diff --git a/src/auth.js b/src/auth.js
index 04a0664..d244bc2 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -22,28 +22,47 @@ export function logout() {
import { User } from '@phoenixlan/phoenix.js'
+import { toast } from '@zerodevx/svelte-toast'
+
+async function checkIsAuthorized() {
+ const payload = await User.Oauth.getTokenPayload();
+ const validRoles = ["ticket_checkin", "ticket_admin", "admin"]
+ const isAuthorized = validRoles.some(value => payload.roles.includes(value))
+ if(!isAuthorized) {
+ // If the user is not authorized we want to abort authentication and remove saved unauthorized tokens
+ window.localStorage.removeItem("auth");
+ url.searchParams.delete("code")
+ toast.push('You do not have permissions to check in tickets, contact a tech admin asap')
+ console.error("User is not authorized to perform required actions on this page. Does the user have the correct permissions?")
+ return false
+ }
+ return true
+}
+
+const url = new URL(window.location.href)
export async function checkAuth() {
// Create storage variable with information from local storage.
const storage = window.localStorage.getItem("auth")
if(!storage){
- const url = new URL(window.location.href)
const code = url.searchParams.get("code")
if (code) {
try {
// Get token, refreshToken and set authstate based on token & refreshToken.
await User.Oauth.authenticateByCode(code);
- let Token = await User.Oauth.getToken();
- let RefreshToken = await User.Oauth.getRefreshToken();
-
- await User.Oauth.setAuthState(Token, RefreshToken);
- authenticated.set(true)
+ const Token = await User.Oauth.getToken();
+ const RefreshToken = await User.Oauth.getRefreshToken();
- // Store user information in the local storage for later use.
- window.localStorage.setItem("auth", JSON.stringify({
- token: Token,
- refreshToken: RefreshToken,
- }));
+ if (await checkIsAuthorized()){
+ await User.Oauth.setAuthState(Token, RefreshToken);
+ authenticated.set(true)
+
+ // Store user information in the local storage for later use.
+ window.localStorage.setItem("auth", JSON.stringify({
+ token: Token,
+ refreshToken: RefreshToken,
+ }));
+ }
}
catch(e){
console.error('An error occured, failed to authenticate by token. (Is the token valid?)');
@@ -57,14 +76,16 @@ export async function checkAuth() {
// If storage contains "auth" with correct information.
let object = JSON.parse(storage);
if(object.token && object.refreshToken) {
- // Try to setAuthState with existing token & refreshToken.
- try {
- await User.Oauth.setAuthState(object.token, object.refreshToken);
- authenticated.set(true)
- }
- catch (e) {
- console.error('[API] ' + e);
- }
+ if (await checkIsAuthorized()){
+ // Try to setAuthState with existing token & refreshToken.
+ try {
+ await User.Oauth.setAuthState(object.token, object.refreshToken);
+ authenticated.set(true)
+ }
+ catch (e) {
+ console.error('[API] ' + e);
+ }
+ }
} else {
// Conclude that local storage is corrupted or modified by the user or third-party app, delete the data.
window.localStorage.removeItem("auth");
diff --git a/yarn.lock b/yarn.lock
index b2e56aa..91394e3 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -262,6 +262,15 @@ __metadata:
languageName: node
linkType: hard
+"@zerodevx/svelte-toast@npm:^0.9.5":
+ version: 0.9.5
+ resolution: "@zerodevx/svelte-toast@npm:0.9.5"
+ peerDependencies:
+ svelte: ^3.57.0 || ^4.0.0
+ checksum: 155c1f70339435f481853a3eaefaf52cf917ac7fbc3ba11ae4825aa0f84394d9f83e245e79667aa4fda21f0e4b242b70bea81def58ccfb0b94f48c34393316bc
+ languageName: node
+ linkType: hard
+
"abbrev@npm:^1.0.0":
version: 1.1.1
resolution: "abbrev@npm:1.1.1"
@@ -1297,6 +1306,7 @@ __metadata:
"@rollup/plugin-json": ^6.0.0
"@rollup/plugin-node-resolve": ^11.2.1
"@rollup/plugin-replace": ^2.4.2
+ "@zerodevx/svelte-toast": ^0.9.5
dotenv: ^16.0.3
rollup: ^2.3.4
rollup-plugin-css-only: ^3.1.0
diff --git a/src/auth.js b/src/auth.js
index 04a0664..d244bc2 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -22,28 +22,47 @@ export function logout() {
import { User } from '@phoenixlan/phoenix.js'
+import { toast } from '@zerodevx/svelte-toast'
+
+async function checkIsAuthorized() {
+ const payload = await User.Oauth.getTokenPayload();
+ const validRoles = ["ticket_checkin", "ticket_admin", "admin"]
+ const isAuthorized = validRoles.some(value => payload.roles.includes(value))
+ if(!isAuthorized) {
+ // If the user is not authorized we want to abort authentication and remove saved unauthorized tokens
+ window.localStorage.removeItem("auth");
+ url.searchParams.delete("code")
+ toast.push('You do not have permissions to check in tickets, contact a tech admin asap')
+ console.error("User is not authorized to perform required actions on this page. Does the user have the correct permissions?")
