fosrl.pangolin/server/middlewares/verifyOrgAccess.ts

import { Request, Response, NextFunction } from "express";
import { db } from "@server/db";
import { userOrgs } from "@server/db/schema";
import { and, eq } from "drizzle-orm";
import createHttpError from "http-errors";
import HttpCode from "@server/types/HttpCode";

export async function verifyOrgAccess(
    req: Request,
    res: Response,
    next: NextFunction
) {
    const userId = req.user!.userId;
    const orgId = req.params.orgId;

    if (!userId) {
        return next(
            createHttpError(HttpCode.UNAUTHORIZED, "User not authenticated")
        );
    }

    if (!orgId) {
        return next(
            createHttpError(HttpCode.BAD_REQUEST, "Invalid organization ID")
        );
    }

    try {
        if (!req.userOrg) {
            const userOrgRes = await db
                .select()
                .from(userOrgs)
                .where(
                    and(eq(userOrgs.userId, userId), eq(userOrgs.orgId, orgId))
                );
            req.userOrg = userOrgRes[0];
        }

        if (!req.userOrg) {
            next(
                createHttpError(
                    HttpCode.FORBIDDEN,
                    "User does not have access to this organization"
                )
            );
        } else {
            // User has access, attach the user's role to the request for potential future use
            req.userOrgRoleId = req.userOrg.roleId;
            req.userOrgId = orgId;
            return next();
        }
    } catch (e) {
        return next(
            createHttpError(
                HttpCode.INTERNAL_SERVER_ERROR,
                "Error verifying organization access"
            )
        );
    }
}
ability to remove user from org 2024-11-03 17:28:12 -05:00			`import { Request, Response, NextFunction } from "express";`
			`import { db } from "@server/db";`
			`import { userOrgs } from "@server/db/schema";`
			`import { and, eq } from "drizzle-orm";`
			`import createHttpError from "http-errors";`
			`import HttpCode from "@server/types/HttpCode";`
Add verify middleware 2024-10-03 22:31:20 -04:00
rename super user to admin and middleware refactoring 2024-11-05 22:38:57 -05:00			`export async function verifyOrgAccess(`
ability to remove user from org 2024-11-03 17:28:12 -05:00			`req: Request,`
			`res: Response,`
			`next: NextFunction`
			`) {`
rename super user to admin and middleware refactoring 2024-11-05 22:38:57 -05:00			`const userId = req.user!.userId;`
Move to string ordId 2024-10-14 15:11:18 -04:00			`const orgId = req.params.orgId;`
Add verify middleware 2024-10-03 22:31:20 -04:00
Format files and fix http response 2024-10-06 18:05:20 -04:00			`if (!userId) {`
ability to remove user from org 2024-11-03 17:28:12 -05:00			`return next(`
			`createHttpError(HttpCode.UNAUTHORIZED, "User not authenticated")`
			`);`
Format files and fix http response 2024-10-06 18:05:20 -04:00			`}`
Add verify middleware 2024-10-03 22:31:20 -04:00
Move to string ordId 2024-10-14 15:11:18 -04:00			`if (!orgId) {`
ability to remove user from org 2024-11-03 17:28:12 -05:00			`return next(`
			`createHttpError(HttpCode.BAD_REQUEST, "Invalid organization ID")`
			`);`
Format files and fix http response 2024-10-06 18:05:20 -04:00			`}`
Add verify middleware 2024-10-03 22:31:20 -04:00
rename super user to admin and middleware refactoring 2024-11-05 22:38:57 -05:00			`try {`
more user role stuff 2024-11-09 23:59:19 -05:00			`if (!req.userOrg) {`
rename super user to admin and middleware refactoring 2024-11-05 22:38:57 -05:00			`const userOrgRes = await db`
			`.select()`
			`.from(userOrgs)`
			`.where(`
			`and(eq(userOrgs.userId, userId), eq(userOrgs.orgId, orgId))`
ability to remove user from org 2024-11-03 17:28:12 -05:00			`);`
more user role stuff 2024-11-09 23:59:19 -05:00			`req.userOrg = userOrgRes[0];`
rename super user to admin and middleware refactoring 2024-11-05 22:38:57 -05:00			`}`

more user role stuff 2024-11-09 23:59:19 -05:00			`if (!req.userOrg) {`
ability to remove user from org 2024-11-03 17:28:12 -05:00			`next(`
			`createHttpError(`
rename super user to admin and middleware refactoring 2024-11-05 22:38:57 -05:00			`HttpCode.FORBIDDEN,`
			`"User does not have access to this organization"`
ability to remove user from org 2024-11-03 17:28:12 -05:00			`)`
			`);`
rename super user to admin and middleware refactoring 2024-11-05 22:38:57 -05:00			`} else {`
			`// User has access, attach the user's role to the request for potential future use`
more user role stuff 2024-11-09 23:59:19 -05:00			`req.userOrgRoleId = req.userOrg.roleId;`
rename super user to admin and middleware refactoring 2024-11-05 22:38:57 -05:00			`req.userOrgId = orgId;`
			`return next();`
			`}`
			`} catch (e) {`
			`return next(`
			`createHttpError(`
			`HttpCode.INTERNAL_SERVER_ERROR,`
			`"Error verifying organization access"`
			`)`
			`);`
			`}`
add shad 2024-10-06 09:55:45 -04:00			`}`