60 lines
1.3 KiB
TypeScript
60 lines
1.3 KiB
TypeScript
import { GraphQLError } from "graphql";
|
|
import type { User, UserRole } from "../types/user.js";
|
|
import { UserRole as UserRoleEnum } from "../types/user.js";
|
|
|
|
/**
|
|
* Authorization-Fehler
|
|
*/
|
|
export class AuthorizationError extends GraphQLError {
|
|
constructor(message: string) {
|
|
super(message, {
|
|
extensions: {
|
|
code: "UNAUTHORIZED",
|
|
},
|
|
});
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Prüft ob User authentifiziert ist
|
|
*/
|
|
export function requireAuth(user: User | null): User {
|
|
if (!user) {
|
|
throw new AuthorizationError("Authentifizierung erforderlich");
|
|
}
|
|
return user;
|
|
}
|
|
|
|
/**
|
|
* Prüft ob User eine bestimmte Rolle hat
|
|
*/
|
|
export function requireRole(
|
|
user: User | null,
|
|
requiredRoles: UserRole[]
|
|
): User {
|
|
const authenticatedUser = requireAuth(user);
|
|
|
|
if (!requiredRoles.includes(authenticatedUser.role)) {
|
|
throw new AuthorizationError(
|
|
`Zugriff verweigert. Erforderliche Rollen: ${requiredRoles.join(", ")}`
|
|
);
|
|
}
|
|
|
|
return authenticatedUser;
|
|
}
|
|
|
|
/**
|
|
* Prüft ob User Admin ist
|
|
*/
|
|
export function requireAdmin(user: User | null): User {
|
|
return requireRole(user, [UserRoleEnum.ADMIN]);
|
|
}
|
|
|
|
/**
|
|
* Prüft ob User Customer oder Admin ist
|
|
*/
|
|
export function requireCustomer(user: User | null): User {
|
|
return requireRole(user, [UserRoleEnum.CUSTOMER, UserRoleEnum.ADMIN]);
|
|
}
|
|
|