fixed custom request type issue, implemented authorization in stsById api

Author: shawon-majid

server/.DS_Store

@@ -4,6 +4,7 @@
   "description": "",
   "main": "index.js",
   "scripts": {
+    "install": "cd ./src && npx prisma migrate dev --name init && createdb ecosync 2> /dev/null || echo 'database already exists'",
     "build": "tsc",
     "start": "node build/index.js",
     "dev": "ts-node src/index.ts",

server/build/index.js

@@ -2,6 +2,7 @@ import { PrismaClient, STS, Vehicle } from "@prisma/client";
 import { Request, Response } from "express";
 import errorWrapper from "../middlewares/errorWrapper";
 import CustomError from "../services/CustomError";
+import { RoleName } from "../types/rolesTypes";
 
 const prisma = new PrismaClient();
 
@@ -33,6 +34,9 @@ const getAllSTS = errorWrapper(
 const getSTSById = errorWrapper(
   async (req: Request, res: Response) => {
     const { stsId } = req.params;
+
+    console.log(req.user?.id);
+
     const sts = await prisma.sTS.findUnique({
       where: {
         id: stsId,
@@ -46,9 +50,19 @@ const getSTSById = errorWrapper(
       throw new CustomError("STS not found", 404);
     }
 
+    console.log(sts.manager);
+
+    // authorization check
+    if (
+      req.user?.role != RoleName.SYSTEM_ADMIN &&
+      !sts.manager.map((man) => man.id).includes(req.user?.id)
+    ) {
+      throw new CustomError("Unauthorized", 401);
+    }
+
     const percentage = await calculatePercentage(sts);
 
-    res.status(200).json({ sts, graphData: percentage });    
+    res.status(200).json({ sts, graphData: percentage });
   },
   { statusCode: 404, message: "STS not found" }
 );
@@ -62,11 +76,13 @@ async function calculatePercentage(sts: STS) {
   const graphData = {
     empty: mot - ase,
     full: ase,
-    emptyPercentage: parseFloat((((mot - ase) / mot) * 100).toString()).toFixed(2),
+    emptyPercentage: parseFloat((((mot - ase) / mot) * 100).toString()).toFixed(
+      2
+    ),
     fullPercentage: parseFloat(((ase / mot) * 100).toString()).toFixed(2),
   };
-  
-  return  graphData; // Replace with the actual calculation
+
+  return graphData; // Replace with the actual calculation
 }
 
 const updateSTS = errorWrapper(

server/package-lock.json

@@ -2,6 +2,7 @@ import { Request, Response, NextFunction } from "express";
 import errorWrapper from "./errorWrapper";
 import CustomError from "../services/CustomError";
 import { getToken, verifyToken } from "../services/Token";
+import { JwtPayload } from "jsonwebtoken";
 
 const authChecker = errorWrapper(
   async (req: Request, res: Response, next: NextFunction) => {
@@ -10,7 +11,8 @@ const authChecker = errorWrapper(
       throw new CustomError("Unauthorized", 401);
     }
     const decoded = verifyToken(token);
-    (req as any).user = decoded;
+    req.user = decoded as JwtPayload;
+    console.log(req.user);
     next();
   }
 );

server/package.json

@@ -6,7 +6,8 @@ import { getPermittedRoleNames } from "../permissions/permissions";
 const authRole = (roles: string[]) => {
   return errorWrapper(
     async (req: Request, res: Response, next: NextFunction) => {
-      const userRole = ((req as any).user as any).role;
+      const userRole = req.user?.role;
+      if (!userRole) throw new CustomError("Unauthorized", 401);
       if (!roles.includes(userRole)) {
         throw new CustomError("Unauthorized", 401);
       }
@@ -18,13 +19,10 @@ const authRole = (roles: string[]) => {
 const authorizer = (permission: string) => {
   return errorWrapper(
     async (req: Request, res: Response, next: NextFunction) => {
-      const userRole = ((req as any).user as any)?.role;
+      const userRole = req.user?.role;
 
       const permittedRoles = await getPermittedRoleNames(permission);
 
