BROKEN - big bug with endpoints and controllers not doing what they are supoased to and error handling
This commit is contained in:
Ben
@@ -48,7 +48,7 @@ export class LoginController extends ControllerHandler {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
const response = new API.user(res, user.id, username, email, new Date(parseInt(user.lastupdated)).toLocaleString());
|
let response = new API.user(res, user.id, username, email, new Date(parseInt(user.lastupdated)).toLocaleString());
|
||||||
let token = await Database.Authorization.getTokenByID(user.id);
|
let token = await Database.Authorization.getTokenByID(user.id);
|
||||||
|
|
||||||
if (token == -1) {
|
if (token == -1) {
|
||||||
|
|||||||
@@ -8,14 +8,16 @@ export class AuthMiddleWare extends MiddleWare {
|
|||||||
const errors = new API.errors(res);
|
const errors = new API.errors(res);
|
||||||
|
|
||||||
if (!req.headers.authorization) {
|
if (!req.headers.authorization) {
|
||||||
errors.addError(403, 'Forbidden', 'You cannot access this resource without authorization').endpoint();
|
errors.addError(403, 'Forbidden', 'You cannot access this resource without authorization');
|
||||||
|
next(errors);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
const token = req.headers.authorization;
|
const token = req.headers.authorization;
|
||||||
const user = await Auth.getUserFromToken(token);
|
const user = await Auth.getUserFromToken(token);
|
||||||
if (user == -1) {
|
if (user == -1 || !user.id) {
|
||||||
errors.addError(403, 'Forbidden', 'You cannot access this resource without authorization').endpoint();
|
errors.addError(403, 'Forbidden', 'You cannot access this resource without authorization');
|
||||||
|
next(errors);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ import {Logger} from '../../../models/logger';
|
|||||||
|
|
||||||
export class ErrorHandler {
|
export class ErrorHandler {
|
||||||
static async newError(err, req, res, next) {
|
static async newError(err, req, res, next) {
|
||||||
Logger.error(err);
|
// Logger.error(JSON.stringify(err));
|
||||||
res.end('an error has occured');
|
err.endpoint();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,29 +1,27 @@
|
|||||||
import {ControllerHandler} from './controllerHandler';
|
import {ControllerHandler} from './controllerHandler';
|
||||||
import {API} from './api/api';
|
import {API} from './api/api';
|
||||||
import {Notes} from '../models/notes/notes';
|
import {Notes} from '../models/notes/notes';
|
||||||
|
import {Logger} from '../models/logger'
|
||||||
|
|
||||||
export class NoteController extends ControllerHandler {
|
export class NoteController extends ControllerHandler {
|
||||||
static async newNote(req, res, next) {
|
static async newNote(req, res, next) {
|
||||||
const errors = new API.errors(res);
|
const errors = new API.errors(res);
|
||||||
|
|
||||||
const content = req.body.text || null;
|
const content = req.body.text || null;
|
||||||
const creatorid = req.user.id || undefined;
|
|
||||||
const group = req.body.parentgroup || undefined;
|
const group = req.body.parentgroup || undefined;
|
||||||
let order = req.body.order || undefined;
|
let order = req.body.order || undefined;
|
||||||
|
|
||||||
const user = req.user || undefined;
|
const user = req.user || undefined;
|
||||||
|
|
||||||
if (!creatorid || !user) {
|
if (!user) {
|
||||||
errors.addError(403, 'Forbidden');
|
errors.addError(403, 'Forbidden');
|
||||||
errors.endpoint();
|
next(errors);
|
||||||
next();
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!order) {
|
if (!order) {
|
||||||
errors.addError(422, 'Unprocessable entity');
|
errors.addError(422, 'Unprocessable entity');
|
||||||
errors.endpoint();
|
next(errors);
|
||||||
next();
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -31,22 +29,20 @@ export class NoteController extends ControllerHandler {
|
|||||||
|
|
||||||
let success;
|
let success;
|
||||||
if (!group) {
|
if (!group) {
|
||||||
success = await Notes.newNote(id, content, creatorid, order);
|
success = await Notes.newNote(id, content, req.user, order);
|
||||||
} else {
|
} else {
|
||||||
const doesExist = await Notes.doesGroupExist(user.id, parentgroup);
|
const doesExist = await Notes.doesGroupExist(user.id, parentgroup);
|
||||||
if (!doesExist) {
|
if (!doesExist) {
|
||||||
errors.addError(422, 'Unprocessable entity', 'You are trying to create a note for a group that does not exist');
|
errors.addError(422, 'Unprocessable entity', 'You are trying to create a note for a group that does not exist');
|
||||||
errors.endpoint();
|
next(errors);
|
||||||
next();
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
success = await Notes.newGroupedNote(id, content, creatorid, order, parentgroup);
|
success = await Notes.newGroupedNote(id, content, req.user, order, parentgroup);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (success == -1) {
|
if (success == -1) {
|
||||||
errors.addError(500, 'Internal server error');
|
