Update CSS, add relationship between sensorModel and locationModel, and remove console.log statements

2024-01-26 04:07:11 +08:00
parent ba498a4d4b
commit d38423fa6d
19 changed files with 213 additions and 205 deletions
--- a/consumerWebsite/middleware/authChecker.js
+++ b/consumerWebsite/middleware/authChecker.js
@ -1,68 +1,36 @@
-const { tokenModel } = require("../database/model/tokenModel");
-const { userModel } = require("../database/model/userModel");
-const { compareHash } = require("../functions/bcrypt");
-const { checkToken } = require("../functions/api");
-const { isValid } = require("../functions/isValid");
+const { getTokenByToken } = require("../functions/api");

+const permissionError = new Error('PermissionError')
+permissionError.name = "Inadequate Permission Error"
+permissionError.status = 401
+permissionError.message = "Inadequate permission to complete this response"

 async function auth(req, res, next) {
    try {
-        const authToken = req.header("auth-token");
-        if (!authToken) {
-            const error = new Error("No Token key was supplied. Invalid request");
-            throw error;
+        const token = await getTokenByToken(req.header("auth-token"));
+
+        if (!token || !token.isValid){
+            throw permissionError;
        }

-        const splitAuthToken = authToken.split("-");
-        const rowid = splitAuthToken[0];
-        const suppliedToken = splitAuthToken.slice(1).join("-");
-
-        const token = await tokenModel.findByPk(rowid, { include: userModel });
-
-        if (!token) {
-            const error = new Error("Token key not found. Invalid request");
-            throw error;
-        }
-
-        const isMatch = await compareHash(suppliedToken, token.token);
-
-        console.log(isMatch);
-        if (!isMatch) {
-            const error = new Error("Token key not found. Invalid request");
-            throw error;
-        }
        //if token is a match
        req.token = token;
        req.user = await token.getUser();
-        const permission = await checkToken(suppliedToken, rowid);

        const route = req.originalUrl.split("?")[0]; // Removing query parameters
        //if route is from user/ and permission is canRead allow it to do CRUD
-        if (route.includes("/user/") && permission === "canRead") {
-            next();
+        if (route.includes("/user/") && token.permission === "canRead") {
+            return next();
        }
-        if ((req.method === "GET" && permission === "canRead") || (["GET", "POST", "PUT", "DELETE"].includes(req.method) && permission === "canWrite")) {
-            next();
-        }
-
-        if (!isValid(token.expiration)){
-            req.token.destroy();
-            throw new Error("Token expired");            
+        if ((req.method === "GET" && token.permission === "canRead") || (["GET", "POST", "PUT", "DELETE"].includes(req.method) && token.permission === "canWrite")) {
+            return next();
        }

+        throw permissionError
     
    } catch (error) {
        next(error);
    }
 }
-
 module.exports = { auth };

-/*
-        else {
-            const error = new Error("Insufficient permission");
-            error.status = 401;
-            throw error;
-        }
-
-*/