DK404/CentralBackend
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement user status check to block suspended accounts in authMiddleware and LoginService

Browse Source
This commit is contained in:
seaznCode 2026-01-30 15:33:37 +01:00
parent 1491f0fc0e
commit ec5bdad867
2 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
middleware/authMiddleware.js
View File

@ -1,7 +1,9 @@
const jwt = require('jsonwebtoken'); const jwt = require('jsonwebtoken');
const { logger } = require('./logger'); const { logger } = require('./logger');
const UnitOfWork = require('../database/UnitOfWork');
const UserStatusRepository = require('../repositories/status/UserStatusRepository');
function authMiddleware(req, res, next) { async function authMiddleware(req, res, next) {
const authHeader = req.headers.authorization; const authHeader = req.headers.authorization;
if (!authHeader || !authHeader.startsWith('Bearer ')) { if (!authHeader || !authHeader.startsWith('Bearer ')) {
logger.warn('authMiddleware:missingToken', { logger.warn('authMiddleware:missingToken', {
@ -50,6 +52,31 @@ function authMiddleware(req, res, next) {
user_type: payload.user_type ?? payload.userType user_type: payload.user_type ?? payload.userType
}; };
// Block suspended users
try {
const unitOfWork = new UnitOfWork();
await unitOfWork.start();
unitOfWork.registerRepository('status', new UserStatusRepository(unitOfWork));
const statusRepo = unitOfWork.getRepository('status');
const userStatus = await statusRepo.getStatusByUserId(normalizedUserId);
await unitOfWork.commit();
if (userStatus && userStatus.status === 'suspended') {
logger.warn('authMiddleware:user_suspended', {
userId: normalizedUserId,
route: req.originalUrl
});
return res.status(403).json({ success: false, message: 'Account suspended' });
}
} catch (statusError) {
logger.error('authMiddleware:statusCheckFailed', {
userId: normalizedUserId,
route: req.originalUrl,
error: statusError?.message
});
return res.status(500).json({ success: false, message: 'Internal server error' });
}
next(); next();
} catch (error) { } catch (error) {
logger.warn('authMiddleware:tokenInvalid', { logger.warn('authMiddleware:tokenInvalid', {

25
services/login/LoginService.js
View File

@ -1,5 +1,6 @@
const UserRepository = require('../../repositories/user/UserRepository'); const UserRepository = require('../../repositories/user/UserRepository');
const LoginRepository = require('../../repositories/login/LoginRepository'); const LoginRepository = require('../../repositories/login/LoginRepository');
const UserStatusRepository = require('../../repositories/status/UserStatusRepository');
const UnitOfWork = require('../../database/UnitOfWork'); const UnitOfWork = require('../../database/UnitOfWork');
const jwt = require('jsonwebtoken'); const jwt = require('jsonwebtoken');
const crypto = require('crypto'); const crypto = require('crypto');
@ -12,6 +13,7 @@ class LoginService {
await unitOfWork.start(); await unitOfWork.start();
unitOfWork.registerRepository('user', new UserRepository(unitOfWork)); unitOfWork.registerRepository('user', new UserRepository(unitOfWork));
unitOfWork.registerRepository('login', new LoginRepository(unitOfWork)); unitOfWork.registerRepository('login', new LoginRepository(unitOfWork));
unitOfWork.registerRepository('status', new UserStatusRepository(unitOfWork));
try { try {
// Find user by email // Find user by email
@ -36,6 +38,17 @@ class LoginService {
throw error; throw error;
} }
// Check user status (block suspended)
const statusRepo = unitOfWork.getRepository('status');
const userStatus = await statusRepo.getStatusByUserId(user.id);
if (userStatus && userStatus.status === 'suspended') {
logger.warn('LoginService.login:user_suspended', { userId: user.id, email: user.email });
await unitOfWork.rollback();
const error = new Error('Account suspended');
error.status = 403;
throw error;
}
// Generate access token (JWT) // Generate access token (JWT)
const accessToken = jwt.sign( const accessToken = jwt.sign(
{ userId: user.id, email: user.email, userType: user.userType, role: user.role }, { userId: user.id, email: user.email, userType: user.userType, role: user.role },
@ -95,6 +108,7 @@ class LoginService {
await unitOfWork.start(); await unitOfWork.start();
unitOfWork.registerRepository('login', new LoginRepository(unitOfWork)); unitOfWork.registerRepository('login', new LoginRepository(unitOfWork));
unitOfWork.registerRepository('user', new UserRepository(unitOfWork)); unitOfWork.registerRepository('user', new UserRepository(unitOfWork));
unitOfWork.registerRepository('status', new UserStatusRepository(unitOfWork));
try { try {
const loginRepo = unitOfWork.getRepository('login'); const loginRepo = unitOfWork.getRepository('login');
// Find refresh token in DB via LoginRepository // Find refresh token in DB via LoginRepository
@ -135,6 +149,17 @@ class LoginService {
const userRepo = unitOfWork.getRepository('user'); const userRepo = unitOfWork.getRepository('user');
const user = await userRepo.findUserByEmailOrId(user_id); const user = await userRepo.findUserByEmailOrId(user_id);
// Check user status (block suspended)
const statusRepo = unitOfWork.getRepository('status');
const userStatus = await statusRepo.getStatusByUserId(user.id);
if (userStatus && userStatus.status === 'suspended') {
logger.warn('LoginService.refresh:user_suspended', { userId: user.id, email: user.email });
await unitOfWork.rollback();
const error = new Error('Account suspended');
error.status = 403;
throw error;
}
// Fetch user role directly from DB via LoginRepository // Fetch user role directly from DB via LoginRepository
const role = await loginRepo.getUserRole(user.id); const role = await loginRepo.getUserRole(user.id);