Skip to content

Commit

Permalink
update JWT checks for new topic schema
Browse files Browse the repository at this point in the history
  • Loading branch information
mwfarb committed Aug 12, 2024
1 parent a77605f commit 0fa3c2a
Showing 1 changed file with 6 additions and 5 deletions.
11 changes: 6 additions & 5 deletions express_server.js
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
const config = require('./config.json');
const MQTTPattern = require('mqtt-pattern');
const jose = require('jose');

Expand Down Expand Up @@ -92,15 +93,15 @@ exports.runExpress = async ({
});
checkJWTSubs = (req, res, next) => {
const {sceneId, namespace} = req.params;
const topic = `realm/s/${namespace}/${sceneId}`;
const topic = `${config.mqtt.topic_realm}/s/${namespace}/${sceneId}/o/+`;
if (!matchJWT(topic, req.jwtPayload.subs)) {
return tokenSubError(res);
}
next();
};
checkJWTPubs = (req, res, next) => {
const {sceneId, namespace} = req.params;
const topic = `realm/s/${namespace}/${sceneId}`;
const topic = `${config.mqtt.topic_realm}/s/${namespace}/${sceneId}/o/+`;
if (!matchJWT(topic, req.jwtPayload.publ)) {
return tokenPubError(res);
}
Expand All @@ -111,7 +112,7 @@ exports.runExpress = async ({
app.use(express.json());

app.get('/persist/!allscenes', (req, res) => {
if (jwk && !req.jwtPayload.subs.includes('realm/s/#')) { // Must have sub-all rights
if (jwk && !matchJWT(`${config.mqtt.topic_realm}/s/+/+/o/+`, req.jwtPayload.subs)) { // Must have sub-all rights
return tokenSubError(res);
}
ArenaObject.aggregate([
Expand All @@ -137,7 +138,7 @@ exports.runExpress = async ({

app.get('/persist/:namespace/!allscenes', (req, res) => {
const {namespace} = req.params;
if (jwk && !matchJWT(`realm/s/${namespace}/#`, req.jwtPayload.subs)) { // Must have sub-all public rights
if (jwk && !matchJWT(`${config.mqtt.topic_realm}/s/${namespace}/+/o/+`, req.jwtPayload.subs)) { // Must have sub-all public rights
return tokenSubError(res);
}
ArenaObject.aggregate([
Expand Down Expand Up @@ -181,7 +182,7 @@ exports.runExpress = async ({
res.status(400);
return res.json('No namespace or sceneId specified');
}
if (!matchJWT(`realm/s/${sourceNamespace}/${sourceSceneId}`,
if (!matchJWT(`realm/s/${sourceNamespace}/${sourceSceneId}/o`,
req.jwtPayload.subs)) {
return tokenSubError(res);
}
Expand Down

0 comments on commit 0fa3c2a

Please sign in to comment.