences.controller.js';
-import { withAdminValidToken } from '../middlewares/auth.middleware.js';
+import { withAuth, tokenAndRoleValidator, apiKeyValidator } from '../middlewares/auth.middleware.js';
 import { Role } from '@typings-ce';
 export const preferencesRouter = Router();
 preferencesRouter.use(bodyParser.urlencoded({ extended: true }));
 preferencesRouter.use(bodyParser.json());
-preferencesRouter.put('/appearance', withAdminValidToken, updateAppearancePreferences);
+preferencesRouter.put(
-preferencesRouter.get('/appearance', withAdminValidToken, getAppearancePreferences);
+	'/appearance',
 	withAuth(apiKeyValidator, tokenAndRoleValidator(Role.ADMIN)),
 	updateAppearancePreferences
 );
 preferencesRouter.get(
 	'/appearance',
 	withAuth(apiKeyValidator, tokenAndRoleValidator(Role.ADMIN)),
 	getAppearancePreferences
 );
--- a/backend/src/routes/participants.routes.ts
+++ b/backend/src/routes/participants.routes.ts
@ -11,7 +11,11 @@ participantsInternalRouter.use(bodyParser.urlencoded({ extended: true }));
 participantsInternalRouter.use(bodyParser.json());
 participantsInternalRouter.post('/token', validateParticipantTokenRequest, participantCtrl.generateParticipantToken);
-participantsInternalRouter.post('/token/refresh', validateParticipantTokenRequest, participantCtrl.refreshParticipantToken);
+participantsInternalRouter.post(
 	'/token/refresh',
 	validateParticipantTokenRequest,
 	participantCtrl.refreshParticipantToken
 );
 export const participantsRouter = Router();
 participantsRouter.use(bodyParser.urlencoded({ extended: true }));
--- a/backend/src/routes/recording.routes.ts
+++ b/backend/src/routes/recording.routes.ts
@ -1,8 +1,9 @@
 import { Router } from 'express';
 import bodyParser from 'body-parser';
 import * as recordingCtrl from '../controllers/recording.controller.js';
-import { withParticipantValidToken, withUserBasicAuth } from '../middlewares/auth.middleware.js';
+import { withAuth, participantTokenValidator, tokenAndRoleValidator } from '../middlewares/auth.middleware.js';
 import { withRecordingEnabledAndCorrectPermissions } from '../middlewares/recording.middleware.js';
 import { Role } from '@typings-ce';
 export const recordingRouter = Router();
@ -12,15 +13,23 @@ recordingRouter.use(bodyParser.json());
 // Recording Routes
 recordingRouter.post(
 	'/',
-	withParticipantValidToken,
+	withAuth(participantTokenValidator),
 	withRecordingEnabledAndCorrectPermissions,
 	recordingCtrl.startRecording
 );
-recordingRouter.put('/:recordingId', withUserBasicAuth, /* withRecordingEnabled,*/ recordingCtrl.stopRecording);
+recordingRouter.put(
-recordingRouter.get('/:recordingId/stream', /*withRecordingEnabled,*/ recordingCtrl.streamRecording);
+	'/:recordingId',
 	withAuth(participantTokenValidator),
 	/* withRecordingEnabledAndCorrectPermissions,*/ recordingCtrl.stopRecording
 );
 recordingRouter.get(
 	'/:recordingId/stream',
 	withAuth(participantTokenValidator),
 	/*withRecordingEnabledAndCorrectPermissions,*/ recordingCtrl.streamRecording
 );
 recordingRouter.delete(
 	'/:recordingId',
-	withUserBasicAuth,
+	withAuth(tokenAndRoleValidator(Role.ADMIN), participantTokenValidator),
-	/*withRecordingEnabled,*/
+	/*withRecordingEnabledAndCorrectPermissions,*/
 	recordingCtrl.deleteRecording
 );
--- a/backend/src/routes/room.routes.ts
+++ b/backend/src/routes/room.routes.ts
@ -1,8 +1,12 @@
 import { Router } from 'express';
 import bodyParser from 'body-parser';
 import * as roomCtrl from '../controllers/room.controller.js';
-import { withUserBasicAuth, withValidApiKey } from '../middlewares/auth.middleware.js';
+import { withAuth, tokenAndRoleValidator, apiKeyValidator } from '../middlewares/auth.middleware.js';
-import { validateGetRoomQueryParams, validateRoomRequest } from '../middlewares/request-validators/room-validator.middleware.js';
+import {
 	validateGetRoomQueryParams,
 	validateRoomRequest
 } from '../middlewares/request-validators/room-validator.middleware.js';
 import { Role } from '@typings-ce';
 export const roomRouter = Router();
@ -10,10 +14,25 @@ roomRouter.use(bodyParser.urlencoded({ extended: true }));
 roomRouter.use(bodyParser.json());
 // Room Routes
-roomRouter.post('/', /*withValidApiKey,*/ validateRoomRequest, roomCtrl.createRoom);
+roomRouter.post(
-roomRouter.get('/', withUserBasicAuth, validateGetRoomQueryParams, roomCtrl.getRooms);
+	'/',
-roomRouter.get('/:roomName', withUserBasicAuth, validateGetRoomQueryParams, roomCtrl.getRoom);
+	withAuth(apiKeyValidator, tokenAndRoleValidator(Role.ADMIN), tokenAndRoleValidator(Role.USER)),
-roomRouter.delete('/:roomName', withUserBasicAuth, roomCtrl.deleteRooms);
+	validateRoomRequest,
 	roomCtrl.createRoom
 );
 roomRouter.get(
 	'/',
 	withAuth(apiKeyValidator, tokenAndRoleValidator(Role.ADMIN)),
 	validateGetRoomQueryParams,
 	roomCtrl.getRooms
 );
 roomRouter.get(
 	'/:roomName',
 	withAuth(apiKeyValidator, tokenAndRoleValidator(Role.ADMIN), tokenAndRoleValidator(Role.USER)),
 	validateGetRoomQueryParams,
 	roomCtrl.getRoom
 );
 roomRouter.delete('/:roomName', withAuth(apiKeyValidator, tokenAndRoleValidator(Role.ADMIN)), roomCtrl.deleteRooms);
 // Room preferences
-roomRouter.put('/', /*withAdminBasicAuth,*/ roomCtrl.updateRoomPreferences);
+roomRouter.put('/', withAuth(apiKeyValidator, tokenAndRoleValidator(Role.ADMIN)), roomCtrl.updateRoomPreferences);