I'm trying to implement logic to restrict download access:
const userPermittedFutures = {};
app.get('/futures', checkAuthenticated, async (req, res) => {
const query = {
name: 'fetch-futures-portfolios',
text: 'SELECT ' +
'future.instrument.symbol ' +
.......
'WHERE future.exchange.name = $1',
values: ['Futures'],
};
const futuresPortfolios = await pgClient.query(query).catch((err) => {
console.log("Failed to select futures portfolios: " + err.message);
res.status(503).send({
status: 'fail',
message: err.message
});
return;
});
let allowedFuturesAssetsForUser = futuresPortfolios.rows;
let currentUser = initializePassport.getCurrentUser();
let traderId = traderIdMnemonicMapping[currentUser]
if (!getPermittedFuturesAssets[traderId]) {
console.log("Couldn't find Futures contracts for " + currentUser)
return;
} else {
console.log("Specific Futures contracts are set for user " + currentUser);
allowedFuturesAssetsForUser = Object.keys(getPermittedFuturesAssets[traderId]);
}
res.status(200).send(allowedFuturesAssetsForUser);
});
const getPermittedFuturesAssets = (traderId) => {
if (!pgClient) {
setTimeout(function () {
getPermittedFuturesAssets()
}, 1000);
return;
}
const query = {
name: 'fetch-futures-assets-permissions',
text: 'SELECT trader_id, pair, pair_limit ' +
'FROM common.accounts_pairs_permits app ' +
'WHERE exists(SELECT * FROM future.instrument ap WHERE ap.symbol = app.pair) AND trader_id = $1',
values: [traderId],
};
pgClient.query(query, (err, res) => {
if (err) {
console.error("Can't get account permitted futures permits. Retrying in a second...");
setTimeout(function () {
getPermittedFuturesAssets();
}, 1000);
return;
}
for (let row of res.rows) {
addUserFuturesConstraints(row.trader_id, row.pair, row.pair_limit);
}
});
}
function addUserFuturesConstraints(trading_id, futuresAsset, limit) {
if (!userPermittedFutures[trading_id]) {
let user_permitted_limits = {}
user_permitted_limits[futuresAsset] = createUserFuturesAssetsConstraints(limit);
userPermittedFutures[trading_id] = user_permitted_limits;
} else {
userPermittedFutures[trading_id][futuresAsset] = createUserFuturesAssetsConstraints(limit);
}
}
function isUserAbleToTradeFutures(req, res, next) {
if (adminUsers[req.user.username]) { // admin users can trade with all pairs without limits
return next();
}
if (!isFuturesAssetAllowedForUser(req.user.username, req.body.selectedPair)) {
return res.status(503).send({status: "Failed to execute because Futures Asset is not allowed for user."});
}
if (isUserFuturesLimitReached(req.user.username, req.body.amount, req.body.selectedPair)) {
return res.status(503).send({status: "Failed to execute because the order exceeds the user's trading limit for Futures Asset."});
}
return next();
}
function isFuturesAssetAllowedForUser(username, selectedFutureAsset) {
let traderId = traderIdMnemonicMapping[username];
if (!userPermittedFutures[traderId]) {
return false;
}
for (let futureAsset of Object.entries(userPermittedFutures[traderId])) {
if (futureAsset[0] === selectedFutureAsset) {
return true;
}
}
return false;
}
function isUserFuturesLimitReached(username, amount, selectedFuturesAsset) {
let traderId = traderIdMnemonicMapping[username]
if (!userPermittedFutures[traderId][selectedFuturesAsset]) { // if limit is undefined then it is unlimited.
return false;
}
return parseFloat(amount) > userPermittedFutures[traderId][selectedFuturesAsset].pairQuantityLimit;
}
function createUserFuturesAssetsConstraints(pairQuantityLimit) {
return {
pairQuantityLimit: parseFloat(pairQuantityLimit),
splitConstraints: [],
}
}
But I'm stuck how to implement createUserFuturesAssetsConstraints.
When user tries to access endpoint and make request see should be limited to an asset for example asset1 based on the username.
How I can implement the logic so that user can can access only a defined list of items based on his username?
