3

I am writing a API endpoint in NodeJs, The code is roughly like this:

function myApi(myUserId, userIdToDelete){
    if ( checkIfIAmAdmin(myUserId) ) {
        deleteUser(userIdToDelete);
    } 
}

Now, checkIfIAmAdmin() and deletUser() perform database operations, but as you can see, not atomically. This means that between the executions of the two functions, the current user may change its permission to a lower one, hence deleting a user while not being admin.

Thi is conceptually erroneous (in this simple example) but it may be acceptable since all of this happens in few milliseconds or we can just accept the fact that "if the user was an administrator in a time not too long ago (milliseconds), it's still okay to consider them admin"

I'd like to develop this API in the most clean and right way (I would like to know the best practices). What do you suggest me to do?

Alessandro
  • 69

1 Answers1

3

No.

Consider todays normal practice is to send the "IsAdmin" flag as a claim in a token.

A token with an expiration of at least several minutes, if not hours.

It's expected and accepted that there is a delay in implementing a "lock this user out" decision in most scenarios. Even ones where there may be a financial impact, because of the benefits of not having to lock on every security check.

If you think you do need this lock, then ask yourself about the rest of the process. Is a human involved? how long does it take them to get off the phone after being told and to click the button that locks a user out? Is the code, or the token expiration the longest delay you have in the system?

Ewan
  • 83,178