api Controller & token

src/middleware/authenticate.ts

@@ -29,6 +29,10 @@ export default async function authenticate(req: Request, res: Response, next: Fu
     throw new InternalException("process failed");
   }
 
+  if (decoded?.sub == "api_token_retrieve") {
+    throw new BadRequestException("This token is only authorized to get temporary access tokens via GET /api/webapi");
+  }
+
   req.userId = decoded.userId;
   req.username = decoded.username;
   req.isOwner = decoded.isOwner;

src/middleware/authenticateAPI.ts

@@ -0,0 +1,37 @@
+import { Request, Response } from "express";
+import jwt from "jsonwebtoken";
+import BadRequestException from "../exceptions/badRequestException";
+import UnauthorizedRequestException from "../exceptions/unauthorizedRequestException";
+import InternalException from "../exceptions/internalException";
+import { JWTHelper } from "../helpers/jwtHelper";
+
+export default async function authenticateAPI(req: Request, res: Response, next: Function) {
+  const bearer = req.headers.authorization?.split(" ")?.[1] ?? undefined;
+
+  if (!bearer) {
+    throw new BadRequestException("Provide valid Authorization Header");
+  }
+
+  let decoded: string | jwt.JwtPayload;
+  await JWTHelper.validate(bearer)
+    .then((result) => {
+      decoded = result;
+    })
+    .catch((err) => {
+      if (err == "jwt expired") {
+        throw new UnauthorizedRequestException("Token expired", err);
+      } else {
+        throw new BadRequestException("Failed Authorization Header decoding", err);
+      }
+    });
+
+  if (typeof decoded == "string" || !decoded) {
+    throw new InternalException("process failed");
+  }
+
+  if (decoded?.sub != "api_token_retrieve") {
+    throw new BadRequestException("This route can only be accessed via a api token");
+  }
+
+  next();
+}