40 lines
1.4 KiB
TypeScript
40 lines
1.4 KiB
TypeScript
import { hasPermission, createGuestSession } from "../db";
|
|
import { getUser, setSessionCookie, getClientInfo } from "../auth";
|
|
import { config } from "../config";
|
|
|
|
type User = ReturnType<typeof getUser>;
|
|
|
|
// Helper to get or create guest session
|
|
export function getOrCreateUser(req: Request, server: any): { user: User, headers?: Headers } {
|
|
let user = getUser(req, server);
|
|
if (user) return { user };
|
|
|
|
if (config.allowGuests) {
|
|
const { userAgent, ipAddress } = getClientInfo(req, server);
|
|
const guest = createGuestSession(userAgent, ipAddress);
|
|
console.log(`[AUTH] Guest session created: user="${guest.user.username}" id=${guest.user.id} ip=${ipAddress}`);
|
|
const headers = new Headers();
|
|
headers.set("Set-Cookie", setSessionCookie(guest.token));
|
|
return { user: guest.user, headers };
|
|
}
|
|
|
|
return { user: null };
|
|
}
|
|
|
|
// Check if user has permission (including default permissions)
|
|
export function userHasPermission(user: User, resourceType: string, resourceId: string | null, permission: string): boolean {
|
|
if (!user) return false;
|
|
if (user.is_admin) return true;
|
|
|
|
// Guests can never control playback
|
|
if (user.is_guest && permission === "control") return false;
|
|
|
|
// Check default permissions from config
|
|
if (resourceType === "channel" && config.defaultPermissions?.includes(permission)) {
|
|
return true;
|
|
}
|
|
|
|
// Check user-specific permissions
|
|
return hasPermission(user.id, resourceType, resourceId, permission);
|
|
}
|