benkyd/note-service-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BROKEN - trying to resolve 2 issues with express - one being that the login / users route ends with a 404 but the code gets executed - the seccond being the auth roots dont function properly as the next() call does not produce an error like it should

Browse Source
This commit is contained in:
Ben
2018-11-15 15:59:14 +00:00
parent a40fbabfb4
commit ec3cd30aa1
11 changed files with 35 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/controllers/api/noteResponse.js
View File

@@ -29,6 +29,8 @@ export class NoteAPI extends API {
} }
endpoint() { endpoint() {
this.res.status(201).end(JSON.stringify(this.response, false, 4)); this.res
.status(201)
.end(JSON.stringify(this.response, false, 4));
} }
} }

4
src/controllers/api/permaLinkResponse.js
View File

@@ -28,6 +28,8 @@ export class PermaLinkAPI extends API {
} }
endpoint() { endpoint() {
this.res.status(201).end(JSON.stringify(this.response, false, 4)); this.res
.status(201)
.end(JSON.stringify(this.response, false, 4));
} }
} }

4
src/controllers/api/userResponses.js
View File

@@ -43,6 +43,8 @@ export class UserAPI extends API {
} }
endpoint() { endpoint() {
this.res.status(200).end(JSON.stringify(this.response, false, 4)); this.res
.status(200)
.end(JSON.stringify(this.response, false, 4));
} }
} }

17
src/controllers/loginController.js
View File

@@ -2,6 +2,7 @@ import {ControllerHandler} from './controllerHandler';
import {API} from './api/api'; import {API} from './api/api';
import {Database} from '../models/database/database' import {Database} from '../models/database/database'
import {User} from '../models/user/user'; import {User} from '../models/user/user';
import { Logger } from '../models/logger';
export class LoginController extends ControllerHandler { export class LoginController extends ControllerHandler {
static async authenticate(req, res, next) { static async authenticate(req, res, next) {
@@ -17,11 +18,7 @@ export class LoginController extends ControllerHandler {
if (!password) errors.addError(400, 'Bad request', 'A password is required'); if (!password) errors.addError(400, 'Bad request', 'A password is required');
if (!username && !email) errors.addError(400, 'Bad request', 'A username or email is required'); if (!username && !email) errors.addError(400, 'Bad request', 'A username or email is required');
if (errors.count() > 0) { if (errors.count() > 0) return next(errors);
errors.endpoint();
next();
return;
}
let user; let user;
if (!username /*If they're loging in with email*/) { if (!username /*If they're loging in with email*/) {
@@ -34,18 +31,12 @@ export class LoginController extends ControllerHandler {
email = user.email; email = user.email;
} }
if (errors.count() > 0) { if (errors.count() > 0) return next(errors);
errors.endpoint();
next();
return;
}
const match = await User.Password.compare(password, user.password); const match = await User.Password.compare(password, user.password);
if (!match) { if (!match) {
errors.addError(401, 'Unauthorized', 'Incorrect password for user'); errors.addError(401, 'Unauthorized', 'Incorrect password for user');
errors.endpoint(); return next(errors);
next();
return;
} }
let response = new API.user(res, user.id, username, email, new Date(parseInt(user.lastupdated)).toLocaleString()); let response = new API.user(res, user.id, username, email, new Date(parseInt(user.lastupdated)).toLocaleString());

6
src/controllers/middleware/auth.js
View File

@@ -9,16 +9,14 @@ export class AuthMiddleWare extends MiddleWare {
if (!req.headers.authorization) { if (!req.headers.authorization) {
errors.addError(403, 'Forbidden', 'You cannot access this resource without authorization'); errors.addError(403, 'Forbidden', 'You cannot access this resource without authorization');
next(errors); return next(errors);
return;
} }
const token = req.headers.authorization; const token = req.headers.authorization;
const user = await Auth.getUserFromToken(token); const user = await Auth.getUserFromToken(token);
if (user == -1 || !user.id) { if (user == -1 || !user.id) {
errors.addError(403, 'Forbidden', 'You cannot access this resource without authorization'); errors.addError(403, 'Forbidden', 'You cannot access this resource without authorization');
next(errors); return next(errors);
return;
} }
req.user = user; req.user = user;

