now clients can call for multiple scopes. 'global' and 'special' shou…

…ld be included if needed
Wassim-Rached · Oct 23, 2024 · 5af7472 · 5af7472
1 parent d67e7fc
commit 5af7472
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 34 deletions.
diff --git a/src/authorities.ts b/src/authorities.ts
@@ -13,50 +13,41 @@ export const AUTHORITIES = {
 // handles getting account authorities from the cache or the database
 // and also appends global authorities to the account authorities
 // usually will be used when wanting to get the account authorities
-export async function getAccountAuthorities(
+export async function getAccountAuthoritiesForScope(
   accountId: string,
   scope: string,
   forceDbQuery = false
 ): Promise<string[]> {
   let authorities: string[] = [];
 
-  // handle scope authorities
-  let currentScopeAuthorities: string[] = [];
-
   if (!forceDbQuery) {
-    currentScopeAuthorities =
-      getAccountAuthoritiesCacheForScope(accountId, scope) || [];
+    authorities = getAccountAuthoritiesCacheForScope(accountId, scope) || [];
   }
 
-  if (forceDbQuery || currentScopeAuthorities.length === 0) {
+  if (forceDbQuery || authorities.length === 0) {
     // query from db
-    currentScopeAuthorities =
-      (await queryAccountAuthoritiesById(accountId, scope)) || [];
-    setAccountAuthoritiesCacheForScope(
-      accountId,
-      scope,
-      currentScopeAuthorities
-    );
+    authorities = (await queryAccountAuthoritiesById(accountId, scope)) || [];
+    setAccountAuthoritiesCacheForScope(accountId, scope, authorities);
   }
 
-  authorities = currentScopeAuthorities;
-
-  // handle global authorities
-  let globalAuthorities: string[] = [];
+  return authorities;
+}
 
-  if (!forceDbQuery) {
-    globalAuthorities =
-      getAccountAuthoritiesCacheForScope(accountId, "global") || [];
-  }
+export async function getAccountAuthorities(
+  accountId: string,
+  scopes: string[],
+  forceDbQuery = false
+): Promise<string[]> {
+  let authorities: string[] = [];
 
-  if (forceDbQuery || globalAuthorities.length === 0) {
-    globalAuthorities =
-      (await queryAccountAuthoritiesById(accountId, "global")) || [];
-    setAccountAuthoritiesCacheForScope(accountId, "global", globalAuthorities);
+  for (const scope of scopes) {
+    const currentScopeAuthorities = await getAccountAuthoritiesForScope(
+      accountId,
+      scope,
+      forceDbQuery
+    );
+    authorities = [...authorities, ...currentScopeAuthorities];
   }
 
-  // final result
-  authorities = [...authorities, ...globalAuthorities];
-
   return authorities;
 }
diff --git a/src/middlewares.ts b/src/middlewares.ts
@@ -3,7 +3,10 @@ import { Request, Response, NextFunction } from "express";
 import config from "./config";
 import { verifyToken } from "./utils/jwtUtils";
 import { queryAccountAuthoritiesById } from "./helpers/dbQueries";
-import { getAccountAuthorities } from "./authorities";
+import {
+  getAccountAuthorities,
+  getAccountAuthoritiesForScope,
+} from "./authorities";
 import { JwtPayload } from "jsonwebtoken";
 
 // Timeout middleware
@@ -79,7 +82,7 @@ export const extractAuthorities =
         return next();
       }
       const accountId: string = res.locals.decodedJwt.sub as string;
-      res.locals.authorities = await getAccountAuthorities(
+      res.locals.authorities = await getAccountAuthoritiesForScope(
         accountId,
         "cas",
         forceDbQuery

diff --git a/src/routers.ts b/src/routers.ts
@@ -16,7 +16,11 @@ import {
 } from "./middlewares";
 import { HealthCheckResponse } from "./types";
 import configuration from "./config";
-import { AUTHORITIES, getAccountAuthorities } from "./authorities";
+import {
+  AUTHORITIES,
+  getAccountAuthorities,
+  getAccountAuthoritiesForScope,
+} from "./authorities";
 import config from "./config";
 
 export function handleRoutes(app: Express) {
@@ -119,10 +123,21 @@ export function handleRoutes(app: Express) {
     async (req: Request, res: Response) => {
       const { accountId } = res.locals;
 
-      const scope = req.query.scope as string;
+      let scope = req.query.scope as string | string[] | undefined;
+
+      if (!scope) {
+        scope = "global";
+      }
 
-      const authorities = await getAccountAuthorities(accountId, scope);
+      let authorities: string[];
 
+      // it accually the same but one uses a loop and the other doesn't
+      // but why not make simple things complex
+      if (Array.isArray(scope)) {
+        authorities = await getAccountAuthorities(accountId, scope);
+      } else {
+        authorities = await getAccountAuthoritiesForScope(accountId, scope);
+      }
       res.json({ authorities });
     }
   );