fix: make the react admin accessible only by user with admin privileg…

…es (#300)
tractr · Oct 29, 2021 · 82afebc · 82afebc
1 parent 5491065
commit 82afebc
Showing 1 changed file with 37 additions and 30 deletions.
diff --git a/.../hapify/templates/react-admin/hapify/generated/react-admin/providers/auth.provider.ts.hpf b/.../hapify/templates/react-admin/hapify/generated/react-admin/providers/auth.provider.ts.hpf
@@ -1,5 +1,13 @@
 import { AuthProvider } from 'ra-core';
 
+export function checkStatusCode(statusCode: number) {
+  if (statusCode < 200 || statusCode >= 300) {
+    if (statusCode === 401) throw new Error('Authentication failed');
+
+    throw new Error();
+  }
+}
+
 export function authProvider(apiUrl: string | URL): AuthProvider {
   return {
     login: ({ username, password }) => {
@@ -11,62 +19,61 @@ export function authProvider(apiUrl: string | URL): AuthProvider {
       });
       return fetch(request)
         .then((response) => {
-          if (response.status < 200 || response.status >= 300) {
-            throw new Error(response.statusText);
-          }
+          checkStatusCode(response.status);
           return response.json();
         })
-        .catch(() => {
-          throw new Error('Network error');
+        .then(async ({ user }) => {
+          if (!user.roles.includes('admin')) {
+            const request = new Request(`${apiUrl}/logout`);
+            try {
+              await fetch(request);
+            } finally {
+              throw new Error('Authentication failed');
+            }
+          }
         });
     },
     checkError: (error) => {
       const status = error.status;
       if (status === 401 || status === 403) {
-        return Promise.reject();
+        return Promise.reject({ message: false });
       }
+
       // other error code (404, 500, etc): no need to log out
       return Promise.resolve();
     },
     checkAuth: async () => {
       const request = new Request(`${apiUrl}/me`);
-      return await fetch(request)
-        .then((response) => {
-          if (response.status < 200 || response.status >= 300) {
-            throw new Error(response.statusText);
-          }
-          return response.json();
-        })
-        .catch(() => {
-          throw new Error('Network error');
-        });
+      return await fetch(request).then((response) => {
+        checkStatusCode(response.status);
+        return response.json();
+      });
     },
     logout: async () => {
       const request = new Request(`${apiUrl}/logout`);
-      return await fetch(request)
+      return await fetch(request).then(({ status }) => {
+        if (status === 401) return;
+        checkStatusCode(status);
+      });
+    },
+    getIdentity: async () => {
+      const request = new Request(`${apiUrl}/me`);
+      return fetch(request)
         .then((response) => {
-          if (response.status === 401) return;
-          if (response.status < 200 || response.status >= 300) {
-            throw new Error(response.statusText);
-          }
+          return response.json();
         })
-        .catch(() => {
-          throw new Error('Network error');
-        });
+        .then(({ id, name }) => ({ id, fullName: name }));
     },
     getPermissions: async () => {
       const request = new Request(`${apiUrl}/me`);
       return await fetch(request)
         .then((response) => {
-          if (response.status < 200 || response.status >= 300) {
-            throw new Error(response.statusText);
-          }
+          checkStatusCode(response.status);
           return response.json();
         })
         .then((user) => {
-          if (user.roles.includes('admin')) return;
-
-          throw new Error('no admin');
+          if (user.roles.includes('admin')) return user.roles;
+          throw new Error('User authorisation failed');
         });
     },
   };