feature: Adds code to get permissions.

routes/NextNet API/Get Permissions.bru

@@ -0,0 +1,26 @@
+meta {
+  name: Get Permissions
+  type: http
+  seq: 5
+}
+
+post {
+  url: http://127.0.0.1:3000/api/v1/forward/create
+  body: json
+  auth: none
+}
+
+body:json {
+  {
+    "token": "5e2cb92a338a832d385790861312eb85d69f46f82317bfa984ac5e3517368ab5a827897b0f9775a9181b02fa3b9cffed7e59e5b3111d5bdc37f729156caf5f",
+    "name": "Test Route",
+    "description": "This is a test route for portcopier.",
+    
+    "sourceIP": "127.0.0.1",
+    "sourcePort": "8000",
+    
+    "destinationPort": "9000",
+    
+    "providerID": "1"
+  }
+}

src/index.ts

@@ -5,6 +5,8 @@ import Fastify from "fastify";
 
 import { ServerOptions, SessionToken } from "./libs/types.js";
 
+import { route as getPermissions } from "./routes/getPermissions.js";
+
 import { route as backendCreate } from "./routes/backends/create.js";
 
 import { route as forwardCreate } from "./routes/forward/create.js";
@@ -36,6 +38,8 @@ const fastify = Fastify({
   logger: true
 });
 
+getPermissions(fastify, prisma, sessionTokens, serverOptions);
+
 backendCreate(fastify, prisma, sessionTokens, serverOptions);
 
 forwardCreate(fastify, prisma, sessionTokens, serverOptions);

src/libs/permissions.ts

@@ -45,7 +45,7 @@ export async function hasPermission(permissionList: string[], uid: number, prism
   return true;
 }
 
-export async function hasPermissionByToken(permissionList: string[], token: string, tokens: Record<number, SessionToken[]>, prisma: PrismaClient): Promise<boolean> {
+export async function getUID(token: string, tokens: Record<number, SessionToken[]>, prisma: PrismaClient): Promise<number> {
   let userID = -1;
 
   // Look up in our currently authenticated users
@@ -80,9 +80,10 @@ export async function hasPermissionByToken(permissionList: string[], token: stri
     };
   }
 
-  // If we are STILL -1, we give up.
-  if (userID == -1) return false;
+  return userID;
+}
 
-  // Now we can test permissions!
+export async function hasPermissionByToken(permissionList: string[], token: string, tokens: Record<number, SessionToken[]>, prisma: PrismaClient): Promise<boolean> {
+  const userID = await getUID(token, tokens, prisma);
   return await hasPermission(permissionList, userID, prisma);
 }

src/routes/ROUTE_PLAN.md

@@ -2,6 +2,7 @@
 - /api/v1/users/create
 - /api/v1/users/login
 - /api/v1/users/remove
+- /api/v1/users/search
 - /api/v1/backends/create
 - /api/v1/backends/remove
 - /api/v1/backends/modify
@@ -9,4 +10,5 @@
 - /api/v1/routes/create
 - /api/v1/routes/remove
 - /api/v1/routes/modify
-- /api/v1/routes/search
+- /api/v1/routes/search
+- /api/v1/getPermissions

src/routes/getPermissions.ts

@@ -0,0 +1,50 @@
+import type { PrismaClient } from "@prisma/client";
+import type { FastifyInstance } from "fastify";
+
+import { ServerOptions, SessionToken } from "../libs/types.js";
+import { hasPermission, getUID } from "../libs/permissions.js";
+
+export function route(fastify: FastifyInstance, prisma: PrismaClient, tokens: Record<number, SessionToken[]>, options: ServerOptions) {
+  /**
+   * Logs in to a user account.
+   */
+  fastify.post("/api/v1/getPermissions", {
+    schema: {
+      body: {
+        type: "object",
+        required: ["token"],
+
+        properties: {
+          token: { type: "string" }
+        }
+      }
+    }
+  }, async(req, res) => {
+    // @ts-ignore
+    const body: {
+      token: string
+    } = req.body;
+
+    const uid = await getUID(body.token, tokens, prisma);
+
+    if (!await hasPermission([
+      "permissions.see"
+    ], uid, prisma)) {
+      return res.status(403).send({
+        error: "Unauthorized"
+      });
+    };
+
+    const permissionsRaw = await prisma.permission.findMany({
+      where: {
+        userID: uid
+      }
+    });
+
+    return {
+      success: true,
+      // Get the ones that we have, and transform them into just their name
+      data: permissionsRaw.filter((i) => i.has).map((i) => i.permission)
+    }
+  });
+}