Skip to content

Commit

Permalink
Merge pull request #36 from fga-eps-mds/149-fix-senhas-usuarios
Browse files Browse the repository at this point in the history
149 validacao de usuario de consulta
  • Loading branch information
JoaoVitorFarias authored Jul 9, 2023
2 parents 97447d8 + 8360bbb commit 5fd3b4f
Show file tree
Hide file tree
Showing 3 changed files with 78 additions and 26 deletions.
41 changes: 21 additions & 20 deletions src/middlewares/admin-auth-middleware.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,24 +2,25 @@ import { Request, Response } from 'express'
import { decode } from 'jsonwebtoken'

export const checkAdminAccessToken = (
req: Request,
resp: Response,
next: () => void
): void => {
const token = req.headers.authorization?.split(' ')[1]
if (!token) {
resp.status(401).json({ error: 'Token não informado' })
return
}

const { userId, role } = decode(token) as { userId: string, role: string }

if (role != 'administrador') {
resp.status(403).json({ error: 'Acesso negado. Você não é um administrador.' })
return
}

req.userId = userId
next()
req: Request,
resp: Response,
next: () => void
): void => {
const token = req.headers.authorization?.split(' ')[1]
if (!token) {
resp.status(401).json({ error: 'Token não informado' })
return
}


const { userId, role } = decode(token) as { userId: string; role: string }

if (role !== 'administrador') {
resp
.status(403)
.json({ error: 'Acesso negado. Você não é um administrador.' })
return
}

req.userId = userId
next()
}
26 changes: 26 additions & 0 deletions src/middlewares/is-not-query-user-middleware.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
import { Request, Response } from 'express'
import { decode } from 'jsonwebtoken'

export const checkIfIsQueryUser = (
req: Request,
resp: Response,
next: () => void
): void => {
const token = req.headers.authorization?.split(' ')[1]
if (!token) {
resp.status(401).json({ error: 'Token não informado' })
return
}

const { userId, role } = decode(token) as { userId: string; role: string }

if (role === 'consulta') {
resp.status(403).json({
error: 'Usuários de consulta não têm acesso a essa funcionalidade'
})
return
}

req.userId = userId
next()
}
37 changes: 31 additions & 6 deletions src/routes.ts
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import { checkAdminAccessToken } from './middlewares/admin-auth-middleware'
import { checkIfIsQueryUser } from './middlewares/is-not-query-user-middleware'
import { Router } from 'express'
import { adaptExpressRoute as adapt } from './adapters/express-router'
import { makeCreateOrderController } from './factories/controllers/create-order-service'
Expand All @@ -18,9 +19,17 @@ import { makeUpdateEquipmentController } from './factories/controllers/update-eq

const routes = Router()

routes.post('/create-order-service', adapt(makeCreateOrderController()))
routes.post(
'/create-order-service',
checkIfIsQueryUser,
adapt(makeCreateOrderController())
)
routes.get('/find', adapt(makeGetEquipmentController()))
routes.post('/createEquipment', adapt(makeCreateEquipmentController()))
routes.post(
'/createEquipment',
checkIfIsQueryUser,
adapt(makeCreateEquipmentController())
)
routes.delete(
'/deleteEquipment',
checkAdminAccessToken,
Expand All @@ -31,10 +40,26 @@ routes.get('/getAllBrands', adapt(makeFindAllBrandsController()))
routes.get('/getAllAcquisitions', adapt(makeFindAllAcquisitionsController()))
routes.get('/listOrderService', adapt(makeFindOrderServiceController()))
routes.get('/listOne', adapt(makeFindOneEquipmentController()))
routes.put('/updateOrderService', adapt(makeUpdateOrderController()))
routes.post('/createMovement', adapt(makeCreateMovementController()))
routes.put(
'/updateOrderService',
checkIfIsQueryUser,
adapt(makeUpdateOrderController())
)
routes.post(
'/createMovement',
checkIfIsQueryUser,
adapt(makeCreateMovementController())
)
routes.get('/findMovements', adapt(makeFindMovementsController()))
routes.delete('/deleteMovement', adapt(makeDeleteMovementController()))
routes.put('/updateEquipment', adapt(makeUpdateEquipmentController()))
routes.delete(
'/deleteMovement',
checkIfIsQueryUser,
adapt(makeDeleteMovementController())
)
routes.put(
'/updateEquipment',
checkIfIsQueryUser,
adapt(makeUpdateEquipmentController())
)

export default routes

0 comments on commit 5fd3b4f

Please sign in to comment.