benkyd/note-service-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: benkyd:7ab4511cc8bcbe5dd84e7a9d04d966904ed74964
Branches Tags
benkyd:master benkyd:add-license-1 benkyd:dev
..
compare: benkyd:7369d0bd6823dcc56298372bdfb38238535f1fe3
Branches Tags
benkyd:master benkyd:add-license-1 benkyd:dev

5 Commits
7ab4511cc8 ... 7369d0bd68

Author SHA1 Message Date
Ben
7369d0bd68 hadpagsjiopafdouiaejwkewrran 2018-11-17 14:34:39 +00:00
Ben
ec3cd30aa1 BROKEN - trying to resolve 2 issues with express - one being that the login / users route ends with a 404 but the code gets executed - the seccond being the auth roots dont function properly as the next() call does not produce an error like it should 2018-11-15 15:59:14 +00:00
Ben
a40fbabfb4 BROKEN - big bug with endpoints and controllers not doing what they are supoased to and error handling 2018-11-14 16:04:37 +00:00
plane000
6a8df5045c Changed around the router, hopefully express should call the error handler first 2018-11-11 13:49:56 +00:00
Ben
280fed61dd Testing error handling and rate limiting - it seems broken 2018-11-10 17:39:39 +00:00
15 changed files with 66 additions and 83 deletions
Expand all files Collapse all files

2
src/controllers/api/APIErrors.js
View File

@@ -30,6 +30,6 @@ export class APIErrors extends API {
endpoint() {
this.res
.status(this.errors.status.code)
.end(JSON.stringify(this.errors, false, 4));
.send(JSON.stringify(this.errors, false, 4));
}
}

4
src/controllers/api/noteResponse.js
View File

@@ -29,6 +29,8 @@ export class NoteAPI extends API {
}
endpoint() {
this.res.status(201).end(JSON.stringify(this.response, false, 4));
this.res
.status(201)
.send(JSON.stringify(this.response, false, 4));
}
}

4
src/controllers/api/permaLinkResponse.js
View File

@@ -28,6 +28,8 @@ export class PermaLinkAPI extends API {
}
endpoint() {
this.res.status(201).end(JSON.stringify(this.response, false, 4));
this.res
.status(201)
.send(JSON.stringify(this.response, false, 4));
}
}

6
src/controllers/api/userResponses.js
View File

@@ -42,7 +42,9 @@ export class UserAPI extends API {
}
}
endpoint() {
this.res.status(200).end(JSON.stringify(this.response, false, 4));
async endpoint() {
await this.res
.status(200)
.send(JSON.stringify(this.response, false, 4));
}
}

21
src/controllers/loginController.js
View File

@@ -2,6 +2,7 @@ import {ControllerHandler} from './controllerHandler';
import {API} from './api/api';
import {Database} from '../models/database/database'
import {User} from '../models/user/user';
import { Logger } from '../models/logger';
export class LoginController extends ControllerHandler {
static async authenticate(req, res, next) {
@@ -17,11 +18,7 @@ export class LoginController extends ControllerHandler {
if (!password) errors.addError(400, 'Bad request', 'A password is required');
if (!username && !email) errors.addError(400, 'Bad request', 'A username or email is required');
if (errors.count() > 0) {
errors.endpoint();
next();
return;
}
if (errors.count() > 0) return next(errors);
let user;
if (!username /*If they're loging in with email*/) {
@@ -34,21 +31,15 @@ export class LoginController extends ControllerHandler {
email = user.email;
}
if (errors.count() > 0) {
errors.endpoint();
next();
return;
}
if (errors.count() > 0) return next(errors);
const match = await User.Password.compare(password, user.password);
if (!match) {
errors.addError(401, 'Unauthorized', 'Incorrect password for user');
errors.endpoint();
next();
return;
return next(errors);
}
const response = new API.user(res, user.id, username, email, new Date(parseInt(user.lastupdated)).toLocaleString());
let response = new API.user(res, user.id, username, email, new Date(parseInt(user.lastupdated)).toLocaleString());
let token = await Database.Authorization.getTokenByID(user.id);
if (token == -1) {
@@ -60,7 +51,7 @@ export class LoginController extends ControllerHandler {
}
response.Token = token.token;
response.endpoint();
await response.endpoint();
next();
}
}

