angular security course

Author: Your Name

package-lock.json

@@ -0,0 +1,23 @@
+
+import {Request, Response, NextFunction} from 'express';
+import * as _ from 'lodash';
+
+export function checkIfAuthorized(
+    allowedRoles: string[],
+    req: Request,
+    res: Response,
+    next: NextFunction) {
+
+
+    const userInfo = req['user'];
+
+    const roles = _.intersection(userInfo.roles, allowedRoles);
+
+    if (roles.length > 0) {
+        next();
+    }
+    else {
+        res.sendStatus(403);
+    }
+
+}

server/authorization.middleware.ts

@@ -0,0 +1,13 @@
+
+
+
+export function loginAsUser(req, res) {
+
+    res.status(200).json({
+        id:1,
+        email:"temp@gmail.com",
+        roles:['STUDENT']
+    });
+
+
+}

server/login-as-user.route.ts

@@ -23,7 +23,9 @@ const SESSION_DURATION = 1000;
 
 
 export async function createSessionToken(user: DbUser) {
-    return signJwt({},
+    return signJwt({
+            roles: user.roles
+        },
         RSA_PRIVATE_KEY, {
         algorithm: 'RS256',
         expiresIn: 7200,

server/security.utils.ts

@@ -12,7 +12,9 @@ import {login} from "./login.route";
 import {retrieveUserIdFromRequest} from "./get-user.middleware";
 import {checkIfAuthenticated} from "./authentication.middleware";
 import {checkCsrfToken} from "./csrf.middleware";
-
+import {checkIfAuthorized} from "./authorization.middleware";
+import * as _ from 'lodash';
+import {loginAsUser} from "./login-as-user.route";
 const bodyParser = require('body-parser');
 const cookieParser = require('cookie-parser');
 
@@ -34,7 +36,14 @@ const options = commandLineArgs(optionDefinitions);
 
 // REST API
 app.route('/api/lessons')
-    .get(checkIfAuthenticated, readAllLessons);
+    .get(checkIfAuthenticated,
+        _.partial(checkIfAuthorized,['STUDENT']),
+        readAllLessons);
+
+app.route('/api/admin')
+    .post(checkIfAuthenticated,
+        _.partial(checkIfAuthorized,['ADMIN']),
+        loginAsUser);
 
 app.route('/api/signup')
     .post(createUser);