feat(api): add grant all api access

jmrl23 · Sep 5, 2024 · 79d2912 · 79d2912
1 parent 11d545a
commit 79d2912
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/src/modules/auth/authService.ts b/src/modules/auth/authService.ts
@@ -1,11 +1,12 @@
 import { Prisma, PrismaClient } from '@prisma/client';
-import { Unauthorized } from 'http-errors';
+import { Unauthorized, Forbidden } from 'http-errors';
 import { FromSchema } from 'json-schema-to-ts';
 import { generate } from 'randomstring';
 import { CacheService } from '../cache/cacheService';
 import { authApiKeyCreateSchema, authApiKeySchema } from './authSchema';
 
 export const permissions = [
+  'auth.grantall',
   'files.read',
   'files.write',
   'files.delete',
@@ -18,6 +19,8 @@ export const permissions = [
   'testimonials.delete',
 ] as const;
 
+const grantAll = permissions[0];
+
 export type Permission = (typeof permissions)[number];
 
 type AuthApiKey = FromSchema<typeof authApiKeySchema>;
@@ -37,6 +40,13 @@ export class AuthService {
     });
     if (existingKey) return await this.createAuthApiKey(payload);
 
+    // grant all access should have expiration
+    if (payload.permissions.includes(grantAll)) {
+      if (payload.expires === undefined) {
+        throw new Forbidden('Grant all access should have an expiration');
+      }
+    }
+
     const authApiKey = await this.prismaClient.authApiKey.create({
       data: {
         key,
@@ -104,6 +114,8 @@ export class AuthService {
       }
     }
 
+    if (info.permissions.includes(grantAll)) return;
+
     for (const permission of permissions) {
       if (!info.permissions.includes(permission)) {
         throw new Unauthorized(`No permission for ${permission}`);