10
src/controllers/middleware/auth.js
View File

@@ -8,15 +8,15 @@ export class AuthMiddleWare extends MiddleWare {
const errors = new API.errors(res);
if (!req.headers.authorization) {
errors.addError(403, 'Forbidden', 'You cannot access this resource without authorization').endpoint();
return;
errors.addError(403, 'Forbidden', 'You cannot access this resource without authorization');
return next(errors);
}
const token = req.headers.authorization;
const user = await Auth.getUserFromToken(token);
if (user == -1) {
errors.addError(403, 'Forbidden', 'You cannot access this resource without authorization').endpoint();
return;
if (user == -1 || !user.id) {
errors.addError(403, 'Forbidden', 'You cannot access this resource without authorization');
return next(errors);
}
req.user = user;

4
src/controllers/middleware/errors/errorHandler.js
View File

@@ -1,6 +1,8 @@
import {Logger} from '../../../models/logger';
export class ErrorHandler {
static async newError(err, req, res, next) {
// Logger.error(JSON.stringify(err));
err.endpoint();
}
}

8
src/controllers/middleware/middleware.js
View File

@@ -3,10 +3,10 @@ import stringify from 'json-stringify-safe';
import {Logger} from '../../models/logger';
export class MiddleWare {
static async end(req, res, next) {
await MiddleWare.RateLimits.request(req, res, next);
await MiddleWare.analytics(req, res, next);
}
// static async end(req, res, next) {
// await MiddleWare.RateLimits.request(req, res, next);
// await MiddleWare.analytics(req, res, next);
// }
static analytics(req, res, next) {
// TODO: Send data such as IP to an anyaltitics model

4
src/controllers/middleware/rateLimits.js
View File

@@ -11,8 +11,9 @@ export class RateLimits extends MiddleWare {
MiddleWare.analytics(req, res, next);
if (!buckets[ip]) {
Logger.debug(`New rate limiting bucket`);
Logger.debug(`New rate limiting bucket for ${ip}`);
RateLimits.newBucket(ip);
next();
return;
}
@@ -25,6 +26,7 @@ export class RateLimits extends MiddleWare {
}
buckets[ip].tokens.pop();
next();
}
static newBucket(ip) {

33
src/controllers/noteController.js
View File

@@ -1,53 +1,40 @@
import {ControllerHandler} from './controllerHandler';
import {API} from './api/api';
import {Notes} from '../models/notes/notes';
import {Logger} from '../models/logger'
export class NoteController extends ControllerHandler {
static async newNote(req, res, next) {
const errors = new API.errors(res);
const content = req.body.text || null;
const creatorid = req.user.id || undefined;
const content = req.body.content || null;
const group = req.body.parentgroup || undefined;
let order = req.body.order || undefined;
const user = req.user || undefined;
if (!creatorid || !user) {
errors.addError(403, 'Forbidden');
errors.endpoint();
next();
return;
}
if (!order) {
errors.addError(422, 'Unprocessable entity');
errors.endpoint();
next();
return;
errors.addError(422, 'Unprocessable entity', 'Unprocessable entity, no order provided');
return next(errors);
}
const id = await Notes.genID();
let success;
if (!group) {
success = await Notes.newNote(id, content, creatorid, order);
success = await Notes.newNote(id, content, req.user, order);
} else {
const doesExist = await Notes.doesGroupExist(user.id, parentgroup);
if (!doesExist) {
errors.addError(422, 'Unprocessable entity', 'You are trying to create a note for a group that does not exist');
errors.endpoint();
next();
return;
return next(errors);
}
success = await Notes.newGroupedNote(id, content, creatorid, order, parentgroup);
success = await Notes.newGroupedNote(id, content, req.user, order, parentgroup);
}
if (success == -1) {
errors.addError(500, 'Internal server error');
errors.endpoint();
next();
return;
return next(errors);
}
new API.note(res, user, id, content, order, parentgroup).endpoint();
@@ -58,10 +45,10 @@ export class NoteController extends ControllerHandler {
// id: id,
// content: content,
// parentgroup: parentgroup,
// creatorid: creatorid,
// req.user: req.user,
// order: order,
// catergory: null,
// endpoint: null,
// lastupdated: new Date().getTime()
// static async newNote(id, content, creatorid, order, parentgroup) {
// static async newNote(id, content, req.user, order, parentgroup) {