errors.addError(500, 'Internal server error');
|
||||||
errors.endpoint();
|
next(errors);
|
||||||
next();
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -58,10 +54,10 @@ export class NoteController extends ControllerHandler {
|
|||||||
// id: id,
|
// id: id,
|
||||||
// content: content,
|
// content: content,
|
||||||
// parentgroup: parentgroup,
|
// parentgroup: parentgroup,
|
||||||
// creatorid: creatorid,
|
// req.user: req.user,
|
||||||
// order: order,
|
// order: order,
|
||||||
// catergory: null,
|
// catergory: null,
|
||||||
// endpoint: null,
|
// endpoint: null,
|
||||||
// lastupdated: new Date().getTime()
|
// lastupdated: new Date().getTime()
|
||||||
|
|
||||||
// static async newNote(id, content, creatorid, order, parentgroup) {
|
// static async newNote(id, content, req.user, order, parentgroup) {
|
||||||
|
|||||||
@@ -19,29 +19,29 @@ export class Router {
|
|||||||
app.post('/login', [MiddleWare.RateLimits.request, Controllers.LoginController.authenticate]);
|
app.post('/login', [MiddleWare.RateLimits.request, Controllers.LoginController.authenticate]);
|
||||||
app.get('/auth/user/:id', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
|
app.get('/auth/user/:id', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
|
||||||
app.delete('/auth/user/:id', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
|
app.delete('/auth/user/:id', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
|
||||||
|
|
||||||
app.post('/unauth/permanote', [MiddleWare.RateLimits.request, Controllers.PermaNoteController.newPermaNote]);
|
app.post('/unauth/permanote', [MiddleWare.RateLimits.request, Controllers.PermaNoteController.newPermaNote]);
|
||||||
app.get('/note/:endpoint', [MiddleWare.RateLimits.request, Controllers.PermaNoteController.getPermaNote]);
|
app.get('/note/:endpoint', [MiddleWare.RateLimits.request, Controllers.PermaNoteController.getPermaNote]);
|
||||||
|
|
||||||
app.post('/auth/note', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser, Controllers.NoteController.newNote]); // Passes through auth middleware which if authenticated passes user obj and token to the note handling function for it to deal with
|
app.post('/auth/note', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser, Controllers.NoteController.newNote]); // Passes through auth middleware which if authenticated passes user obj and token to the note handling function for it to deal with
|
||||||
app.post('/auth/group', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser, Controllers.GroupController.newGroup]);
|
app.post('/auth/group', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser, Controllers.GroupController.newGroup]);
|
||||||
|
|
||||||
app.get('/auth/getallnotes', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
|
app.get('/auth/getallnotes', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
|
||||||
app.get('/auth/getallgroups', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
|
app.get('/auth/getallgroups', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
|
||||||
|
|
||||||
app.post('/auth/movenote', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
|
app.post('/auth/movenote', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
|
||||||
app.post('/auth/movegroup', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
|
app.post('/auth/movegroup', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
|
||||||
|
|
||||||
app.delete('/auth/deletenote', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
|
app.delete('/auth/deletenote', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
|
||||||
app.delete('/auth/deletegroup', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
|
app.delete('/auth/deletegroup', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
|
||||||
|
|
||||||
app.use(ErrorHandler.newError);
|
|
||||||
app.get('*', [MiddleWare.RateLimits.request, StatusCodes.pageNotFound]);
|
app.get('*', [MiddleWare.RateLimits.request, StatusCodes.pageNotFound]);
|
||||||
|
app.use(ErrorHandler.newError);
|
||||||
|
|
||||||
Logger.info('HTTP endpoints settup');
|
Logger.info('HTTP endpoints settup');
|
||||||
}
|
}
|
||||||
|
|
||||||
static frontPage(req, res, next) {
|
static async frontPage(req, res, next) {
|
||||||
// const err = "lol";
|
// const err = "lol";
|
||||||
// next(err);
|
// next(err);
|
||||||
res.end('DEVELOPMENT SERVER');
|
res.end('DEVELOPMENT SERVER');
|
||||||
|
|||||||
@@ -2,8 +2,8 @@ import {Database} from '../database/database';
|
|||||||
|
|
||||||
export class Auth {
|
export class Auth {
|
||||||
static async getUserFromToken(token) {
|
static async getUserFromToken(token) {
|
||||||
const id = await Database.auth.getIDByToken(token);
|
const id = await Database.Authorization.getIDByToken(token);
|
||||||
if (id == -1) return id;
|
if (id == -1) return id;
|
||||||
return await Database.users.getUserByID(id.id);
|
return await Database.Users.getUserByID(id);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user