Skip to content

Commit

Permalink
Remove change role endpoint (#44)
Browse files Browse the repository at this point in the history
  • Loading branch information
camargo authored Sep 13, 2023
1 parent 673ad17 commit f9829d9
Show file tree
Hide file tree
Showing 3 changed files with 2 additions and 87 deletions.
51 changes: 1 addition & 50 deletions src/packages/auth/functions.ts
Original file line number Diff line number Diff line change
Expand Up @@ -91,18 +91,12 @@ export function decodeJwt(authorizationHeader: string | undefined): JwtDecode {
}
}

export function generateJwt(
username: string,
defaultRole: string,
allowedRoles: string[],
activeRole?: string,
): string | null {
export function generateJwt(username: string, defaultRole: string, allowedRoles: string[]): string | null {
try {
const { HASURA_GRAPHQL_JWT_SECRET, JWT_EXPIRATION } = getEnv();
const { key, type }: JwtSecret = JSON.parse(HASURA_GRAPHQL_JWT_SECRET);
const options: jwt.SignOptions = { algorithm: type as Algorithm, expiresIn: JWT_EXPIRATION };
const payload: JwtPayload = {
activeRole: activeRole && allowedRoles.includes(activeRole) ? activeRole : defaultRole,
'https://hasura.io/jwt/claims': {
'x-hasura-allowed-roles': allowedRoles,
'x-hasura-default-role': defaultRole,
Expand Down Expand Up @@ -182,46 +176,3 @@ export async function session(authorizationHeader: string | undefined): Promise<
return { message: `Authentication is disabled`, success: true };
}
}

export async function changeRole(
authorizationHeader: string | undefined,
role: string | undefined,
): Promise<AuthResponse> {
const { AUTH_TYPE } = getEnv();
const { jwtErrorMessage, jwtPayload } = decodeJwt(authorizationHeader);

try {
if (jwtPayload) {
const {
username,
'https://hasura.io/jwt/claims': {
'x-hasura-allowed-roles': allowedRoles,
'x-hasura-default-role': defaultRole,
},
} = jwtPayload;

if (AUTH_TYPE === 'cam') {
return {
message: 'Role change successful',
success: true,
token: generateJwt(username, defaultRole as string, allowedRoles as string[], role),
};
} else {
return {
message: 'Authentication is disabled',
success: true,
token: generateJwt(username, defaultRole as string, allowedRoles as string[], role),
};
}
} else {
return { message: jwtErrorMessage, success: false, token: null };
}
} catch (error) {
logger.error(error);
return {
message: 'An unexpected error occurred',
success: false,
token: null,
};
}
}
37 changes: 1 addition & 36 deletions src/packages/auth/routes.ts
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import type { Express } from 'express';
import rateLimit from 'express-rate-limit';
import { getEnv } from '../../env.js';
import { changeRole, login, session } from './functions.js';
import { login, session } from './functions.js';

export default (app: Express) => {
const { RATE_LIMITER_LOGIN_MAX } = getEnv();
Expand Down Expand Up @@ -67,39 +67,4 @@ export default (app: Express) => {
const response = await session(authorizationHeader);
res.json(response);
});

/**
* @swagger
* /auth/changeRole:
* post:
* security:
* - bearerAuth: []
* consumes:
* - application/json
* produces:
* - application/json
* requestBody:
* description: User's desired role
* required: true
* content:
* application/json:
* schema:
* type: object
* properties:
* role:
* type: string
* responses:
* 200:
* description: AuthResponse
* summary: Changes a user's role in the session
* tags:
* - Auth
*/
app.post('/auth/changeRole', async (req, res) => {
const authorizationHeader = req.get('authorization');
const { body } = req;
const { role: requestedRole } = body;
const response = await changeRole(authorizationHeader, requestedRole);
res.json(response);
});
};
1 change: 0 additions & 1 deletion src/packages/auth/types.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ export type JwtDecode = {
};

export type JwtPayload = {
activeRole: string;
'https://hasura.io/jwt/claims': Record<string, string | string[]>;
username: string;
};
Expand Down

0 comments on commit f9829d9

Please sign in to comment.