_Bastler/partey_workadventure
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Verify user in admin

Browse Source 
- If 404, user don't exist in admin, it will be anonym user
- if 403, user is ban or not associate in the world
This commit is contained in:
Gregoire Parant 2020-10-19 20:49:30 +02:00
parent bf9dfcc835
commit dfa6d2cc66
2 changed files with 24 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
back/src/Services/AdminApi.ts
View File

@ -62,6 +62,17 @@ class AdminApi {
return res.data; return res.data;
} }
async fetchCheckUserByToken(organizationMemberToken: string): Promise<AdminApiData> {
if (!ADMIN_API_URL) {
return Promise.reject('No admin backoffice set!');
}
//todo: this call can fail if the corresponding world is not activated or if the token is invalid. Handle that case.
const res = await Axios.get(ADMIN_API_URL+'/api/check-user/'+organizationMemberToken,
{ headers: {"Authorization" : `${ADMIN_API_TOKEN}`} }
)
return res.data;
}
reportPlayer(reportedUserUuid: string, reportedUserComment: string, reporterUserUuid: string) { reportPlayer(reportedUserUuid: string, reportedUserComment: string, reporterUserUuid: string) {
return Axios.post(`${ADMIN_API_URL}/api/report`, { return Axios.post(`${ADMIN_API_URL}/api/report`, {
reportedUserUuid, reportedUserUuid,

13
back/src/Services/JWTTokenManager.ts
View File

@ -2,6 +2,7 @@ import {ALLOW_ARTILLERY, SECRET_KEY} from "../Enum/EnvironmentVariable";
import {uuid} from "uuidv4"; import {uuid} from "uuidv4";
import Jwt from "jsonwebtoken"; import Jwt from "jsonwebtoken";
import {TokenInterface} from "../Controller/AuthenticateController"; import {TokenInterface} from "../Controller/AuthenticateController";
import {adminApi, AdminApiData} from "../Services/AdminApi";
class JWTTokenManager { class JWTTokenManager {
@ -32,7 +33,7 @@ class JWTTokenManager {
const tokenInterface = tokenDecoded as TokenInterface; const tokenInterface = tokenDecoded as TokenInterface;
if (err) { if (err) {
console.error('An authentication error happened, invalid JsonWebToken.', err); console.error('An authentication error happened, invalid JsonWebToken.', err);
reject(new Error('An authentication error happened, invalid JsonWebToken. '+err.message)); reject(new Error('An authentication error happened, invalid JsonWebToken. ' + err.message));
return; return;
} }
if (tokenDecoded === undefined) { if (tokenDecoded === undefined) {
@ -41,12 +42,22 @@ class JWTTokenManager {
return; return;
} }
//verify token
if (!this.isValidToken(tokenInterface)) { if (!this.isValidToken(tokenInterface)) {
reject(new Error('Authentication error, invalid token structure.')); reject(new Error('Authentication error, invalid token structure.'));
return; return;
} }
//verify user in admin
return adminApi.fetchCheckUserByToken(tokenInterface.userUuid).then(() => {
resolve(tokenInterface.userUuid); resolve(tokenInterface.userUuid);
}).catch((err) => {
//anonymous user
if(err.response && err.response.status && err.response.status === 404){
return resolve(tokenInterface.userUuid);
}
reject(new Error('Authentication error, invalid token structure. ' + err));
});
}); });
}); });
} }