Add permissions

This commit is contained in:
2024-11-07 14:26:57 +01:00
parent a392841012
commit 41951d7603
20 changed files with 523 additions and 16 deletions

View File

@@ -73,6 +73,7 @@ export default defineEventHandler(async (e): Promise<Return> => {
},
with: {
data: true,
permission: true,
},
where: (table) => eq(table.id, sql.placeholder('id'))
}).prepare().get({ id: id.id });
@@ -89,6 +90,7 @@ export default defineEventHandler(async (e): Promise<Return> => {
email: user.email,
username: user.username,
state: user.state,
permissions: user.permission.map(e => e.permission),
}
}) as UserSessionRequired);

View File

@@ -71,7 +71,7 @@ export default defineEventHandler(async (e): Promise<Return> => {
db.insert(usersDataTable).values({ id: sql.placeholder('id') }).prepare().run({ id: id.id });
logSession(e, await setUserSession(e, { user: { id: id.id, username: body.data.username, email: body.data.email, state: 0, signin: new Date() } }) as UserSessionRequired);
logSession(e, await setUserSession(e, { user: { id: id.id, username: body.data.username, email: body.data.email, state: 0, signin: new Date(), permissions: [] } }) as UserSessionRequired);
setResponseStatus(e, 201);
return { success: true, session };

View File

@@ -1,6 +1,7 @@
import useDatabase from "~/composables/useDatabase";
import { userSessionsTable } from "~/db/schema";
import { eq, and, sql } from "drizzle-orm";
import { refreshSessionFromDB } from "../utils/user";
const monthAsMs = 60 * 60 * 24 * 30 * 1000;
@@ -25,6 +26,7 @@ export default defineNitroPlugin(() => {
await db.update(userSessionsTable).set({
timestamp: new Date(),
}).where(and(eq(userSessionsTable.id, sql.placeholder('id')), eq(userSessionsTable.user_id, sql.placeholder('user_id')))).prepare().run({ id: session.id, user_id: session.user.id });
await refreshSessionFromDB(event, session.id);
}
});
sessionHooks.hook('clear', async (session, event) => {

View File

@@ -29,7 +29,43 @@ export function logSession(e: H3Event<EventRequestHandler>, session: UserSession
{
const db = useDatabase();
console.log("Logging session %s", session.id)
db.insert(userSessionsTable).values({ id: sql.placeholder('id'), user_id: sql.placeholder('user_id'), timestamp: sql.placeholder('timestamp') }).prepare().run({ id: session.id, user_id: session.user.id, timestamp: new Date() });
return session;
}
export async function refreshSessionFromDB(e: H3Event<EventRequestHandler>, sessionId: string): Promise<void>
{
const db = useDatabase();
const user = db.query.userSessionsTable.findFirst({
columns: {
id: false,
},
with: {
users: {
with: {
permission: true,
data: true,
}
}
},
where: (table) => eq(table.id, sql.placeholder('id'))
}).prepare().get({ id: sessionId });
if(user)
{
await replaceUserSession(e, {
id: sessionId,
user: {
...user.users.data,
email: user.users.email,
username: user.users.username,
state: user.users.state,
permissions: user.users.permission.map(e => e.permission),
}
});
}
else
{
throw createError({ statusCode: 401, message: 'Invalid session' });
}
}