refactor: prevent impersonation middelware

backend/src/middleware/auth/checks/user-auth-checks.ts

@@ -5,4 +5,4 @@ import { AuthenticatedRequest } from '../authenticated-request.js';
 /**
  * Only allow the user whose username is in the path parameter "username" to access the endpoint.
  */
-export const onlyAllowUserHimself = authorize((auth: AuthenticationInfo, req: AuthenticatedRequest) => req.params.username === auth.username);
+export const preventImpersonation = authorize((auth: AuthenticationInfo, req: AuthenticatedRequest) => req.params.username === auth.username);

backend/src/routes/student-join-requests.ts

@@ -5,16 +5,16 @@ import {
     getStudentRequestHandler,
     getStudentRequestsHandler,
 } from '../controllers/students.js';
-import { onlyAllowUserHimself } from '../middleware/auth/checks/user-auth-checks.js';
+import { preventImpersonation } from '../middleware/auth/checks/user-auth-checks.js';
 import { onlyAllowStudentHimselfAndTeachersOfClass } from '../middleware/auth/checks/class-auth-checks.js';
 
 // Under /:username/joinRequests/
 
 const router = express.Router({ mergeParams: true });
 
-router.get('/', onlyAllowUserHimself, getStudentRequestsHandler);
+router.get('/', preventImpersonation, getStudentRequestsHandler);
 
-router.post('/', onlyAllowUserHimself, createStudentRequestHandler);
+router.post('/', preventImpersonation, createStudentRequestHandler);
 
 router.get('/:classId', onlyAllowStudentHimselfAndTeachersOfClass, getStudentRequestHandler);
 

backend/src/routes/students.ts

@@ -11,7 +11,7 @@ import {
     getStudentSubmissionsHandler,
 } from '../controllers/students.js';
 import joinRequestRouter from './student-join-requests.js';
-import { onlyAllowUserHimself } from '../middleware/auth/checks/user-auth-checks.js';
+import { preventImpersonation } from '../middleware/auth/checks/user-auth-checks.js';
 import { adminOnly } from '../middleware/auth/checks/auth-checks.js';
 
 const router = express.Router();
@@ -23,25 +23,25 @@ router.get('/', adminOnly, getAllStudentsHandler);
 // Can only be used by an administrator.
 router.post('/', adminOnly, createStudentHandler);
 
-router.delete('/:username', onlyAllowUserHimself, deleteStudentHandler);
+router.delete('/:username', preventImpersonation, deleteStudentHandler);
 
 // Information about a student's profile
-router.get('/:username', onlyAllowUserHimself, getStudentHandler);
+router.get('/:username', preventImpersonation, getStudentHandler);
 
 // The list of classes a student is in
-router.get('/:username/classes', onlyAllowUserHimself, getStudentClassesHandler);
+router.get('/:username/classes', preventImpersonation, getStudentClassesHandler);
 
 // The list of submissions a student has made
-router.get('/:username/submissions', onlyAllowUserHimself, getStudentSubmissionsHandler);
+router.get('/:username/submissions', preventImpersonation, getStudentSubmissionsHandler);
 
 // The list of assignments a student has
-router.get('/:username/assignments', onlyAllowUserHimself, getStudentAssignmentsHandler);
+router.get('/:username/assignments', preventImpersonation, getStudentAssignmentsHandler);
 
 // The list of groups a student is in
-router.get('/:username/groups', onlyAllowUserHimself, getStudentGroupsHandler);
+router.get('/:username/groups', preventImpersonation, getStudentGroupsHandler);
 
 // A list of questions a user has created
-router.get('/:username/questions', onlyAllowUserHimself, getStudentQuestionsHandler);
+router.get('/:username/questions', preventImpersonation, getStudentQuestionsHandler);
 
 router.use('/:username/joinRequests', joinRequestRouter);
 

backend/src/routes/teacher-invitations.ts

@@ -6,7 +6,7 @@ import {
     getInvitationHandler,
     updateInvitationHandler,
 } from '../controllers/teacher-invitations.js';
-import { onlyAllowUserHimself } from '../middleware/auth/checks/user-auth-checks.js';
+import { preventImpersonation } from '../middleware/auth/checks/user-auth-checks.js';
 import {
     onlyAllowReceiverBody,
     onlyAllowSender,
@@ -16,7 +16,7 @@ import {
 
 const router = express.Router({ mergeParams: true });
 
-router.get('/:username', onlyAllowUserHimself, getAllInvitationsHandler);
+router.get('/:username', preventImpersonation, getAllInvitationsHandler);
 
 router.get('/:sender/:receiver/:classId', onlyAllowSenderOrReceiver, getInvitationHandler);
 

backend/src/routes/teachers.ts

@@ -12,7 +12,7 @@ import {
 } from '../controllers/teachers.js';
 import invitationRouter from './teacher-invitations.js';
 import { adminOnly } from '../middleware/auth/checks/auth-checks.js';
-import { onlyAllowUserHimself } from '../middleware/auth/checks/user-auth-checks.js';
+import { preventImpersonation } from '../middleware/auth/checks/user-auth-checks.js';
 import { onlyAllowTeacherOfClass } from '../middleware/auth/checks/class-auth-checks.js';
 const router = express.Router();
 
@@ -21,15 +21,15 @@ router.get('/', adminOnly, getAllTeachersHandler);
 
 router.post('/', adminOnly, createTeacherHandler);
 
-router.get('/:username', onlyAllowUserHimself, getTeacherHandler);
+router.get('/:username', preventImpersonation, getTeacherHandler);
 
-router.delete('/:username', onlyAllowUserHimself, deleteTeacherHandler);
+router.delete('/:username', preventImpersonation, deleteTeacherHandler);
 
-router.get('/:username/classes', onlyAllowUserHimself, getTeacherClassHandler);
+router.get('/:username/classes', preventImpersonation, getTeacherClassHandler);
 
-router.get('/:username/students', onlyAllowUserHimself, getTeacherStudentHandler);
+router.get('/:username/students', preventImpersonation, getTeacherStudentHandler);
 
-router.get('/:username/questions', onlyAllowUserHimself, getTeacherQuestionHandler);
+router.get('/:username/questions', preventImpersonation, getTeacherQuestionHandler);
 
 router.get('/:username/joinRequests/:classId', onlyAllowTeacherOfClass, getStudentJoinRequestHandler);