feat: Move ACL responsability to each Application Controller

v2/server/src/Apps/Account/Controller/index.js

@@ -7,8 +7,6 @@ function dummy_middleware( req, res ){
     return res.status(500).send({ error:"Not implemented yet" });
 }
 
-router.post('/register', dummy_middleware );
-
 router.post('/authorize', async( req, res ) => {
     try{
         const email = req.body.email;
@@ -121,4 +119,14 @@ router.patch('/recover', async(req,res) => {
     }
 } );
 
+/// Block access to the next list of endpoints if JWT is not valid
+router.use( async (req, res, next) => {
+    if( ! req.JWT?.isValid ){
+        return res.status(401).send({error:"Unauthorized",code:401});
+    }
+    return next();
+} );
+
+router.use('/register' , dummy_middleware );
+
 module.exports = router;

v2/server/src/Apps/PrivateResources/Controller/graphql/resolvers.js

@@ -6,17 +6,17 @@ const { Account, User, Company, getUserById, getCompanyById, findUsersPage, find
 //	Queries
 //////////////////////////////////////////////
 async function account( args, context ) {
-	const account = new Account( context.graphQLContext.userId );
+	const account = new Account( context.requestContext.userId );
 	return account;
 }
 
 async function profile( args, context ) {
-	const profile = new User( context.graphQLContext.userId );
+	const profile = new User( context.requestContext.userId );
 	return profile;
 }
 
 async function company( args, context ) {
-	const company = new Company( context.graphQLContext.companyId ); 
+	const company = new Company( context.requestContext.companyId ); 
 	return company;
 }
 

v2/server/src/Apps/PrivateResources/Controller/index.js

@@ -8,7 +8,7 @@ const schemaDescription = require('./graphql/schema.js');
 const schemaResolvers = require('./graphql/resolvers.js');
 
 router.get('/test', async (req, res) => {
-    console.log( req.graphQLContext );
+    console.log( req.requestContext );
     res.status(200).send({
         msg : "It is alive!"
     });
@@ -18,7 +18,7 @@ router.post( '/graphql',
     createHandler({
         schema: schemaDescription,
         rootValue : schemaResolvers,
-        context: async (req, params) => { return { graphQLContext : req.raw.graphQLContext }; },
+        context: async (req, params) => { return { requestContext : req.raw.requestContext }; },
         graphiql: true
     })
 );

v2/server/src/Controller/index.js

@@ -6,11 +6,11 @@ const middlewares = require('./middlewares');
 const account = require('../Apps/Account/Controller');
 const privateResources = require('../Apps/PrivateResources/Controller');
 
-app.use('/account', account);
-
+/// Populate context from JWT payload
 app.use( middlewares.jwtValidator );
 app.use( middlewares.contextGenerator );
 
+app.use('/account', account);
 app.use('/private', privateResources);
 
 module.exports = app;

v2/server/src/Controller/middlewares.js

@@ -23,21 +23,27 @@ function jwtValidator(req, res, next){
         }
         return next();
     }else{
-        return res.status(401).send({error:"Unauthorized",code:401});
+        /// If no JWT available, ignore and continue
+        return next();
+        // return res.status(401).send({error:"Unauthorized",code:401});
     }
 }
 
 async function contextGenerator( req, res, next ){
     if( ! req.JWT?.isValid ){
-        return res.status(401).send({error:"Unauthorized",code:401});
+        /// If no JWT available, ignore and continue
+        return next();
+        // return res.status(401).send({error:"Unauthorized",code:401});
     }
+
+    /// Process only if JWT is valid 
     const userId = req.JWT.payload.sub;
     const user = await Users.query().findById( userId ).select( "id", "company_id", "phone", "email", "name", "last_name", "job_role", "permissions", "createdAt", "is_active" );
     const companyId = user.company_id;
     const job_role = user.job_role;
     const permissions = user.permissions;
 
-    req.graphQLContext = {
+    req.requestContext = {
         userId,
         companyId,
         job_role,