-      console.log(userRole);
-      console.log(permittedRoles);
-
       if (userRole && permittedRoles.includes(userRole)) {
         next();
       } else throw new CustomError("Unauthorized", 401);

server/src/controllers/sts.ts

@@ -1,124 +1,13 @@
-import bcrypt from "bcrypt";
-import express, { urlencoded, Request, Response } from "express";
-import dotenv from "dotenv";
-dotenv.config();
-import checkDatabaseConnection from "./db/connection";
-
-import { PrismaClient } from "@prisma/client";
-import errorWrapper from "./middlewares/errorWrapper";
-import CustomError from "./services/CustomError";
-const prisma = new PrismaClient();
-const PORT = process.env.PORT || 3000;
-const app = express();
-
-app.use(express.json());
-app.use(urlencoded({ extended: true }));
-
-app.get("/", (req, res) => {
-  res.send("EcoSync Server is Up...");
-});
-
-app.post("/addUser", async (req, res) => {
-  try {
-    const { name, email, password } = req.body;
-    const user = await prisma.user.create({
-      data: {
-        username: name,
-        email,
-        hashedPassword: password,
-      },
-    });
-
-    res.json(user);
-  } catch (error) {
-    console.log(error);
-  }
-});
-
-app.get("/users", async (req, res) => {
-  try {
-    console.log("Fetching users...");
-    // get all user and include the role also
-    const users = await prisma.user.findMany({
-      include: {
-        role: true,
-      },
-    });
-
-    res.json(users);
-  } catch (error) {
-    console.log(error);
-  }
-});
-
-app.put(
-  "/updateUser/:id",
-  errorWrapper(async (req: Request, res: Response) => {
-    const { id } = req.params;
-    const { name, email, password } = req.body;
-    // check if the user exist
-    const userExists = await prisma.user.findUnique({
-      where: {
-        id: id,
-      },
-    });
-
-    if (!userExists) {
-      throw new CustomError("User not found", 404);
-    }
-
-    const user = await prisma.user.update({
-      where: {
-        id: id,
-      },
-      data: {
-        username: name,
-        email,
-        hashedPassword: password,
-      },
-    });
-
-    res.json(user);
-  })
-);
-
-// get all roles
-app.get("/roles", async (req, res) => {
-  try {
-    console.log("Fetching roles...");
-    const roles = await prisma.role.findMany({});
-    res.json(roles);
-  } catch (error) {
-    console.log(error);
-  }
-});
-
-app.post(
-  "/permission",
-  errorWrapper(async (req: Request, res: Response) => {
-    const { name, description } = req.body;
-
-    const permission = await prisma.permission.create({
-      data: {
-        name,
-        description,
-      },
-    });
-
-    res.json(permission);
-  })
-);
-
-app.get(
-  "/permissions",
-  errorWrapper(async (req: Request, res: Response) => {
-    console.log("Fetching permissions...");
-    const permissions = await prisma.permission.findMany({});
-    res.json(permissions);
-  })
-);
-
-app.listen(PORT, async () => {
-  await checkDatabaseConnection();
-  console.log(`Server is running on PORT ${PORT}`);
-});
+interface myObj {
+  name: string;
+  sayHello: () => void;
+}
+
+const obj: myObj = {
+  name: "John",
+  sayHello() {
+    console.log(`Hello ${this.name}`);
+  },
+};
+
+obj.sayHello();

server/src/middlewares/auth.ts

@@ -2,12 +2,9 @@ import { JwtPayload } from "jsonwebtoken";
 import { User } from "../custom";
 
 // to make the file a module and avoid the TypeScript error
-export {};
 
-declare global {
-  namespace Express {
-    export interface Request {
-      user?: User;
-    }
+declare module "express-serve-static-core" {
+  interface Request {
+    user?: JwtPayload;
   }
 }

server/src/middlewares/authorizer.ts

@@ -1,7 +1,6 @@
 {
   "include": [
     "src/**/*",
-    "src/**/*.d.ts"
   ],
   "compilerOptions": {
     /* Visit https://aka.ms/tsconfig to read more about this file */
@@ -24,5 +23,6 @@
     "strict": true,                                      /* Enable all strict type-checking options. */
     "noImplicitAny": true,                               /* Enable error reporting for expressions and declarations with an implied 'any' type. */
     "skipLibCheck": true                                 /* Skip type checking all .d.ts files. */
-  }
+  },
+  "files": ["src/types/express/index.d.ts"]
 }