From a40fbabfb489e2e5a5678d1b219f4a54598dfa2c Mon Sep 17 00:00:00 2001 From: Ben Date: Wed, 14 Nov 2018 16:04:37 +0000 Subject: [PATCH] BROKEN - big bug with endpoints and controllers not doing what they are supoased to and error handling --- src/controllers/loginController.js | 2 +- src/controllers/middleware/auth.js | 8 +++--- .../middleware/errors/errorHandler.js | 4 +-- src/controllers/noteController.js | 26 ++++++++----------- src/controllers/routes/router.js | 16 ++++++------ src/models/auth/authModel.js | 4 +-- 6 files changed, 29 insertions(+), 31 deletions(-) diff --git a/src/controllers/loginController.js b/src/controllers/loginController.js index de8179a..964222e 100644 --- a/src/controllers/loginController.js +++ b/src/controllers/loginController.js @@ -48,7 +48,7 @@ export class LoginController extends ControllerHandler { return; } - const response = new API.user(res, user.id, username, email, new Date(parseInt(user.lastupdated)).toLocaleString()); + let response = new API.user(res, user.id, username, email, new Date(parseInt(user.lastupdated)).toLocaleString()); let token = await Database.Authorization.getTokenByID(user.id); if (token == -1) { diff --git a/src/controllers/middleware/auth.js b/src/controllers/middleware/auth.js index de21170..93e239c 100644 --- a/src/controllers/middleware/auth.js +++ b/src/controllers/middleware/auth.js @@ -8,14 +8,16 @@ export class AuthMiddleWare extends MiddleWare { const errors = new API.errors(res); if (!req.headers.authorization) { - errors.addError(403, 'Forbidden', 'You cannot access this resource without authorization').endpoint(); + errors.addError(403, 'Forbidden', 'You cannot access this resource without authorization'); + next(errors); return; } const token = req.headers.authorization; const user = await Auth.getUserFromToken(token); - if (user == -1) { - errors.addError(403, 'Forbidden', 'You cannot access this resource without authorization').endpoint(); + if (user == -1 || !user.id) { + errors.addError(403, 'Forbidden', 'You cannot access this resource without authorization'); + next(errors); return; } diff --git a/src/controllers/middleware/errors/errorHandler.js b/src/controllers/middleware/errors/errorHandler.js index a5ff5ca..7c719a3 100644 --- a/src/controllers/middleware/errors/errorHandler.js +++ b/src/controllers/middleware/errors/errorHandler.js @@ -2,7 +2,7 @@ import {Logger} from '../../../models/logger'; export class ErrorHandler { static async newError(err, req, res, next) { - Logger.error(err); - res.end('an error has occured'); + // Logger.error(JSON.stringify(err)); + err.endpoint(); } } diff --git a/src/controllers/noteController.js b/src/controllers/noteController.js index c183879..9a22897 100644 --- a/src/controllers/noteController.js +++ b/src/controllers/noteController.js @@ -1,29 +1,27 @@ import {ControllerHandler} from './controllerHandler'; import {API} from './api/api'; import {Notes} from '../models/notes/notes'; +import {Logger} from '../models/logger' export class NoteController extends ControllerHandler { static async newNote(req, res, next) { const errors = new API.errors(res); const content = req.body.text || null; - const creatorid = req.user.id || undefined; const group = req.body.parentgroup || undefined; let order = req.body.order || undefined; - + const user = req.user || undefined; - if (!creatorid || !user) { + if (!user) { errors.addError(403, 'Forbidden'); - errors.endpoint(); - next(); + next(errors); return; } if (!order) { errors.addError(422, 'Unprocessable entity'); - errors.endpoint(); - next(); + next(errors); return; } @@ -31,22 +29,20 @@ export class NoteController extends ControllerHandler { let success; if (!group) { - success = await Notes.newNote(id, content, creatorid, order); + success = await Notes.newNote(id, content, req.user, order); } else { const doesExist = await Notes.doesGroupExist(user.id, parentgroup); if (!doesExist) { errors.addError(422, 'Unprocessable entity', 'You are trying to create a note for a group that does not exist'); - errors.endpoint(); - next(); + next(errors); return; } - success = await Notes.newGroupedNote(id, content, creatorid, order, parentgroup); + success = await Notes.newGroupedNote(id, content, req.user, order, parentgroup); } if (success == -1) { errors.addError(500, 'Internal server error'); - errors.endpoint(); - next(); + next(errors); return; } @@ -58,10 +54,10 @@ export class NoteController extends ControllerHandler { // id: id, // content: content, // parentgroup: parentgroup, -// creatorid: creatorid, +// req.user: req.user, // order: order, // catergory: null, // endpoint: null, // lastupdated: new Date().getTime() -// static async newNote(id, content, creatorid, order, parentgroup) { +// static async newNote(id, content, req.user, order, parentgroup) { diff --git a/src/controllers/routes/router.js b/src/controllers/routes/router.js index ce52795..06a90f9 100644 --- a/src/controllers/routes/router.js +++ b/src/controllers/routes/router.js @@ -19,29 +19,29 @@ export class Router { app.post('/login', [MiddleWare.RateLimits.request, Controllers.LoginController.authenticate]); app.get('/auth/user/:id', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]); app.delete('/auth/user/:id', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]); - + app.post('/unauth/permanote', [MiddleWare.RateLimits.request, Controllers.PermaNoteController.newPermaNote]); app.get('/note/:endpoint', [MiddleWare.RateLimits.request, Controllers.PermaNoteController.getPermaNote]); - + app.post('/auth/note', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser, Controllers.NoteController.newNote]); // Passes through auth middleware which if authenticated passes user obj and token to the note handling function for it to deal with app.post('/auth/group', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser, Controllers.GroupController.newGroup]); - + app.get('/auth/getallnotes', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]); app.get('/auth/getallgroups', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]); - + app.post('/auth/movenote', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]); app.post('/auth/movegroup', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]); - + app.delete('/auth/deletenote', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]); app.delete('/auth/deletegroup', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]); - - app.use(ErrorHandler.newError); + app.get('*', [MiddleWare.RateLimits.request, StatusCodes.pageNotFound]); + app.use(ErrorHandler.newError); Logger.info('HTTP endpoints settup'); } - static frontPage(req, res, next) { + static async frontPage(req, res, next) { // const err = "lol"; // next(err); res.end('DEVELOPMENT SERVER'); diff --git a/src/models/auth/authModel.js b/src/models/auth/authModel.js index c8e7de7..bcda072 100644 --- a/src/models/auth/authModel.js +++ b/src/models/auth/authModel.js @@ -2,8 +2,8 @@ import {Database} from '../database/database'; export class Auth { static async getUserFromToken(token) { - const id = await Database.auth.getIDByToken(token); + const id = await Database.Authorization.getIDByToken(token); if (id == -1) return id; - return await Database.users.getUserByID(id.id); + return await Database.Users.getUserByID(id); } }