8
src/controllers/middleware/middleware.js
View File

@@ -3,10 +3,10 @@ import stringify from 'json-stringify-safe';
import {Logger} from '../../models/logger'; import {Logger} from '../../models/logger';
export class MiddleWare { export class MiddleWare {
static async end(req, res, next) { // static async end(req, res, next) {
await MiddleWare.RateLimits.request(req, res, next); // await MiddleWare.RateLimits.request(req, res, next);
await MiddleWare.analytics(req, res, next); // await MiddleWare.analytics(req, res, next);
} // }
static analytics(req, res, next) { static analytics(req, res, next) {
// TODO: Send data such as IP to an anyaltitics model // TODO: Send data such as IP to an anyaltitics model

19
src/controllers/noteController.js
View File

@@ -7,22 +7,15 @@ export class NoteController extends ControllerHandler {
static async newNote(req, res, next) { static async newNote(req, res, next) {
const errors = new API.errors(res); const errors = new API.errors(res);
const content = req.body.text || null; const content = req.body.content || null;
const group = req.body.parentgroup || undefined; const group = req.body.parentgroup || undefined;
let order = req.body.order || undefined; let order = req.body.order || undefined;
const user = req.user || undefined; const user = req.user || undefined;
if (!user) {
errors.addError(403, 'Forbidden');
next(errors);
return;
}
if (!order) { if (!order) {
errors.addError(422, 'Unprocessable entity'); errors.addError(422, 'Unprocessable entity', 'Unprocessable entity, no order provided');
next(errors); return next(errors);
return;
} }
const id = await Notes.genID(); const id = await Notes.genID();
@@ -34,16 +27,14 @@ export class NoteController extends ControllerHandler {
const doesExist = await Notes.doesGroupExist(user.id, parentgroup); const doesExist = await Notes.doesGroupExist(user.id, parentgroup);
if (!doesExist) { if (!doesExist) {
errors.addError(422, 'Unprocessable entity', 'You are trying to create a note for a group that does not exist'); errors.addError(422, 'Unprocessable entity', 'You are trying to create a note for a group that does not exist');
next(errors); return next(errors);
return;
} }
success = await Notes.newGroupedNote(id, content, req.user, order, parentgroup); success = await Notes.newGroupedNote(id, content, req.user, order, parentgroup);
} }
if (success == -1) { if (success == -1) {
errors.addError(500, 'Internal server error'); errors.addError(500, 'Internal server error');
next(errors); return next(errors);
return;
} }
new API.note(res, user, id, content, order, parentgroup).endpoint(); new API.note(res, user, id, content, order, parentgroup).endpoint();

10
src/controllers/permaNoteController.js
View File

@@ -11,8 +11,7 @@ export class PermaNoteController extends ControllerHandler {
const content = req.body.content || undefined; const content = req.body.content || undefined;
if (!content) { if (!content) {
errors.addError(422, 'Unprocessable entity', 'There is no content'); errors.addError(422, 'Unprocessable entity', 'There is no content');
errors.endpoint(); return next(errors);
return;
} }
const uid = await PermaLink.genUID() || new Date().getTime(); const uid = await PermaLink.genUID() || new Date().getTime();
@@ -21,8 +20,7 @@ export class PermaNoteController extends ControllerHandler {
const success = await Database.PermaNotes.newNote(uid, endpoint, content); const success = await Database.PermaNotes.newNote(uid, endpoint, content);
if (success == -1) { if (success == -1) {
errors.addError(500, 'Internal server error'); errors.addError(500, 'Internal server error');
errors.endpoint(); return next(errors);
return;
} }
new API.permalink(res, content, uid, endpoint).endpoint(); new API.permalink(res, content, uid, endpoint).endpoint();
@@ -32,9 +30,7 @@ export class PermaNoteController extends ControllerHandler {
static async getPermaNote(req, res, next) { static async getPermaNote(req, res, next) {
const endpoint = req.params.endpoint || undefined; const endpoint = req.params.endpoint || undefined;
if (!endpoint) { if (!endpoint) return;
return;
}
const data = await Database.PermaNotes.getNoteByEndpoint(endpoint); const data = await Database.PermaNotes.getNoteByEndpoint(endpoint);
if (data == -1) { if (data == -1) {

