add rts routes

src/auth.ts

@@ -4,10 +4,14 @@ import { getToken } from "./tokens/token.service";
 import { Claim } from "./utils/claims";
 import { OAuth2Namespace } from "@fastify/oauth2";
 import { getSession } from "./auth/auth.service";
+import { roles, rules } from "./utils/roles";
 
 export type AuthenticatedUser = {
   sid?: string;
+  type: string;
   userId?: string;
+  orgId?: string;
+  role?: string;
   tenantId: string;
   claims: Array<Claim>;
 };
@@ -47,6 +51,7 @@ export async function authHandler(req: FastifyRequest, res: FastifyReply) {
     if (!valid) return res.code(401).send({ error: "invalid_token" });
 
     req.user = {
+      type: "token",
       tenantId: tokenInDb.tenantId,
       claims: tokenInDb.claims as Array<Claim>,
     };
@@ -60,14 +65,25 @@ export async function authHandler(req: FastifyRequest, res: FastifyReply) {
       return res.code(401).send({ error: "session_expired" });
     }
 
+    //@ts-ignore
+    if (!rules[sessionInDb.user.role]) {
+      return res.code(401).send({ error: "no role" });
+    }
+
     req.user = {
       sid: authHeader,
       //@ts-ignore
+      type: sessionInDb.user.type,
+      //@ts-ignore
       userId: sessionInDb.user.id,
       //@ts-ignore
       tenantId: sessionInDb.user.tenantId,
       //@ts-ignore
-      claims: sessionInDb.user.claims,
+      orgId: sessionInDb.user.orgId,
+      //@ts-ignore
+      role: sessionInDb.user.role,
+      //@ts-ignore
+      claims: rules[sessionInDb.user.role].claims,
     };
   }
 }
@@ -96,3 +112,46 @@ export async function authorize(req: FastifyRequest, res: FastifyReply) {
       .code(401)
       .send({ error: "Missing permissions", params: requiredClaims });
 }
+
+export function hideFields(resource: string) {
+  return async function (
+    req: FastifyRequest,
+    res: FastifyReply,
+    payload: string
+  ) {
+    if (![200, 201].includes(res.statusCode)) return payload;
+
+    const userRole = req.user.role;
+    if (!userRole) return payload;
+
+    const hiddenFields = rules[userRole].hiddenFields[resource];
+    const newRes = deleteFields(payload, hiddenFields);
+    return newRes;
+  };
+}
+
+function deleteFields(payload: string, hiddenFields: Array<string>) {
+  if (!payload) return;
+
+  const updatedPayload = JSON.parse(payload);
+
+  function recursiveDelete(obj: Object | Array<Object>) {
+    if (Array.isArray(obj)) {
+      for (const item of obj) {
+        recursiveDelete(item);
+      }
+    } else {
+      for (const key in obj) {
+        if (hiddenFields.includes(key)) {
+          delete obj[key];
+        } else if (typeof obj[key] == "object" || Array.isArray(obj[key])) {
+          recursiveDelete(obj[key]);
+        }
+      }
+    }
+  }
+
+  recursiveDelete(updatedPayload);
+
+  return JSON.stringify(updatedPayload);
+}