flfeders/FEDEO
2
1
Fork 0
Code Issues 63 Pull Requests Actions Packages Projects 21 Releases Wiki Activity
Files
fc3ed1fb11fff7915488448a1f77bef8a519d3b2
FEDEO/src/plugins/auth.ts
florianfederspiel fc3ed1fb11 Fixed Tenant Error
2025-11-09 18:49:30 +01:00

104 lines
3.2 KiB
TypeScript
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
import { FastifyInstance } from "fastify";
import fp from "fastify-plugin";
import jwt from "jsonwebtoken";
import { secrets } from "../utils/secrets";
export default fp(async (server: FastifyInstance) => {
server.addHook("preHandler", async (req, reply) => {
// 1⃣ Token holen (Header oder Cookie)
const cookieToken = req.cookies?.token;
const authHeader = req.headers.authorization;
const headerToken = authHeader?.startsWith("Bearer ")
? authHeader.slice(7)
: null;
const token =
headerToken && headerToken.length > 10 ? headerToken : cookieToken || null;
/*let token = null
if(headerToken !== null && headerToken.length > 10){
token = headerToken
} else if(cookieToken ){
token = cookieToken
}*/
if (!token) {
return reply.code(401).send({ error: "Authentication required" });
}
try {
// 2⃣ JWT verifizieren
const payload = jwt.verify(token, secrets.JWT_SECRET!) as {
user_id: string;
email: string;
tenant_id: number;
};
console.log("payload", payload);
if (!payload?.user_id) {
return reply.code(401).send({ error: "Invalid token" });
}
req.user = payload;
// 3⃣ Rolle des Nutzers im Tenant laden
const { data: roleData, error: roleError } = await server.supabase
.from("auth_user_roles")
.select("role_id")
.eq("user_id", payload.user_id)
.eq("tenant_id", payload.tenant_id)
.maybeSingle();
if (roleError) {
console.log("Error fetching user role", roleError);
return reply.code(500).send({ error: "Failed to load user role" });
}
if (!roleData) {
return reply.code(403).send({ error: "No role assigned for this tenant" });
}
const roleId = roleData.role_id;
// 4⃣ Berechtigungen der Rolle laden
const { data: permissions, error: permsError } = await server.supabase
.from("auth_role_permissions")
.select("permission")
.eq("role_id", roleId);
if (permsError) {
console.log("Failed to load permissions", permsError);
return reply.code(500).send({ error: "Permission lookup failed" });
}
const perms = permissions?.map((p) => p.permission) ?? [];
// 5⃣ An Request hängen
req.role = roleId;
req.permissions = perms;
req.hasPermission = (perm: string) => perms.includes(perm);
} catch (err) {
return reply.code(401).send({ error: "Invalid or expired token" });
}
});
});
// 🧩 Fastify Type Declarations
declare module "fastify" {
interface FastifyRequest {
user: {
user_id: string;
email: string;
tenant_id: number;
};
role: string;
permissions: string[];
hasPermission: (permission: string) => boolean;
}
}
Reference in New Issue View Git Blame Copy Permalink