feat: add authenticate and authorize plugins

tf2pickup-org · Aug 1, 2024 · 4be4b12 · 4be4b12
1 parent fb622f7
commit 4be4b12
Show file tree

Hide file tree

Showing 4 changed files with 73 additions and 13 deletions.
diff --git a/src/auth/index.ts b/src/auth/index.ts
@@ -17,6 +17,8 @@ declare module 'fastify' {
 export default fp(
   async app => {
     await app.register((await import('./plugins/steam')).default)
+    await app.register((await import('./plugins/authenticate')).default)
+    await app.register((await import('./plugins/authorize')).default)
 
     // eslint-disable-next-line @typescript-eslint/require-await
     app.addHook('onRequest', async request => {

diff --git a/src/auth/plugins/authenticate.ts b/src/auth/plugins/authenticate.ts
@@ -0,0 +1,25 @@
+import fp from 'fastify-plugin'
+
+declare module 'fastify' {
+  interface FastifyContextConfig {
+    authenticate?: boolean
+  }
+}
+
+export default fp(
+  // eslint-disable-next-line @typescript-eslint/require-await
+  async app => {
+    app.addHook('onRequest', async (request, reply) => {
+      if (!request.routeOptions.config.authenticate) {
+        return
+      }
+
+      if (!request.user) {
+        return reply.unauthorized()
+      }
+    })
+  },
+  {
+    name: 'authenticate',
+  },
+)
diff --git a/src/auth/plugins/authorize.ts b/src/auth/plugins/authorize.ts
@@ -0,0 +1,33 @@
+import fp from 'fastify-plugin'
+import type { PlayerRole } from '../../database/models/player.model'
+
+declare module 'fastify' {
+  interface FastifyContextConfig {
+    authorize?: PlayerRole[]
+  }
+}
+
+export default fp(
+  // eslint-disable-next-line @typescript-eslint/require-await
+  async app => {
+    app.addHook('preHandler', async (request, reply) => {
+      if (!request.routeOptions.config.authorize) {
+        return
+      }
+
+      if (!request.user) {
+        return reply.unauthorized()
+      }
+
+      const roles = request.routeOptions.config.authorize
+      if (roles.some(r => request.user!.player.roles.includes(r))) {
+        return
+      }
+
+      return reply.forbidden()
+    })
+  },
+  {
+    name: 'authorize',
+  },
+)
diff --git a/src/games/routes.ts b/src/games/routes.ts
@@ -9,6 +9,7 @@ import { requestSubstitute } from './request-substitute'
 import { replacePlayer } from './replace-player'
 import { forceEnd } from './force-end'
 import { collections } from '../database/collections'
+import { PlayerRole } from '../database/models/player.model'
 
 export default fp(
   // eslint-disable-next-line @typescript-eslint/require-await
@@ -50,6 +51,9 @@ export default fp(
       .put(
         '/games/:number/request-substitute',
         {
+          config: {
+            authorize: [PlayerRole.admin],
+          },
           schema: {
             params: z.object({
               number: gameNumber,
@@ -60,10 +64,6 @@ export default fp(
           },
         },
         async (request, reply) => {
-          if (!request.isAdmin) {
-            return reply.forbidden()
-          }
-
           const number = request.params.number
           const replacee = request.body.player
 
@@ -74,6 +74,9 @@ export default fp(
       .put(
         '/games/:number/replace-player',
         {
+          config: {
+            authenticate: true,
+          },
           schema: {
             params: z.object({
               number: gameNumber,
@@ -84,32 +87,29 @@ export default fp(
           },
         },
         async (request, reply) => {
-          if (!request.user) {
-            return reply.unauthorized()
-          }
-
           const number = request.params.number
           const replacee = request.body.player
-          const replacement = request.user.player.steamId
+          const replacement = request.user!.player.steamId
 
           await replacePlayer({ number, replacee, replacement })
+          await reply.status(204).send()
         },
       )
       .put(
         '/games/:number/force-end',
         {
+          config: {
+            authorize: [PlayerRole.admin],
+          },
           schema: {
             params: z.object({
               number: gameNumber,
             }),
           },
         },
         async (request, reply) => {
-          if (!request.isAdmin) {
-            return reply.forbidden()
-          }
-
           await forceEnd(request.params.number, request.user!.player.steamId)
+          await reply.status(204).send()
         },
       )
   },