+ return false
+ }
+ return true
+}
+
+const url = new URL(window.location.href)
export async function checkAuth() {
// Create storage variable with information from local storage.
const storage = window.localStorage.getItem("auth")
if(!storage){
- const url = new URL(window.location.href)
const code = url.searchParams.get("code")
if (code) {
try {
// Get token, refreshToken and set authstate based on token & refreshToken.
await User.Oauth.authenticateByCode(code);
- let Token = await User.Oauth.getToken();
- let RefreshToken = await User.Oauth.getRefreshToken();
-
- await User.Oauth.setAuthState(Token, RefreshToken);
- authenticated.set(true)
+ const Token = await User.Oauth.getToken();
+ const RefreshToken = await User.Oauth.getRefreshToken();
- // Store user information in the local storage for later use.
- window.localStorage.setItem("auth", JSON.stringify({
- token: Token,
- refreshToken: RefreshToken,
- }));
+ if (await checkIsAuthorized()){
+ await User.Oauth.setAuthState(Token, RefreshToken);
+ authenticated.set(true)
+
+ // Store user information in the local storage for later use.
+ window.localStorage.setItem("auth", JSON.stringify({
+ token: Token,
+ refreshToken: RefreshToken,
+ }));
+ }
}
catch(e){
console.error('An error occured, failed to authenticate by token. (Is the token valid?)');
@@ -57,14 +76,16 @@ export async function checkAuth() {
// If storage contains "auth" with correct information.
let object = JSON.parse(storage);
if(object.token && object.refreshToken) {
- // Try to setAuthState with existing token & refreshToken.
- try {
- await User.Oauth.setAuthState(object.token, object.refreshToken);
- authenticated.set(true)
- }
- catch (e) {
- console.error('[API] ' + e);
- }
+ if (await checkIsAuthorized()){
+ // Try to setAuthState with existing token & refreshToken.
+ try {
+ await User.Oauth.setAuthState(object.token, object.refreshToken);
+ authenticated.set(true)
+ }
+ catch (e) {
+ console.error('[API] ' + e);
+ }
+ }
} else {
// Conclude that local storage is corrupted or modified by the user or third-party app, delete the data.
window.localStorage.removeItem("auth");
diff --git a/yarn.lock b/yarn.lock
index b2e56aa..91394e3 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -262,6 +262,15 @@ __metadata:
languageName: node
linkType: hard
+"@zerodevx/svelte-toast@npm:^0.9.5":
+ version: 0.9.5
+ resolution: "@zerodevx/svelte-toast@npm:0.9.5"
+ peerDependencies:
+ svelte: ^3.57.0 || ^4.0.0
+ checksum: 155c1f70339435f481853a3eaefaf52cf917ac7fbc3ba11ae4825aa0f84394d9f83e245e79667aa4fda21f0e4b242b70bea81def58ccfb0b94f48c34393316bc
+ languageName: node
+ linkType: hard
+
"abbrev@npm:^1.0.0":
version: 1.1.1
resolution: "abbrev@npm:1.1.1"
@@ -1297,6 +1306,7 @@ __metadata:
"@rollup/plugin-json": ^6.0.0
"@rollup/plugin-node-resolve": ^11.2.1
"@rollup/plugin-replace": ^2.4.2
+ "@zerodevx/svelte-toast": ^0.9.5
dotenv: ^16.0.3
rollup: ^2.3.4
rollup-plugin-css-only: ^3.1.0