feat: add check for routes with no permissons set

JDIZM · JDIZM · commit 1eaa22a62194 · 2024-03-30T08:28:03.000Z
diff --git a/src/helpers/permissions.test.ts b/src/helpers/permissions.test.ts
@@ -0,0 +1,40 @@
+import { describe, expect, it } from "vitest";
+import { Claim, hasRoutesWithNoPermissionsSet, Route } from "./permissions.js";
+
+const API_ROUTES = {
+  root: "/",
+  users: "/users",
+  userById: "/users/:id"
+} as const;
+
+const permissions = new Map([
+  ["/", []],
+  ["/users", ["admin"]],
+  ["/users/:id", ["owner"]]
+]) as Map<Route, Claim[]>;
+
+describe("permissions", () => {
+  describe("hasRoutesWithNoPermissionsSet", () => {
+    it("should return FALSE if all provided routes have permission levels set in the map", () => {
+      const expected = hasRoutesWithNoPermissionsSet(Object.values(API_ROUTES), permissions);
+      expect(expected).toBe(false);
+    });
+
+    it("should return TRUE if a route has no permissions set", () => {
+      const API_ROUTES = {
+        root: "/",
+        users: "/users",
+        userById: "/users/:id",
+        example: "/example"
+      } as const;
+
+      const permissions = new Map([
+        ["/", []],
+        ["/users", ["admin"]],
+        ["/user/:id", ["owner"]]
+      ]) as Map<Route, Claim[]>;
+
+      expect(hasRoutesWithNoPermissionsSet(Object.values(API_ROUTES) as Route[], permissions)).toBe(true);
+    });
+  });
+});
diff --git a/src/helpers/permissions.ts b/src/helpers/permissions.ts
@@ -8,14 +8,37 @@ export const API_ROUTES = {
 
 export type RouteName = keyof typeof API_ROUTES;
 export type Route = (typeof API_ROUTES)[RouteName];
+export type Routes = Route[];
 
 export const roles = ["admin", "user", "owner"] as const;
 export type Claim = (typeof roles)[number];
 
 export const permissions = new Map<Route, Claim[]>();
+export type PermissionsMap = typeof permissions;
 
 permissions.set(API_ROUTES.root, []);
 permissions.set(API_ROUTES.verifyAuthToken, ["user"]);
 permissions.set(API_ROUTES.users, ["admin"]);
 permissions.set(API_ROUTES.userById, ["owner"]);
 permissions.set(API_ROUTES.setUsersPermissions, ["admin"]);
+
+/**
+ * This validates that permissions are set for all routes
+ * in the permissions map.
+ *
+ */
+export const hasRoutesWithNoPermissionsSet = (routes: Routes, permissions: PermissionsMap): boolean => {
+  const permissionRoutes = [...permissions.keys()];
+
+  const hasInvalidRoute = routes.some((route) => {
+    return !permissionRoutes.includes(route);
+  });
+
+  return hasInvalidRoute;
+};
+
+const hasInvalidRoute = hasRoutesWithNoPermissionsSet(Object.values(API_ROUTES), permissions);
+
+if (hasInvalidRoute) {
+  throw new Error("There are routes without permissions set.");
+}
