BROKEN - trying to resolve 2 issues with express - one being that the login / users route ends with a 404 but the code gets executed - the seccond being the auth roots dont function properly as the next() call does not produce an error like it should
This commit is contained in:
Ben
@@ -29,6 +29,8 @@ export class NoteAPI extends API {
|
||||
}
|
||||
|
||||
endpoint() {
|
||||
this.res.status(201).end(JSON.stringify(this.response, false, 4));
|
||||
this.res
|
||||
.status(201)
|
||||
.end(JSON.stringify(this.response, false, 4));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -28,6 +28,8 @@ export class PermaLinkAPI extends API {
|
||||
}
|
||||
|
||||
endpoint() {
|
||||
this.res.status(201).end(JSON.stringify(this.response, false, 4));
|
||||
this.res
|
||||
.status(201)
|
||||
.end(JSON.stringify(this.response, false, 4));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -43,6 +43,8 @@ export class UserAPI extends API {
|
||||
}
|
||||
|
||||
endpoint() {
|
||||
this.res.status(200).end(JSON.stringify(this.response, false, 4));
|
||||
this.res
|
||||
.status(200)
|
||||
.end(JSON.stringify(this.response, false, 4));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,6 +2,7 @@ import {ControllerHandler} from './controllerHandler';
|
||||
import {API} from './api/api';
|
||||
import {Database} from '../models/database/database'
|
||||
import {User} from '../models/user/user';
|
||||
import { Logger } from '../models/logger';
|
||||
|
||||
export class LoginController extends ControllerHandler {
|
||||
static async authenticate(req, res, next) {
|
||||
@@ -17,11 +18,7 @@ export class LoginController extends ControllerHandler {
|
||||
if (!password) errors.addError(400, 'Bad request', 'A password is required');
|
||||
if (!username && !email) errors.addError(400, 'Bad request', 'A username or email is required');
|
||||
|
||||
if (errors.count() > 0) {
|
||||
errors.endpoint();
|
||||
next();
|
||||
return;
|
||||
}
|
||||
if (errors.count() > 0) return next(errors);
|
||||
|
||||
let user;
|
||||
if (!username /*If they're loging in with email*/) {
|
||||
@@ -34,18 +31,12 @@ export class LoginController extends ControllerHandler {
|
||||
email = user.email;
|
||||
}
|
||||
|
||||
if (errors.count() > 0) {
|
||||
errors.endpoint();
|
||||
next();
|
||||
return;
|
||||
}
|
||||
if (errors.count() > 0) return next(errors);
|
||||
|
||||
const match = await User.Password.compare(password, user.password);
|
||||
if (!match) {
|
||||
errors.addError(401, 'Unauthorized', 'Incorrect password for user');
|
||||
errors.endpoint();
|
||||
next();
|
||||
return;
|
||||
return next(errors);
|
||||
}
|
||||
|
||||
let response = new API.user(res, user.id, username, email, new Date(parseInt(user.lastupdated)).toLocaleString());
|
||||
|
||||
@@ -9,16 +9,14 @@ export class AuthMiddleWare extends MiddleWare {
|
||||
|
||||
if (!req.headers.authorization) {
|
||||
errors.addError(403, 'Forbidden', 'You cannot access this resource without authorization');
|
||||
next(errors);
|
||||
return;
|
||||
return next(errors);
|
||||
}
|
||||
|
||||
const token = req.headers.authorization;
|
||||
const user = await Auth.getUserFromToken(token);
|
||||
if (user == -1 || !user.id) {
|
||||
errors.addError(403, 'Forbidden', 'You cannot access this resource without authorization');
|
||||
next(errors);
|
||||
return;
|
||||
return next(errors);
|
||||
}
|
||||
|
||||
req.user = user;
|
||||
|
||||
@@ -3,10 +3,10 @@ import stringify from 'json-stringify-safe';
|
||||
import {Logger} from '../../models/logger';
|
||||
|
||||
export class MiddleWare {
|
||||
static async end(req, res, next) {
|
||||
await MiddleWare.RateLimits.request(req, res, next);
|
||||
await MiddleWare.analytics(req, res, next);
|
||||
}
|
||||
// static async end(req, res, next) {
|
||||
// await MiddleWare.RateLimits.request(req, res, next);
|
||||
// await MiddleWare.analytics(req, res, next);
|
||||
// }
|
||||
|
||||
static analytics(req, res, next) {
|
||||
// TODO: Send data such as IP to an anyaltitics model
|
||||
|
||||
@@ -7,22 +7,15 @@ export class NoteController extends ControllerHandler {
|
||||
static async newNote(req, res, next) {
|
||||
const errors = new API.errors(res);
|
||||
|
||||
const content = req.body.text || null;
|
||||
const content = req.body.content || null;
|
||||
const group = req.body.parentgroup || undefined;
|
||||
let order = req.body.order || undefined;
|
||||
|
||||
const user = req.user || undefined;
|
||||
|
||||
if (!user) {
|
||||
errors.addError(403, 'Forbidden');
|
||||
next(errors);
|
||||
return;
|
||||
}
|
||||
|
||||
if (!order) {
|
||||
errors.addError(422, 'Unprocessable entity');
|
||||
next(errors);
|
||||
return;
