feature: Adds permission system.

2024-04-19 12:48:40 +00:00 · 2024-04-19 12:48:40 +00:00 · 0c279b459f
commit 0c279b459f
parent be91aafb58
6 changed files with 122 additions and 8 deletions
--- a/src/libs/permissions.ts
+++ b/src/libs/permissions.ts
@ -0,0 +1,42 @@
+import type { PrismaClient } from "@prisma/client";
+
+export const permissionListDisabled: Record<string, boolean> = {
+  "routes.add":         false,
+  "routes.remove":      false,
+  "routes.start":       false,
+  "routes.stop":        false,
+  "routes.edit":        false,
+  "routes.visible":     false,
+
+  "backends.add":       false,
+  "backends.remove":    false,
+  "backends.start":     false,
+  "backends.stop":      false,
+  "backends.edit":      false,
+  "backends.visible":   false,
+  "backends.secretVis": false,
+
+  "permissions.see":    false, 
+
+  "users.add":          false,
+  "users.remove":       false
+};
+
+// FIXME: This solution fucking sucks.
+export let permissionListEnabled: Record<string, boolean> = JSON.parse(JSON.stringify(permissionListDisabled));
+
+for (const index of Object.keys(permissionListEnabled)) {
+  permissionListEnabled[index] = true;
+}
+
+export async function hasPermission(permission: string, uid: number, prisma: PrismaClient): Promise<boolean> {
+  const permissionNode = await prisma.permission.findFirst({
+    where: {
+      userID: uid,
+      permission
+    }
+  });
+
+  if (!permissionNode) return false;
+  return permissionNode.has;
+}
--- a/src/routes/user/create.ts
+++ b/src/routes/user/create.ts
@ -1,14 +1,17 @@
 import type { PrismaClient } from "@prisma/client";
 import type { FastifyInstance } from "fastify";
-
 import { hash } from "bcrypt";

 import { ServerOptions, SessionToken } from "../../libs/types.js";
+import { permissionListEnabled } from "../../libs/permissions.js";
 import { generateToken } from "../../libs/generateToken.js";

 export function route(fastify: FastifyInstance, prisma: PrismaClient, tokens: Record<number, SessionToken[]>, options: ServerOptions) {
  // TODO: Permissions
  
+  /**
+   * Creates a new user account to use, only if it is enabled.
+   */
  fastify.post("/api/v1/users/create", {
    schema: {
      body: {
@ -16,8 +19,8 @@ export function route(fastify: FastifyInstance, prisma: PrismaClient, tokens: Re
        required: ["name", "email", "password"],

        properties: {
-          name: { type: "string" },
-          email: { type: "string" },
+          name:     { type: "string" },
+          email:    { type: "string" },
          password: { type: "string" }
        }
      }
@ -31,7 +34,7 @@ export function route(fastify: FastifyInstance, prisma: PrismaClient, tokens: Re
    } = req.body;

    if (!options.isSignupEnabled) {
-      return res.status(400).send({
+      return res.status(403).send({
        error: "Signing up is not enabled at this time."
      });
    };
@ -50,13 +53,31 @@ export function route(fastify: FastifyInstance, prisma: PrismaClient, tokens: Re

    const saltedPassword: string = await hash(body.password, 15);

-    let userData = {
+    const userData = {
      name: body.name,
      email: body.email,
      password: saltedPassword,
+
+      permissions: {
+        create: [] as {
+          permission: string,
+          has: boolean
+        }[]
+      },
+
      rootToken: null
    };

+    // TODO: There's probably a faster way to pull this off, but I'm lazy
+    for (const permissionKey of Object.keys(permissionListEnabled)) {
+      if (options.isSignupAsAdminEnabled || (permissionKey.startsWith("routes") || permissionKey == "permissions.see")) {
+        userData.permissions.create.push({
+          permission: permissionKey,
+          has: permissionListEnabled[permissionKey]
+        });
+      }
+    };
+
    if (options.allowUnsafeGlobalTokens) {
      userData.rootToken = generateToken() as unknown as null;
    }