Remove change role endpoint

src/packages/auth/functions.ts

@@ -91,18 +91,12 @@ export function decodeJwt(authorizationHeader: string | undefined): JwtDecode {
   }
 }
 
-export function generateJwt(
-  username: string,
-  defaultRole: string,
-  allowedRoles: string[],
-  activeRole?: string,
-): string | null {
+export function generateJwt(username: string, defaultRole: string, allowedRoles: string[]): string | null {
   try {
     const { HASURA_GRAPHQL_JWT_SECRET, JWT_EXPIRATION } = getEnv();
     const { key, type }: JwtSecret = JSON.parse(HASURA_GRAPHQL_JWT_SECRET);
     const options: jwt.SignOptions = { algorithm: type as Algorithm, expiresIn: JWT_EXPIRATION };
     const payload: JwtPayload = {
-      activeRole: activeRole && allowedRoles.includes(activeRole) ? activeRole : defaultRole,
       'https://hasura.io/jwt/claims': {
         'x-hasura-allowed-roles': allowedRoles,
         'x-hasura-default-role': defaultRole,
@@ -182,46 +176,3 @@ export async function session(authorizationHeader: string | undefined): Promise<
     return { message: `Authentication is disabled`, success: true };
   }
 }
-
-export async function changeRole(
-  authorizationHeader: string | undefined,
-  role: string | undefined,
-): Promise<AuthResponse> {
-  const { AUTH_TYPE } = getEnv();
-  const { jwtErrorMessage, jwtPayload } = decodeJwt(authorizationHeader);
-
-  try {
-    if (jwtPayload) {
-      const {
-        username,
-        'https://hasura.io/jwt/claims': {
-          'x-hasura-allowed-roles': allowedRoles,
-          'x-hasura-default-role': defaultRole,
-        },
-      } = jwtPayload;
-
-      if (AUTH_TYPE === 'cam') {
-        return {
-          message: 'Role change successful',
-          success: true,
-          token: generateJwt(username, defaultRole as string, allowedRoles as string[], role),
-        };
-      } else {
-        return {
-          message: 'Authentication is disabled',
-          success: true,
-          token: generateJwt(username, defaultRole as string, allowedRoles as string[], role),
-        };
-      }
-    } else {
-      return { message: jwtErrorMessage, success: false, token: null };
-    }
-  } catch (error) {
-    logger.error(error);
-    return {
-      message: 'An unexpected error occurred',
-      success: false,
-      token: null,
-    };
-  }
-}

src/packages/auth/routes.ts

@@ -1,7 +1,7 @@
 import type { Express } from 'express';
 import rateLimit from 'express-rate-limit';
 import { getEnv } from '../../env.js';
-import { changeRole, login, session } from './functions.js';
+import { login, session } from './functions.js';
 
 export default (app: Express) => {
   const { RATE_LIMITER_LOGIN_MAX } = getEnv();
@@ -67,39 +67,4 @@ export default (app: Express) => {
     const response = await session(authorizationHeader);
     res.json(response);
   });
-
-  /**
-   * @swagger
-   * /auth/changeRole:
-   *   post:
-   *     security:
-   *       - bearerAuth: []
-   *     consumes:
-   *       - application/json
-   *     produces:
-   *       - application/json
-   *     requestBody:
-   *       description: User's desired role
-   *       required: true
-   *       content:
-   *         application/json:
-   *           schema:
-   *             type: object
-   *             properties:
-   *               role:
-   *                 type: string
-   *     responses:
-   *       200:
-   *         description: AuthResponse
-   *     summary: Changes a user's role in the session
-   *     tags:
-   *       - Auth
-   */
-  app.post('/auth/changeRole', async (req, res) => {
-    const authorizationHeader = req.get('authorization');
-    const { body } = req;
-    const { role: requestedRole } = body;
-    const response = await changeRole(authorizationHeader, requestedRole);
-    res.json(response);
-  });
 };

src/packages/auth/types.ts

@@ -6,7 +6,6 @@ export type JwtDecode = {
 };
 
 export type JwtPayload = {
-  activeRole: string;
   'https://hasura.io/jwt/claims': Record<string, string | string[]>;
   username: string;
 };