|
||||
errors.addError(422, 'Unprocessable entity', 'Unprocessable entity, no order provided');
|
||||
return next(errors);
|
||||
}
|
||||
|
||||
const id = await Notes.genID();
|
||||
@@ -34,16 +27,14 @@ export class NoteController extends ControllerHandler {
|
||||
const doesExist = await Notes.doesGroupExist(user.id, parentgroup);
|
||||
if (!doesExist) {
|
||||
errors.addError(422, 'Unprocessable entity', 'You are trying to create a note for a group that does not exist');
|
||||
next(errors);
|
||||
return;
|
||||
return next(errors);
|
||||
}
|
||||
success = await Notes.newGroupedNote(id, content, req.user, order, parentgroup);
|
||||
}
|
||||
|
||||
if (success == -1) {
|
||||
errors.addError(500, 'Internal server error');
|
||||
next(errors);
|
||||
return;
|
||||
return next(errors);
|
||||
}
|
||||
|
||||
new API.note(res, user, id, content, order, parentgroup).endpoint();
|
||||
|
||||
@@ -11,8 +11,7 @@ export class PermaNoteController extends ControllerHandler {
|
||||
const content = req.body.content || undefined;
|
||||
if (!content) {
|
||||
errors.addError(422, 'Unprocessable entity', 'There is no content');
|
||||
errors.endpoint();
|
||||
return;
|
||||
return next(errors);
|
||||
}
|
||||
|
||||
const uid = await PermaLink.genUID() || new Date().getTime();
|
||||
@@ -21,8 +20,7 @@ export class PermaNoteController extends ControllerHandler {
|
||||
const success = await Database.PermaNotes.newNote(uid, endpoint, content);
|
||||
if (success == -1) {
|
||||
errors.addError(500, 'Internal server error');
|
||||
errors.endpoint();
|
||||
return;
|
||||
return next(errors);
|
||||
}
|
||||
|
||||
new API.permalink(res, content, uid, endpoint).endpoint();
|
||||
@@ -32,9 +30,7 @@ export class PermaNoteController extends ControllerHandler {
|
||||
static async getPermaNote(req, res, next) {
|
||||
const endpoint = req.params.endpoint || undefined;
|
||||
|
||||
if (!endpoint) {
|
||||
return;
|
||||
}
|
||||
if (!endpoint) return;
|
||||
|
||||
const data = await Database.PermaNotes.getNoteByEndpoint(endpoint);
|
||||
if (data == -1) {
|
||||
|
||||
@@ -17,7 +17,7 @@ export class Router {
|
||||
|
||||
app.post('/user', [MiddleWare.RateLimits.request, Controllers.UserController.newUser]);
|
||||
app.post('/login', [MiddleWare.RateLimits.request, Controllers.LoginController.authenticate]);
|
||||
app.get('/auth/user/:id', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
|
||||
app.get('/user/:id', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
|
||||
app.delete('/auth/user/:id', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
|
||||
|
||||
app.post('/unauth/permanote', [MiddleWare.RateLimits.request, Controllers.PermaNoteController.newPermaNote]);
|
||||
@@ -35,8 +35,10 @@ export class Router {
|
||||
app.delete('/auth/deletenote', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
|
||||
app.delete('/auth/deletegroup', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
|
||||
|
||||
app.get('*', [MiddleWare.RateLimits.request, StatusCodes.pageNotFound]);
|
||||
app.use(ErrorHandler.newError);
|
||||
app.get('*', [MiddleWare.RateLimits.request, StatusCodes.pageNotFound]);
|
||||
app.post('*', [MiddleWare.RateLimits.request, StatusCodes.pageNotFound]);
|
||||
app.delete('*', [MiddleWare.RateLimits.request, StatusCodes.pageNotFound]);
|
||||
|
||||
Logger.info('HTTP endpoints settup');
|
||||
}
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
export class StatusCodes {
|
||||
static pageNotFound(req, res) {
|
||||
static pageNotFound(req, res, next) {
|
||||
res.status(404).end('404 Page not found');
|
||||
next();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -27,11 +27,7 @@ export class UserController extends ControllerHandler {
|
||||
if (await Database.Users.getUser('username', username) != -1) errors.addError(422, 'Unprocessable entity', 'A user with that username allready exists');
|
||||
if (await Database.Users.getUser('email', email) != -1) errors.addError(422, 'Unprocessable entity', 'A user with that email allready exists');
|
||||
|
||||
if (errors.count() > 0) {
|
||||
errors.endpoint();
|
||||
next();
|
||||
return;
|
||||
}
|
||||
if (errors.count() > 0) return next(errors);
|
||||
|
||||
const response = new API.user(res, id, username, email, new Date().toLocaleString());
|
||||
|
||||
@@ -49,9 +45,7 @@ export class UserController extends ControllerHandler {
|
||||
const success = await user.insert();
|
||||
if (success == -1) {
|
||||
errors.addError(500, 'Internal server error');
|
||||
errors.endpoint();
|
||||
next();
|
||||
return;
|
||||
return next(errors);
|
||||
}
|
||||
|
||||
response.endpoint();
|
||||
|
||||
Reference in New Issue
Block a user