17th-Ranger-Battalion-ORG/milsim-site-v4
8
1
Fork 0
Code Issues 21 Pull Requests Actions 3 Packages Projects Releases 8 Wiki Activity

API-Security #87

Merged
Ajdj100 merged 5 commits from API-Security into main 2025-12-14 11:18:07 -06:00
Conversation 0 Commits 5 Files Changed 14 +21 -16
8 changed files with 21 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit af984cddbd - Show all commits

2
api/src/middleware/auth.ts
View File

@@ -1,5 +1,5 @@
import { MemberState } from "@app/shared/types/member";
import { NextFunction, Request, Response } from "express"; import { NextFunction, Request, Response } from "express";
import { MemberState } from "../services/memberService";
import { stat } from "fs"; import { stat } from "fs";
export const requireLogin = function (req: Request, res: Response, next: NextFunction) { export const requireLogin = function (req: Request, res: Response, next: NextFunction) {

3
api/src/routes/auth.ts
View File

@@ -10,7 +10,8 @@ import { Role } from '@app/shared/types/roles';
import pool from '../db'; import pool from '../db';
import { requireLogin } from '../middleware/auth'; import { requireLogin } from '../middleware/auth';
import { getUserRoles } from '../services/rolesService'; import { getUserRoles } from '../services/rolesService';
import { getUserState, MemberState } from '../services/memberService'; import { getUserState } from '../services/memberService';
import { MemberState } from '@app/shared/types/member';
const querystring = require('querystring'); const querystring = require('querystring');

2
api/src/routes/calendar.ts
View File

@@ -2,7 +2,7 @@ import { Request, Response } from "express";
import { createEvent, getEventAttendance, getEventDetails, getShortEventsInRange, setAttendanceStatus, setEventCancelled, updateEvent } from "../services/calendarService"; import { createEvent, getEventAttendance, getEventDetails, getShortEventsInRange, setAttendanceStatus, setEventCancelled, updateEvent } from "../services/calendarService";
import { CalendarAttendance, CalendarEvent } from "@app/shared/types/calendar"; import { CalendarAttendance, CalendarEvent } from "@app/shared/types/calendar";
import { requireLogin, requireMemberState, requireRole } from "../middleware/auth"; import { requireLogin, requireMemberState, requireRole } from "../middleware/auth";
import { MemberState } from "../services/memberService"; import { MemberState } from "@app/shared/types/member";
const express = require('express'); const express = require('express');
const r = express.Router(); const r = express.Router();

2
api/src/routes/course.ts
View File

@@ -2,7 +2,7 @@ import { CourseAttendee, CourseEventDetails } from "@app/shared/types/course";
import { getAllCourses, getCourseEventAttendees, getCourseEventDetails, getCourseEventRoles, getCourseEvents, insertCourseEvent } from "../services/CourseSerivce"; import { getAllCourses, getCourseEventAttendees, getCourseEventDetails, getCourseEventRoles, getCourseEvents, insertCourseEvent } from "../services/CourseSerivce";
import { Request, Response, Router } from "express"; import { Request, Response, Router } from "express";
import { requireLogin, requireMemberState } from "../middleware/auth"; import { requireLogin, requireMemberState } from "../middleware/auth";
import { MemberState } from "../services/memberService"; import { MemberState } from "@app/shared/types/member";
const courseRouter = Router(); const courseRouter = Router();
const eventRouter = Router(); const eventRouter = Router();

2
api/src/routes/members.ts
View File

@@ -7,7 +7,7 @@ import { requireLogin, requireMemberState, requireRole } from '../middleware/aut
import { getUserActiveLOA } from '../services/loaService'; import { getUserActiveLOA } from '../services/loaService';
import { getMemberSettings, getMembersFull, getMembersLite, getUserData, setUserSettings } from '../services/memberService'; import { getMemberSettings, getMembersFull, getMembersLite, getUserData, setUserSettings } from '../services/memberService';
import { getUserRoles } from '../services/rolesService'; import { getUserRoles } from '../services/rolesService';
import { MemberState } from '@app/shared/types/member'; import { memberSettings, MemberState } from '@app/shared/types/member';
router.use(requireLogin); router.use(requireLogin);