6
src/controllers/routes/router.js
View File

@@ -17,7 +17,7 @@ export class Router {
app.post('/user', [MiddleWare.RateLimits.request, Controllers.UserController.newUser]); app.post('/user', [MiddleWare.RateLimits.request, Controllers.UserController.newUser]);
app.post('/login', [MiddleWare.RateLimits.request, Controllers.LoginController.authenticate]); app.post('/login', [MiddleWare.RateLimits.request, Controllers.LoginController.authenticate]);
app.get('/auth/user/:id', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]); app.get('/user/:id', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
app.delete('/auth/user/:id', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]); app.delete('/auth/user/:id', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
app.post('/unauth/permanote', [MiddleWare.RateLimits.request, Controllers.PermaNoteController.newPermaNote]); app.post('/unauth/permanote', [MiddleWare.RateLimits.request, Controllers.PermaNoteController.newPermaNote]);
@@ -35,8 +35,10 @@ export class Router {
app.delete('/auth/deletenote', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]); app.delete('/auth/deletenote', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
app.delete('/auth/deletegroup', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]); app.delete('/auth/deletegroup', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
app.get('*', [MiddleWare.RateLimits.request, StatusCodes.pageNotFound]);
app.use(ErrorHandler.newError); app.use(ErrorHandler.newError);
app.get('*', [MiddleWare.RateLimits.request, StatusCodes.pageNotFound]);
app.post('*', [MiddleWare.RateLimits.request, StatusCodes.pageNotFound]);
app.delete('*', [MiddleWare.RateLimits.request, StatusCodes.pageNotFound]);
Logger.info('HTTP endpoints settup'); Logger.info('HTTP endpoints settup');
} }

3
src/controllers/status.js
View File

@@ -1,5 +1,6 @@
export class StatusCodes { export class StatusCodes {
static pageNotFound(req, res) { static pageNotFound(req, res, next) {
res.status(404).end('404 Page not found'); res.status(404).end('404 Page not found');
next();
} }
} }

10
src/controllers/userController.js
View File

@@ -27,11 +27,7 @@ export class UserController extends ControllerHandler {
if (await Database.Users.getUser('username', username) != -1) errors.addError(422, 'Unprocessable entity', 'A user with that username allready exists'); if (await Database.Users.getUser('username', username) != -1) errors.addError(422, 'Unprocessable entity', 'A user with that username allready exists');
if (await Database.Users.getUser('email', email) != -1) errors.addError(422, 'Unprocessable entity', 'A user with that email allready exists'); if (await Database.Users.getUser('email', email) != -1) errors.addError(422, 'Unprocessable entity', 'A user with that email allready exists');
if (errors.count() > 0) { if (errors.count() > 0) return next(errors);
errors.endpoint();
next();
return;
}
const response = new API.user(res, id, username, email, new Date().toLocaleString()); const response = new API.user(res, id, username, email, new Date().toLocaleString());
@@ -49,9 +45,7 @@ export class UserController extends ControllerHandler {
const success = await user.insert(); const success = await user.insert();
if (success == -1) { if (success == -1) {
errors.addError(500, 'Internal server error'); errors.addError(500, 'Internal server error');
errors.endpoint(); return next(errors);
next();
return;
} }
response.endpoint(); response.endpoint();