feat(api): ✨ Add permissions to every route and permission config

2026-03-13 05:49:16 +01:00 · 2024-06-07 18:57:29 -10:00 · 2024-06-07 18:57:29 -10:00 · 4902f078a8
commit 4902f078a8
parent 19823d8eca
79 changed files with 729 additions and 251 deletions
--- a/packages/config-manager/config.type.ts
+++ b/packages/config-manager/config.type.ts
@ -1,5 +1,6 @@
 import { types as mimeTypes } from "mime-types";
 import { z } from "zod";
+import { ADMIN_ROLES, DEFAULT_ROLES, RolePermissions } from "~/drizzle/schema";

 export enum MediaBackendType {
    LOCAL = "local",
@ -480,6 +481,21 @@ export const configValidator = z.object({
            logo: undefined,
            banner: undefined,
        }),
+    permissions: z
+        .object({
+            anonymous: z
+                .array(z.nativeEnum(RolePermissions))
+                .default(DEFAULT_ROLES),
+            default: z
+                .array(z.nativeEnum(RolePermissions))
+                .default(DEFAULT_ROLES),
+            admin: z.array(z.nativeEnum(RolePermissions)).default(ADMIN_ROLES),
+        })
+        .default({
+            anonymous: DEFAULT_ROLES,
+            default: DEFAULT_ROLES,
+            admin: ADMIN_ROLES,
+        }),
    filters: z.object({
        note_content: z.array(z.string()).default([]),
        emoji: z.array(z.string()).default([]),
--- a/packages/database-interface/role.ts
+++ b/packages/database-interface/role.ts
@ -52,7 +52,7 @@ export class Role {
        orderBy: SQL<unknown> | undefined = desc(Roles.id),
        limit?: number,
        offset?: number,
-        extra?: Parameters<typeof db.query.Users.findMany>[0],
+        extra?: Parameters<typeof db.query.Roles.findMany>[0],
    ) {
        const found = await db.query.Roles.findMany({
            where: sql,
--- a/packages/database-interface/user.ts
+++ b/packages/database-interface/user.ts
@ -35,6 +35,7 @@ import {
    EmojiToUser,
    NoteToMentions,
    Notes,
+    type RolePermissions,
    UserToPinnedNotes,
    Users,
 } from "~/drizzle/schema";
@ -117,6 +118,25 @@ export class User {
        return uri || new URL(`/users/${id}`, baseUrl).toString();
    }

+    public hasPermission(permission: RolePermissions) {
+        return this.getAllPermissions().includes(permission);
+    }
+
+    public getAllPermissions() {
+        return (
+            this.user.roles
+                .flatMap((role) => role.permissions)
+                // Add default permissions
+                .concat(config.permissions.default)
+                // If admin, add admin permissions
+                .concat(this.user.isAdmin ? config.permissions.admin : [])
+                .reduce((acc, permission) => {
+                    if (!acc.includes(permission)) acc.push(permission);
+                    return acc;
+                }, [] as RolePermissions[])
+        );
+    }
+
    static async getCount() {
        return (
            await db