50 lines
1.2 KiB
JavaScript
50 lines
1.2 KiB
JavaScript
'use strict';
|
|
|
|
const { AppAuthError, AppInputError } = require('../helpers/app_error'),
|
|
{ Errors, UserTypes } = require('../helpers/constants'),
|
|
assert = require('assert'),
|
|
Joi = require('joi');
|
|
|
|
|
|
function validateInputRequest(schema, type) {
|
|
return async (req, res, next) => {
|
|
assert(schema && Joi.isSchema(schema), AppInputError.create(Errors.INVALID_VAL_SCHEMA));
|
|
assert(req, AppInputError.create(Errors.INVALID_REQUEST));
|
|
|
|
try {
|
|
let field;
|
|
if (type) {
|
|
field = type;
|
|
} else {
|
|
field = ['POST', 'PUT'].includes(req.method) ? 'body' : 'query';
|
|
}
|
|
const value = await schema.options({ stripUnknown: true }).validateAsync(req[field]);
|
|
req[field] = value;
|
|
|
|
return next && (next());
|
|
} catch (error) {
|
|
throw error;
|
|
}
|
|
};
|
|
}
|
|
|
|
function authRoles(roles = []) {
|
|
return async (req, res, next) => {
|
|
assert(req, AppInputError.create(Errors.INVALID_REQUEST));
|
|
|
|
if (!req.ut || !roles.includes(req.ut)) {
|
|
AppAuthError.throw(Errors.NO_ACCESS);
|
|
}
|
|
return next && (next());
|
|
};
|
|
}
|
|
|
|
function authAllowAdmin() {
|
|
return authRoles([UserTypes.ADMIN]);
|
|
}
|
|
|
|
module.exports = {
|
|
validateInputRequest,
|
|
authRoles, authAllowAdmin
|
|
};
|