forked from mirrors/iceshrimp
30 lines
1.2 KiB
TypeScript
30 lines
1.2 KiB
TypeScript
import authenticate from "@/server/api/authenticate.js";
|
|
import { ILocalUser } from "@/models/entities/user.js";
|
|
import { MastoContext } from "@/server/api/mastodon/index.js";
|
|
import { AuthConverter } from "@/server/api/mastodon/converters/auth.js";
|
|
import { MastoApiError } from "@/server/api/mastodon/middleware/catch-errors.js";
|
|
|
|
export async function AuthMiddleware(ctx: MastoContext, next: () => Promise<any>) {
|
|
const auth = await authenticate(ctx.headers.authorization, null, true);
|
|
ctx.user = auth[0] ?? null as ILocalUser | null;
|
|
ctx.scopes = auth[1]?.permission ?? [] as string[];
|
|
|
|
await next();
|
|
}
|
|
|
|
export function auth(required: boolean, scopes: string[] = []) {
|
|
return async function auth(ctx: MastoContext, next: () => Promise<any>) {
|
|
if (required && !ctx.user) throw new MastoApiError(401, "This method requires an authenticated user");
|
|
|
|
if (!AuthConverter.decode(scopes).every(p => ctx.scopes.includes(p))) {
|
|
if (required) throw new MastoApiError(403, "This action is outside the authorized scopes")
|
|
|
|
ctx.user = null;
|
|
ctx.scopes = [];
|
|
}
|
|
|
|
ctx.scopes = AuthConverter.encode(ctx.scopes);
|
|
|
|
await next();
|
|
};
|
|
} |