now clients can call for multiple scopes. 'global' and 'special' should be included if needed

Wassim-Rached · Wassim-Rached · commit 5af74721ba8f · 2024-10-23T21:27:10.000+01:00
diff --git a/src/authorities.ts b/src/authorities.ts
@@ -13,50 +13,41 @@ export const AUTHORITIES = {
 // handles getting account authorities from the cache or the database
 // and also appends global authorities to the account authorities
 // usually will be used when wanting to get the account authorities
-export async function getAccountAuthorities(
+export async function getAccountAuthoritiesForScope(
   accountId: string,
   scope: string,
   forceDbQuery = false
 ): Promise<string[]> {
   let authorities: string[] = [];
 
-  // handle scope authorities
-  let currentScopeAuthorities: string[] = [];
-
   if (!forceDbQuery) {
-    currentScopeAuthorities =
-      getAccountAuthoritiesCacheForScope(accountId, scope) || [];
+    authorities = getAccountAuthoritiesCacheForScope(accountId, scope) || [];
   }
 
-  if (forceDbQuery || currentScopeAuthorities.length === 0) {
+  if (forceDbQuery || authorities.length === 0) {
     // query from db
-    currentScopeAuthorities =
-      (await queryAccountAuthoritiesById(accountId, scope)) || [];
-    setAccountAuthoritiesCacheForScope(
-      accountId,
-      scope,
-      currentScopeAuthorities
-    );
+    authorities = (await queryAccountAuthoritiesById(accountId, scope)) || [];
+    setAccountAuthoritiesCacheForScope(accountId, scope, authorities);
   }
 
-  authorities = currentScopeAuthorities;
-
-  // handle global authorities
-  let globalAuthorities: string[] = [];
+  return authorities;
+}
 
-  if (!forceDbQuery) {
-    globalAuthorities =
-      getAccountAuthoritiesCacheForScope(accountId, "global") || [];
-  }
+export async function getAccountAuthorities(
+  accountId: string,
+  scopes: string[],
+  forceDbQuery = false
+): Promise<string[]> {
+  let authorities: string[] = [];
 
-  if (forceDbQuery || globalAuthorities.length === 0) {
-    globalAuthorities =
-      (await queryAccountAuthoritiesById(accountId, "global")) || [];
-    setAccountAuthoritiesCacheForScope(accountId, "global", globalAuthorities);
+  for (const scope of scopes) {
+    const currentScopeAuthorities = await getAccountAuthoritiesForScope(
+      accountId,
+      scope,
+      forceDbQuery
+    );
+    authorities = [...authorities, ...currentScopeAuthorities];
   }
 
-  // final result
-  authorities = [...authorities, ...globalAuthorities];
-
   return authorities;
 }
diff --git a/src/middlewares.ts b/src/middlewares.ts
@@ -3,7 +3,10 @@ import { Request, Response, NextFunction } from "express";
 import config from "./config";
 import { verifyToken } from "./utils/jwtUtils";
 import { queryAccountAuthoritiesById } from "./helpers/dbQueries";
-import { getAccountAuthorities } from "./authorities";
+import {
+  getAccountAuthorities,
+  getAccountAuthoritiesForScope,
+} from "./authorities";
 import { JwtPayload } from "jsonwebtoken";
 
 // Timeout middleware
@@ -79,7 +82,7 @@ export const extractAuthorities =
         return next();
       }
       const accountId: string = res.locals.decodedJwt.sub as string;
-      res.locals.authorities = await getAccountAuthorities(
+      res.locals.authorities = await getAccountAuthoritiesForScope(
         accountId,
         "cas",
         forceDbQuery
diff --git a/src/routers.ts b/src/routers.ts
@@ -16,7 +16,11 @@ import {
 } from "./middlewares";
 import { HealthCheckResponse } from "./types";
 import configuration from "./config";
-import { AUTHORITIES, getAccountAuthorities } from "./authorities";
+import {
+  AUTHORITIES,
+  getAccountAuthorities,
+  getAccountAuthoritiesForScope,
+} from "./authorities";
 import config from "./config";
 
 export function handleRoutes(app: Express) {
@@ -119,10 +123,21 @@ export function handleRoutes(app: Express) {
     async (req: Request, res: Response) => {
       const { accountId } = res.locals;
 
-      const scope = req.query.scope as string;
+      let scope = req.query.scope as string | string[] | undefined;
+
+      if (!scope) {
+        scope = "global";
+      }
 
-      const authorities = await getAccountAuthorities(accountId, scope);
+      let authorities: string[];
 
+      // it accually the same but one uses a loop and the other doesn't
+      // but why not make simple things complex
+      if (Array.isArray(scope)) {
+        authorities = await getAccountAuthorities(accountId, scope);
+      } else {
+        authorities = await getAccountAuthoritiesForScope(accountId, scope);
+      }
       res.json({ authorities });
     }
   );
