Additional Security - sitechtimes/club-attendance-backend-v2 GitHub Wiki

Verification

The verify Authority function which can be found here is used to verify that the current user has the required Authority before the execution of the middleware within a route.

This Middleware checks for the user that matches the user ID that is provided. If the user's authority matches the required authority the middleware for the route will be executed otherwise a response of "User doesn't have permission to access this page" will be returned.

For club presidents, this function iterates through the the club data object for the user and sees if the user has the club within the PresidentOf property. If the user has the club within the PresidentOf property then the user will Club President access to the data for that club.

This should only be used for routes that need the verification

Below is how to configure this middleware for the necessary routes.

verifyAuthority([Authority])

Authority is an enum that has the following property admin, club_president. Set the authority to the authority that is needed

For admin paths

verifyAuthority([Authority.admin])

For club presidents path

verifyAuthority([Authority.club_president])

For both

verifyAuthority([Authority.admin, Authority.club_president])

Place this after the router's path, the '/path', for routes that require the use of multer place this verification after 'upload.array("image")'

For paths without multer:

router.patch(
  "/path",
  verifyAuthority([Authority]),
  middleware
);

For paths with multer

router.get(
  "/path",
  upload.array("image"),
  verifyAuthority([Authority]),
  middleware
);