yogiedigital/cod-api
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'fixing verify access' (#36) from wisdom into main

Browse Source 
Reviewed-on: #36
This commit is contained in:
Bragas Rexita Ecos Fernanda
2026-01-08 05:38:22 +00:00
parent d9975b832b 4d2c18edfb
commit ef491995f9
3 changed files with 26 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
middleware/verifyAccess.js
View File

@@ -1,6 +1,10 @@
const { ErrorHandler } = require("../helpers/error");
const { getUserByIdDb } = require("../db/user.db");
function isPhoneNumberID(phone) {
return /^(?:\+62|62|0)8[1-9][0-9]{6,10}$/.test(phone);
}
const verifyAccess = (minLevel = 1, allowUnapprovedReadOnly = false) => {
return async (req, res, next) => {
try {
@@ -11,21 +15,30 @@ const verifyAccess = (minLevel = 1, allowUnapprovedReadOnly = false) => {
// Super Admin bypass semua
if (user.is_sa) return next();
const fullUser = await getUserByIdDb(user.user_id);
if (!fullUser) throw new ErrorHandler(403, "Forbidden: User not found");
if (!isPhoneNumberID(user.user_id)) {
const fullUser = await getUserByIdDb(user.user_id);
if (!fullUser) throw new ErrorHandler(403, "Forbidden: User not found");
if (!fullUser.is_approve) {
if (req.method !== "GET") {
throw new ErrorHandler(403, "Account not approved — read-only access");
if (!fullUser.is_approve) {
if (req.method !== "GET") {
throw new ErrorHandler(403, "Account not approved — read-only access");
}
if (allowUnapprovedReadOnly) return next();
throw new ErrorHandler(403, "Account not approved");
}
if (allowUnapprovedReadOnly) return next();
if (!fullUser.role_level || fullUser.role_level < minLevel) {
throw new ErrorHandler(403, "Forbidden: Insufficient role level");
}
} else {
if (req.method !== 'GET' && req.baseUrl !== '/api/notification-log') {
if (req.baseUrl !== '/api/notification') {
throw new ErrorHandler(403, "Forbidden: Insufficient Access");
}
}
throw new ErrorHandler(403, "Account not approved");
}
if (!fullUser.role_level || fullUser.role_level < minLevel) {
throw new ErrorHandler(403, "Forbidden: Insufficient role level");
}
next();

2
routes/notification_error.route.js
View File

@@ -26,7 +26,7 @@ router
.get(verifyToken.verifyAccessToken, NotificationErrorController.getById)
.put(
verifyToken.verifyAccessToken,
// verifyAccess(),
verifyAccess(),
NotificationErrorController.update
);

2
routes/notification_error_log.route.js
View File

@@ -9,7 +9,7 @@ router.route("/")
.get(verifyToken.verifyAccessToken, NotificationErrorLogController.getAll)
.post(
verifyToken.verifyAccessToken,
// verifyAccess(),
verifyAccess(),
NotificationErrorLogController.create);
router.route("/:id")