torrust-index icon indicating copy to clipboard operation
torrust-index copied to clipboard
verified publisher icon torrust

Move authorization logic to new layer.

Open mario-nt opened this issue 2 years ago • 1 comments

Parent issue: #39

Handlers that require an optional user ID, check if the user found in the bearer token exists in the database in the handler, however, for handlers that require an user id, that check is not done in the handler but for example in the torrent service.

It would be ideal to have the same app behavior regardless of the type of handler (required or optional user ID):

  • When we receive a token we should always check in the handler if the user exists.
  • If the user does not exist we should return an unauthorized response. Even if the user is optional for that endpoint.
  • The frontend should invalidate the token if it receives an unauthorized response and remove it from the local storage, and do not send it anymore to the server.

mario-nt avatar Jan 29 '24 16:01 mario-nt

Subtasks:

  • [x] Database layer

  • [x] Service layer

    • [x] First draft
    • [x] First review and refactor
    • [x] Other services authorization implementation
      • [x] Category
      • [x] Settings
      • [x] Tags
    • [x] Tests
      • [x] Category
      • [x] Settings
      • [x] Tags

  • [x] Cleanup

mario-nt avatar Mar 06 '24 17:03 mario-nt