2018-04-26 15:54:53 -07:00
|
|
|
'use strict';
|
|
|
|
|
|
|
|
|
|
exports = module.exports = {
|
2020-02-13 22:06:54 -08:00
|
|
|
PERMISSION_ADMIN: 'admin', // not a real permission, but a role
|
2020-02-14 14:34:29 -08:00
|
|
|
PERMISSION_MANAGE_USERS: 'manage_users',
|
2018-04-26 15:54:53 -07:00
|
|
|
|
2020-02-06 16:44:46 +01:00
|
|
|
verifyToken: verifyToken,
|
2020-02-13 22:06:54 -08:00
|
|
|
hasPermission: hasPermission,
|
|
|
|
|
validatePermissions: validatePermissions
|
2018-06-18 14:21:54 -07:00
|
|
|
};
|
|
|
|
|
|
2018-04-26 15:54:53 -07:00
|
|
|
var assert = require('assert'),
|
2019-10-22 21:16:00 -07:00
|
|
|
BoxError = require('./boxerror.js'),
|
2018-06-27 23:17:04 -07:00
|
|
|
tokendb = require('./tokendb.js'),
|
2020-02-06 16:44:46 +01:00
|
|
|
users = require('./users.js');
|
2018-05-01 13:34:46 -07:00
|
|
|
|
2020-02-13 22:06:54 -08:00
|
|
|
function hasPermission(user, requiredPermission) {
|
2018-08-02 19:07:33 -07:00
|
|
|
assert.strictEqual(typeof user, 'object');
|
2020-02-13 22:06:54 -08:00
|
|
|
assert.strictEqual(typeof requiredPermission, 'string');
|
2018-08-02 19:07:33 -07:00
|
|
|
|
2020-02-13 22:06:54 -08:00
|
|
|
if (user.admin) return null;
|
|
|
|
|
if (user.permissions && user.permissions.includes(requiredPermission)) return null;
|
2018-08-03 17:21:24 -07:00
|
|
|
|
2020-02-13 22:06:54 -08:00
|
|
|
return new BoxError(BoxError.ACCESS_DENIED, 'Not permitted');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function validatePermissions(permissions) {
|
|
|
|
|
assert(permissions === null || Array.isArray(permissions));
|
|
|
|
|
|
|
|
|
|
if (permissions === null || permissions.length === 0) return null;
|
|
|
|
|
if (permissions.length === 1 && permissions[0] === exports.PERMISSION_MANAGE_USERS) return null;
|
|
|
|
|
|
|
|
|
|
// here for completeness
|
2020-02-17 13:47:21 +01:00
|
|
|
if (permissions.includes(exports.PERMISSION_ADMIN)) return new BoxError(BoxError.BAD_FIELD, 'admin is not a permission');
|
2020-02-13 22:06:54 -08:00
|
|
|
|
|
|
|
|
return new BoxError(BoxError.BAD_FIELD, 'Invalid permissions');
|
2018-06-27 23:17:04 -07:00
|
|
|
}
|
|
|
|
|
|
2020-02-06 16:44:46 +01:00
|
|
|
function verifyToken(accessToken, callback) {
|
2018-06-27 23:17:04 -07:00
|
|
|
assert.strictEqual(typeof accessToken, 'string');
|
|
|
|
|
assert.strictEqual(typeof callback, 'function');
|
|
|
|
|
|
2019-02-15 13:57:18 -08:00
|
|
|
tokendb.getByAccessToken(accessToken, function (error, token) {
|
2020-02-06 16:44:46 +01:00
|
|
|
if (error && error.reason === BoxError.NOT_FOUND) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
|
2020-02-06 14:50:12 +01:00
|
|
|
if (error) return callback(error);
|
2018-06-27 23:17:04 -07:00
|
|
|
|
2018-07-26 10:20:19 -07:00
|
|
|
users.get(token.identifier, function (error, user) {
|
2020-02-06 16:44:46 +01:00
|
|
|
if (error && error.reason === BoxError.NOT_FOUND) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
|
2018-06-27 23:17:04 -07:00
|
|
|
if (error) return callback(error);
|
|
|
|
|
|
2020-02-06 16:44:46 +01:00
|
|
|
if (!user.active) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
|
2018-08-02 19:07:33 -07:00
|
|
|
|
2020-02-06 16:44:46 +01:00
|
|
|
callback(null, user);
|
2018-06-27 23:17:04 -07:00
|
|
|
});
|
|
|
|
|
});
|
2018-06-18 14:21:54 -07:00
|
|
|
}
|
