1
import { InvalidCredentialsError } from '@directus/errors';2
import type { Accountability } from '@directus/types';3
import getDatabase from '../database/index.js';
4
import { getSecret } from './get-secret.js';5
import isDirectusJWT from './is-directus-jwt.js';
6
import { verifySessionJWT } from './verify-session-jwt.js';7
import { verifyAccessJWT } from './jwt.js';9
export async function getAccountabilityForToken(
10
token?: string | null,
11
accountability?: Accountability,
12
): Promise<Accountability> {13
if (!accountability) {23
if (isDirectusJWT(token)) {24
const payload = verifyAccessJWT(token, getSecret());
26
if ('session' in payload) {27
await verifySessionJWT(payload);
30
accountability.role = payload.role;
31
accountability.admin = payload.admin_access === true || payload.admin_access == 1;
32
accountability.app = payload.app_access === true || payload.app_access == 1;
34
if (payload.share) accountability.share = payload.share;
35
if (payload.share_scope) accountability.share_scope = payload.share_scope;
36
if (payload.id) accountability.user = payload.id;
39
const database = getDatabase();
41
const user = await database
42
.select('directus_users.id', 'directus_users.role', 'directus_roles.admin_access', 'directus_roles.app_access')43
.from('directus_users')44
.leftJoin('directus_roles', 'directus_users.role', 'directus_roles.id')46
'directus_users.token': token,
52
throw new InvalidCredentialsError();
55
accountability.user = user.id;
56
accountability.role = user.role;
57
accountability.admin = user.admin_access === true || user.admin_access == 1;
58
accountability.app = user.app_access === true || user.app_access == 1;
62
return accountability;