async function authzCheck()

in api/v1/src/lib/auth.js [166:212]

• 45 lines of code
• 13 McCabe index (conditional complexity)

async function authzCheck(req, res, next) {
    if (isExcludedPath(req.path) === true) {
        return next();
    }

    const { uid, role } = res.locals;
    const consumerAccess = {
        'GET': [
            '/products',
            '/resources/configuration',
            '/resources/dashboard',
            '/resources/projects',
            '/accounts:activate',
            '/procurements:myProducts',
            '/procurements:myProducts?*'
        ],
        'POST': [
            '/accounts:activate',
            '/accounts:register',
            '/accounts:register?*',
            '/procurements:myProducts',
            '/procurements:myProducts?*'
        ]
    }

    if (role === 'admin') {
        console.debug(`Access granted for admin account '${uid}' authorization check for method '${req.method}' and path '${req.path}'`);
        return next();
    } else if (role === 'consumer') {
        if (req.method in consumerAccess) {
            const available = consumerAccess[req.method];
            const found = available.some(i => {
                if (i.endsWith('*')) {
                    return req.path.startsWith(i.slice(0, -1));
                } else {
                    return i === req.path
                }
            });
            if (found === true) {
                console.debug(`Access granted for consumer account '${uid}' authorization check for method '${req.method}' and path '${req.path}'`);
                return next();
            }
        }
    }
    console.warn(`Access denied for account '${uid}' authorization check for method '${req.method}' and path '${req.path}'`);
    return res.status(401).send({ message: 'Unauthorized' });
}