Implement OAuth2 server, link oauth:Client and auth::Oauth2Client, implement permission checks

2020-05-16 23:55:08 -05:00
parent 6f621f5891
commit d558f21375
51 changed files with 2808 additions and 159 deletions
--- a/app/routing/middleware/api/Permission.middleware.js
+++ b/app/routing/middleware/api/Permission.middleware.js
@@ -2,6 +2,16 @@ const { Middleware } = require('libflitter')

 class PermissionMiddleware extends Middleware {
    async test(req, res, next, { check }) {
+        // If the request was authorized using an OAuth2 bearer token,
+        // make sure the associated client has permission to access this endpoint.
+        if ( req?.oauth?.client ) {
+            if ( !req.oauth.client.can(check) )
+                return res.status(401)
+                    .message('Insufficient permissions (OAuth2 Client).')
+                    .api()
+        }
+
+        // Make sure the user has permission
        if ( !req.user.can(check) )
            return res.status(401)
                .message('Insufficient permissions.')