10
src/controllers/permaNoteController.js
View File

@@ -11,8 +11,7 @@ export class PermaNoteController extends ControllerHandler {
const content = req.body.content || undefined;
if (!content) {
errors.addError(422, 'Unprocessable entity', 'There is no content');
errors.endpoint();
return;
return next(errors);
}
const uid = await PermaLink.genUID() || new Date().getTime();
@@ -21,8 +20,7 @@ export class PermaNoteController extends ControllerHandler {
const success = await Database.PermaNotes.newNote(uid, endpoint, content);
if (success == -1) {
errors.addError(500, 'Internal server error');
errors.endpoint();
return;
return next(errors);
}
new API.permalink(res, content, uid, endpoint).endpoint();
@@ -32,9 +30,7 @@ export class PermaNoteController extends ControllerHandler {
static async getPermaNote(req, res, next) {
const endpoint = req.params.endpoint || undefined;
if (!endpoint) {
return;
}
if (!endpoint) return;
const data = await Database.PermaNotes.getNoteByEndpoint(endpoint);
if (data == -1) {

10
src/controllers/routes/router.js
View File

@@ -17,7 +17,7 @@ export class Router {
app.post('/user', [MiddleWare.RateLimits.request, Controllers.UserController.newUser]);
app.post('/login', [MiddleWare.RateLimits.request, Controllers.LoginController.authenticate]);
app.get('/auth/user/:id', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
app.get('/user/:id', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
app.delete('/auth/user/:id', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
app.post('/unauth/permanote', [MiddleWare.RateLimits.request, Controllers.PermaNoteController.newPermaNote]);
@@ -35,13 +35,17 @@ export class Router {
app.delete('/auth/deletenote', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
app.delete('/auth/deletegroup', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
app.get('*', [MiddleWare.RateLimits.request, StatusCodes.pageNotFound]);
app.use(ErrorHandler.newError);
app.get('*', [MiddleWare.RateLimits.request, StatusCodes.pageNotFound]);
app.post('*', [MiddleWare.RateLimits.request, StatusCodes.pageNotFound]);
app.delete('*', [MiddleWare.RateLimits.request, StatusCodes.pageNotFound]);
Logger.info('HTTP endpoints settup');
}
static frontPage(req, res, next) {
static async frontPage(req, res, next) {
// const err = "lol";
// next(err);
res.end('DEVELOPMENT SERVER');
}
}

5
src/controllers/status.js
View File

@@ -1,5 +1,6 @@
export class StatusCodes {
static pageNotFound(req, res) {
res.status(404).end('404 Page not found');
static pageNotFound(req, res, next) {
res.status(404).send('404 Page not found');
next();
}
}

10
src/controllers/userController.js
View File

@@ -27,11 +27,7 @@ export class UserController extends ControllerHandler {
if (await Database.Users.getUser('username', username) != -1) errors.addError(422, 'Unprocessable entity', 'A user with that username allready exists');
if (await Database.Users.getUser('email', email) != -1) errors.addError(422, 'Unprocessable entity', 'A user with that email allready exists');
if (errors.count() > 0) {
errors.endpoint();
next();
return;
}
if (errors.count() > 0) return next(errors);
const response = new API.user(res, id, username, email, new Date().toLocaleString());
@@ -49,9 +45,7 @@ export class UserController extends ControllerHandler {
const success = await user.insert();
if (success == -1) {
errors.addError(500, 'Internal server error');
errors.endpoint();
next();
return;
return next(errors);
}
response.endpoint();

4
src/models/auth/authModel.js
View File

@@ -2,8 +2,8 @@ import {Database} from '../database/database';
export class Auth {
static async getUserFromToken(token) {
const id = await Database.auth.getIDByToken(token);
const id = await Database.Authorization.getIDByToken(token);
if (id == -1) return id;
return await Database.users.getUserByID(id.id);
return await Database.Users.getUserByID(id);
}
}