From 79d29129adca106b6e79ba69480f58918ea8649f Mon Sep 17 00:00:00 2001
From: Jomariel Gaitera <gaiterajomariel@gmail.com>
Date: Thu, 5 Sep 2024 20:30:20 +0800
Subject: [PATCH] feat(api): add grant all api access

---
 src/modules/auth/authService.ts | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/modules/auth/authService.ts b/src/modules/auth/authService.ts
index 78f22b8..b223e38 100644
--- a/src/modules/auth/authService.ts
+++ b/src/modules/auth/authService.ts
@@ -1,11 +1,12 @@
 import { Prisma, PrismaClient } from '@prisma/client';
-import { Unauthorized } from 'http-errors';
+import { Unauthorized, Forbidden } from 'http-errors';
 import { FromSchema } from 'json-schema-to-ts';
 import { generate } from 'randomstring';
 import { CacheService } from '../cache/cacheService';
 import { authApiKeyCreateSchema, authApiKeySchema } from './authSchema';
 
 export const permissions = [
+  'auth.grantall',
   'files.read',
   'files.write',
   'files.delete',
@@ -18,6 +19,8 @@ export const permissions = [
   'testimonials.delete',
 ] as const;
 
+const grantAll = permissions[0];
+
 export type Permission = (typeof permissions)[number];
 
 type AuthApiKey = FromSchema<typeof authApiKeySchema>;
@@ -37,6 +40,13 @@ export class AuthService {
     });
     if (existingKey) return await this.createAuthApiKey(payload);
 
+    // grant all access should have expiration
+    if (payload.permissions.includes(grantAll)) {
+      if (payload.expires === undefined) {
+        throw new Forbidden('Grant all access should have an expiration');
+      }
+    }
+
     const authApiKey = await this.prismaClient.authApiKey.create({
       data: {
         key,
@@ -104,6 +114,8 @@ export class AuthService {
       }
     }
 
+    if (info.permissions.includes(grantAll)) return;
+
     for (const permission of permissions) {
       if (!info.permissions.includes(permission)) {
         throw new Unauthorized(`No permission for ${permission}`);