Added authorization check

phoenixlan · Oct 24, 2023 · 0aa3d38 · 0aa3d38
1 parent 1c80cb4
commit 0aa3d38
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 19 deletions.
diff --git a/package.json b/package.json
@@ -21,6 +21,7 @@
     "@phoenixlan/phoenix.js": "^3.1.0",
     "@rollup/plugin-json": "^6.0.0",
     "@rollup/plugin-replace": "^2.4.2",
+    "@zerodevx/svelte-toast": "^0.9.5",
     "dotenv": "^16.0.3",
     "sirv-cli": "^2.0.0"
   }

diff --git a/src/App.svelte b/src/App.svelte
@@ -1,4 +1,6 @@
 <script>
+	import { SvelteToast } from "@zerodevx/svelte-toast"
+
 	import Infocontainer from './components/InfoContainer.svelte';
 	
 	import { checkAuth, authenticated, login, logout } from "./auth"
@@ -20,6 +22,8 @@
 	}
 </script>
 
+	<SvelteToast/>
+
 	{#if !($authenticated)}
 		<main>
 			<img src="./logo.svg" alt="">

diff --git a/src/auth.js b/src/auth.js
@@ -22,28 +22,47 @@ export function logout() {
 
 import { User } from '@phoenixlan/phoenix.js'
 
+import { toast } from '@zerodevx/svelte-toast'
+
+async function checkIsAuthorized() {
+    const payload = await User.Oauth.getTokenPayload();
+    const validRoles = ["ticket_checkin", "ticket_admin", "admin"]
+    const isAuthorized = validRoles.some(value => payload.roles.includes(value))
+    if(!isAuthorized) {
+        // If the user is not authorized we want to abort authentication and remove saved unauthorized tokens
+        window.localStorage.removeItem("auth");
+        url.searchParams.delete("code")
+        toast.push('You do not have permissions to check in tickets, contact a tech admin asap')
+        console.error("User is not authorized to perform required actions on this page. Does the user have the correct permissions?")
+        return false
+    }
+    return true
+}
+
+const url = new URL(window.location.href)
 export async function checkAuth() {
     // Create storage variable with information from local storage.
     const storage = window.localStorage.getItem("auth")
     if(!storage){
-        const url = new URL(window.location.href)
         const code = url.searchParams.get("code")
         if (code) {
             try {
                 // Get token, refreshToken and set authstate  based on token & refreshToken.
                 await User.Oauth.authenticateByCode(code);
 
-                let Token 		 = await User.Oauth.getToken();
-                let RefreshToken = await User.Oauth.getRefreshToken();
-
-                await User.Oauth.setAuthState(Token, RefreshToken);
-                authenticated.set(true)
+                const Token 	   = await User.Oauth.getToken();
+                const RefreshToken = await User.Oauth.getRefreshToken();
 
-                // Store user information in the local storage for later use.
-                window.localStorage.setItem("auth", JSON.stringify({
-                    token: 		  Token,
-                    refreshToken: RefreshToken,
-                }));
+                if (await checkIsAuthorized()){
+                    await User.Oauth.setAuthState(Token, RefreshToken);
+                    authenticated.set(true)
+
+                    // Store user information in the local storage for later use.
+                    window.localStorage.setItem("auth", JSON.stringify({
+                        token: 		  Token,
+                        refreshToken: RefreshToken,
+                    }));
+                } 
             }
             catch(e){
                 console.error('An error occured, failed to authenticate by token. (Is the token valid?)');
@@ -57,14 +76,16 @@ export async function checkAuth() {
         // If storage contains "auth" with correct information.
         let object = JSON.parse(storage);
         if(object.token && object.refreshToken) {
-            // Try to setAuthState with existing token & refreshToken.
-            try {
-                await User.Oauth.setAuthState(object.token, object.refreshToken);
-                authenticated.set(true)
-            }
-            catch (e) {
-                console.error('[API] ' + e);
-            }
+            if (await checkIsAuthorized()){
+                // Try to setAuthState with existing token & refreshToken.
+                try {
+                    await User.Oauth.setAuthState(object.token, object.refreshToken);
+                    authenticated.set(true)
+                }
+                catch (e) {
+                    console.error('[API] ' + e);
+                }
+            } 
         } else {
         // Conclude that local storage is corrupted or modified by the user or third-party app, delete the data.
             window.localStorage.removeItem("auth");

diff --git a/yarn.lock b/yarn.lock
@@ -262,6 +262,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@zerodevx/svelte-toast@npm:^0.9.5":
+  version: 0.9.5
+  resolution: "@zerodevx/svelte-toast@npm:0.9.5"
+  peerDependencies:
+    svelte: ^3.57.0 || ^4.0.0
+  checksum: 155c1f70339435f481853a3eaefaf52cf917ac7fbc3ba11ae4825aa0f84394d9f83e245e79667aa4fda21f0e4b242b70bea81def58ccfb0b94f48c34393316bc
+  languageName: node
+  linkType: hard
+
 "abbrev@npm:^1.0.0":
   version: 1.1.1
   resolution: "abbrev@npm:1.1.1"
@@ -1297,6 +1306,7 @@ __metadata:
     "@rollup/plugin-json": ^6.0.0
     "@rollup/plugin-node-resolve": ^11.2.1
     "@rollup/plugin-replace": ^2.4.2
+    "@zerodevx/svelte-toast": ^0.9.5
     dotenv: ^16.0.3
     rollup: ^2.3.4
     rollup-plugin-css-only: ^3.1.0