shishantbiswas/bknd
1
0
Fork 0
mirror of https://github.com/shishantbiswas/bknd.git synced 2026-03-16 12:37:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

reworked authentication and permission handling

Browse Source
This commit is contained in:
dswbx
2025-01-11 15:27:58 +01:00
parent 5823c2d245
commit bd4bc14282
20 changed files with 190 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/src/modules/Controller.ts
View File

@@ -2,11 +2,13 @@ import { auth, permission } from "auth/middlewares";
import { Hono } from "hono";
import type { ServerEnv } from "modules/Module";
const middlewares = {
auth,
permission
} as const;
export class Controller {
protected middlewares = {
auth,
permission
};
protected middlewares = middlewares;
protected create(): Hono<ServerEnv> {
return Controller.createServer();

2
app/src/modules/Module.ts
View File

@@ -14,6 +14,8 @@ export type ServerEnv = {
auth_resolved: boolean;
// to only register once
auth_registered: boolean;
// whether or not to bypass auth
auth_skip: boolean;
html?: string;
};
};

54
app/src/modules/server/AdminController.tsx
View File

@@ -47,7 +47,13 @@ export class AdminController extends Controller {
}
override getController() {
const hono = this.create().basePath(this.withBasePath());
const { auth: authMiddleware, permission } = this.middlewares;
const hono = this.create().use(
authMiddleware({
skip: [/favicon\.ico$/]
})
);
const auth = this.app.module.auth;
const configs = this.app.modules.configs();
// if auth is not enabled, authenticator is undefined
@@ -78,16 +84,17 @@ export class AdminController extends Controller {
});
if (auth_enabled) {
hono.get(authRoutes.login, async (c) => {
if (
this.app.module.auth.authenticator?.isUserLoggedIn() &&
this.ctx.guard.granted(SystemPermissions.accessAdmin)
) {
return c.redirect(authRoutes.success);
hono.get(
authRoutes.login,
permission([SystemPermissions.accessAdmin, SystemPermissions.schemaRead], {
onGranted: async (c) => {
return c.redirect(authRoutes.success);
}
}),
async (c) => {
return c.html(c.get("html")!);
}
return c.html(c.get("html")!);
});
);
hono.get(authRoutes.logout, async (c) => {
await auth.authenticator?.logout(c);
@@ -95,14 +102,25 @@ export class AdminController extends Controller {
});
}
hono.get("*", async (c) => {
if (!this.ctx.guard.granted(SystemPermissions.accessAdmin)) {
await addFlashMessage(c, "You are not authorized to access the Admin UI", "error");
return c.redirect(authRoutes.login);
}
hono.get(
"/*",
permission(SystemPermissions.accessAdmin, {
onDenied: async (c) => {
addFlashMessage(c, "You are not authorized to access the Admin UI", "error");
return c.html(c.get("html")!);
});
console.log("redirecting");
return c.redirect(authRoutes.login);
}
}),
permission(SystemPermissions.schemaRead, {
onDenied: async (c) => {
addFlashMessage(c, "You not allowed to read the schema", "warning");
}
}),
async (c) => {
return c.html(c.get("html")!);
}
);
return hono;
}
@@ -150,6 +168,7 @@ export class AdminController extends Controller {
}
const theme = configs.server.admin.color_scheme ?? "light";
const favicon = isProd ? this.options.assets_path + "favicon.ico" : "/favicon.ico";
return (
<Fragment>
@@ -162,6 +181,7 @@ export class AdminController extends Controller {
name="viewport"
content="width=device-width, initial-scale=1, maximum-scale=1"
/>
<link rel="icon" href={favicon} type="image/x-icon" />
<title>BKND</title>
{isProd ? (
<Fragment>

6
app/src/modules/server/SystemController.ts
View File

@@ -38,8 +38,8 @@ export class SystemController extends Controller {
}
private registerConfigController(client: Hono<any>): void {
const hono = this.create();
const { permission } = this.middlewares;
const hono = this.create();
hono.use(permission(SystemPermissions.configRead));
@@ -202,8 +202,8 @@ export class SystemController extends Controller {
}
override getController() {
const hono = this.create();
const { permission } = this.middlewares;
const { permission, auth } = this.middlewares;
const hono = this.create().use(auth());
this.registerConfigController(hono);