tdpeuter/2025SELab2-project-Dwengo
tdpeuter/2025SELab2-project-Dwengo
1
Fork 0
Code Issues Releases 4 Packages 2 Wiki Activity

Merge remote-tracking branch 'origin/feat/endpoints-beschermen-met-authenticatie-#105' into feat/endpoints-beschermen-met-authenticatie-#105

Browse source 
# Conflicts:
#	backend/src/middleware/auth/checks/auth-checks.ts
#	backend/src/middleware/auth/checks/class-auth-checks.ts
#	backend/src/routes/teachers.ts
#	frontend/src/views/assignments/UserAssignments.vue
This commit is contained in:
Gabriellvl 2025-05-15 20:58:21 +02:00
commit 7da52284e6
40 changed files with 1042 additions and 541 deletions
Download patch file Download diff file Expand all files Collapse all files

12
backend/src/middleware/auth/checks/auth-checks.ts
View file

@ -4,6 +4,7 @@ import * as express from 'express';
import { RequestHandler } from 'express';
import { UnauthorizedException } from '../../../exceptions/unauthorized-exception.js';
import { ForbiddenException } from '../../../exceptions/forbidden-exception.js';
import { envVars, getEnvVar } from '../../../util/envVars.js';
import {AccountType} from "@dwengo-1/common/util/account-types";
/**
@ -15,6 +16,17 @@ import {AccountType} from "@dwengo-1/common/util/account-types";
export function authorize<P, ResBody, ReqBody, ReqQuery, Locals extends Record<string, unknown>>(
accessCondition: (auth: AuthenticationInfo, req: AuthenticatedRequest<P, ResBody, ReqBody, ReqQuery, Locals>) => boolean | Promise<boolean>
): RequestHandler<P, ResBody, ReqBody, ReqQuery, Locals> {
// Bypass authentication during testing
if (getEnvVar(envVars.RunMode) === 'test') {
return async (
_req: AuthenticatedRequest<P, ResBody, ReqBody, ReqQuery, Locals>,
_res: express.Response,
next: express.NextFunction
): Promise<void> => {
next();
};
}
return async (
req: AuthenticatedRequest<P, ResBody, ReqBody, ReqQuery, Locals>,
_res: express.Response,

4
backend/src/middleware/auth/checks/class-auth-checks.ts
View file

@ -3,7 +3,7 @@ import { AuthenticationInfo } from '../authentication-info.js';
import { AuthenticatedRequest } from '../authenticated-request.js';
import { fetchClass } from '../../../services/classes.js';
import { mapToUsername } from '../../../interfaces/user.js';
import {getAllInvitations} from "../../../services/teacher-invitations";
import { getAllInvitations } from '../../../services/teacher-invitations.js';
import {AccountType} from "@dwengo-1/common/util/account-types";
async function teaches(teacherUsername: string, classId: string): Promise<boolean> {
@ -51,7 +51,7 @@ export const onlyAllowIfInClassOrInvited = authorize(async (auth: Authentication
const clazz = await fetchClass(classId);
if (auth.accountType === AccountType.Teacher) {
const invitations = await getAllInvitations(auth.username, false);
return clazz.teachers.map(mapToUsername).includes(auth.username) || invitations.some(invitation => invitation.classId === classId);
return clazz.teachers.map(mapToUsername).includes(auth.username) || invitations.some((invitation) => invitation.classId === classId);
}
return clazz.students.map(mapToUsername).includes(auth.username);
});