10
api/src/routes/ranks.js → api/src/routes/ranks.ts
View File

@@ -1,9 +1,11 @@
const express = require('express'); import { MemberState } from "@app/shared/types/member";
import { requireLogin, requireMemberState, requireRole } from "../middleware/auth";
import { getAllRanks, insertMemberRank } from "../services/rankService";
import express = require('express');
const r = express.Router(); const r = express.Router();
const ur = express.Router(); const ur = express.Router();
const { getAllRanks, insertMemberRank } = require('../services/rankService');
const { requireLogin, requireMemberState, requireRole } = require('../middleware/auth');
const { MemberState } = require('../services/memberService');
r.use(requireLogin) r.use(requireLogin)
ur.use(requireLogin) ur.use(requireLogin)

12
api/src/routes/roles.js → api/src/routes/roles.ts
View File

@@ -2,16 +2,16 @@ const express = require('express');
const r = express.Router(); const r = express.Router();
const ur = express.Router(); const ur = express.Router();
import { MemberState } from '@app/shared/types/member';
import pool from '../db'; import pool from '../db';
import { requireLogin, requireMemberState, requireRole } from '../middleware/auth'; import { requireLogin, requireMemberState, requireRole } from '../middleware/auth';
import { MemberState } from '../services/memberService';
import { assignUserGroup, createGroup } from '../services/rolesService'; import { assignUserGroup, createGroup } from '../services/rolesService';
r.use(requireLogin) r.use(requireLogin)
ur.use(requireLogin) ur.use(requireLogin)
//manually assign a member to a group //manually assign a member to a group
ur.post('/', [requireMemberState(MemberState.member), requireRole("17th Administrator")], async (req, res) => { ur.post('/', [requireMemberState(MemberState.Member), requireRole("17th Administrator")], async (req, res) => {
try { try {
const body = req.body; const body = req.body;
@@ -25,7 +25,7 @@ ur.post('/', [requireMemberState(MemberState.member), requireRole("17th Administ
}); });
//manually remove member from group //manually remove member from group
ur.delete('/', [requireMemberState(MemberState.member), requireRole("17th Administrator")], async (req, res) => { ur.delete('/', [requireMemberState(MemberState.Member), requireRole("17th Administrator")], async (req, res) => {
try { try {
const body = req.body; const body = req.body;
console.log(body); console.log(body);
@@ -43,7 +43,7 @@ ur.delete('/', [requireMemberState(MemberState.member), requireRole("17th Admini
}) })
//get all roles //get all roles
r.get('/', [requireMemberState(MemberState.member)], async (req, res) => { r.get('/', [requireMemberState(MemberState.Member)], async (req, res) => {
try { try {
const con = await pool.getConnection(); const con = await pool.getConnection();
@@ -82,7 +82,7 @@ r.get('/', [requireMemberState(MemberState.member)], async (req, res) => {
}); });
//create a new role //create a new role
r.post('/', [requireMemberState(MemberState.member), requireRole("17th Administrator")], async (req, res) => { r.post('/', [requireMemberState(MemberState.Member), requireRole("17th Administrator")], async (req, res) => {
try { try {
const { name, color, description } = req.body; const { name, color, description } = req.body;
console.log('Creating role:', { name, color, description }); console.log('Creating role:', { name, color, description });
@@ -104,7 +104,7 @@ r.post('/', [requireMemberState(MemberState.member), requireRole("17th Administr
} }
}) })
r.delete('/:id', [requireMemberState(MemberState.member), requireRole("17th Administrator")], async (req, res) => { r.delete('/:id', [requireMemberState(MemberState.Member), requireRole("17th Administrator")], async (req, res) => {
try { try {
const id = req.params.id; const id = req.params.id;

2
ui/src/api/loa.ts
View File

@@ -43,6 +43,7 @@ export async function getMyLOA(): Promise<LOARequest | null> {
headers: { headers: {
"Content-Type": "application/json", "Content-Type": "application/json",
}, },
credentials: 'include',
}); });
@@ -63,6 +64,7 @@ export function getAllLOAs(): Promise<LOARequest[]> {
headers: { headers: {
"Content-Type": "application/json", "Content-Type": "application/json",
}, },
credentials: 'include',
}).then((res) => { }).then((res) => {
if (res.ok) { if (res.ok) {
return res.json(); return res.json();