shimapan/app/routes/api/invites.js

const express = require('express');
const router = express.Router();
const crypto = require('crypto');

const ModelPath = '../../models/';
const Invite = require(ModelPath + 'Invite.js');
const User = require(ModelPath + 'User.js');

const authenticate = require('../../util/auth/authenticateRequest');
const verifyBody = require('../../util/verifyBody');


const createParams = [{name: 'scope', instance: Array}];

router.post('/create', authenticate('invite.create'), verifyBody(createParams), async (req, res, next) => {
    // Make sure the user has all the request scope
    const inviteScope = req.body.scope;
    if (!inviteScope.every(s => req.scope.includes(s)))
        return res.status(403).json({message: 'Requested scope exceeds own scope.'});

    const invite = {
        code: crypto.randomBytes(12).toString('hex'),
        scope: inviteScope,
        issuer: req.username,
        issued: Date.now(),
        expires: req.body.expires
    };

    await Promise.all([
        Invite.create(invite).catch(next),
        User.updateOne({username: req.username}, {$inc: {inviteCount: 1}})
    ]);

    res.status(200).json({
        message: 'Invite created.',
        code: invite.code
    });
});


const deleteParams = [{name: 'code', type: 'string'}];

router.post('/delete', authenticate('invite.delete'), verifyBody(deleteParams), async (req, res, next) => {
    let query = {code: req.body.code};

    // Users need a permission to delete invites other than their own
    if (!req.scope.includes('invite.delete.others'))
        query.issuer = req.username;

    // Find the invite
    const invite = await Invite.findOne(query).catch(next);
    if (!invite)
        return res.status(422).json({message: 'Invite not found.'});

    // Users need a permission to delete invites that have been used
    if (!req.scope.includes('invite.delete.used') && invite.used != null && invite.recipient != null)
        return res.status(403).json({message: 'Forbidden to delete used invites.'});

    await Invite.deleteOne({_id: invite._id}).catch(next);
    res.status(200).json({message: 'Invite deleted.'});
});


const getParams = [
    {name: 'code', type: 'string', optional: true},
    {name: 'issuer', type: 'string', optional: true}];

router.get('/get', authenticate('invite.get'), verifyBody(getParams), async (req, res, next) => {
    let query = {};

    // Users need a permission to list invites other than their own
    if (!req.scope.includes('invite.get.others'))
        query.issuer = req.username;
    else if (req.body.issuer)
        query.issuer = req.body.issuer;

    // Narrow down the query by code if specified
    if (req.body.code)
        query.code = req.body.code;

    const invites = await Invite.find(query).catch(next);
    res.status(200).json(invites);
});


module.exports = router;
Redo invite API routes and add full testing suite 2018-07-28 17:13:19 -04:00			`const express = require('express');`
			`const router = express.Router();`
			`const crypto = require('crypto');`

Clean up routes folder 2018-08-01 11:54:35 -04:00			`const ModelPath = '../../models/';`
Redo invite API routes and add full testing suite 2018-07-28 17:13:19 -04:00			`const Invite = require(ModelPath + 'Invite.js');`
			`const User = require(ModelPath + 'User.js');`

Rename and rework auth middleware 2019-01-02 16:47:18 -05:00			`const authenticate = require('../../util/auth/authenticateRequest');`
Separate verification logic and add QueryVerifier 2019-01-02 14:20:10 -05:00			`const verifyBody = require('../../util/verifyBody');`
Redo invite API routes and add full testing suite 2018-07-28 17:13:19 -04:00
Rename and rework auth middleware 2019-01-02 16:47:18 -05:00

Redo invite API routes and add full testing suite 2018-07-28 17:13:19 -04:00			`const createParams = [{name: 'scope', instance: Array}];`
Rename and rework auth middleware 2019-01-02 16:47:18 -05:00
			`router.post('/create', authenticate('invite.create'), verifyBody(createParams), async (req, res, next) => {`
			`// Make sure the user has all the request scope`
			`const inviteScope = req.body.scope;`
			`if (!inviteScope.every(s => req.scope.includes(s)))`
Redo invite API routes and add full testing suite 2018-07-28 17:13:19 -04:00			`return res.status(403).json({message: 'Requested scope exceeds own scope.'});`

			`const invite = {`
			`code: crypto.randomBytes(12).toString('hex'),`
Rename and rework auth middleware 2019-01-02 16:47:18 -05:00			`scope: inviteScope,`
Redo invite API routes and add full testing suite 2018-07-28 17:13:19 -04:00			`issuer: req.username,`
			`issued: Date.now(),`
			`expires: req.body.expires`
			`};`

			`await Promise.all([`
			`Invite.create(invite).catch(next),`
Clean Invites route 2018-08-01 12:20:35 -04:00			`User.updateOne({username: req.username}, {$inc: {inviteCount: 1}})`
Redo invite API routes and add full testing suite 2018-07-28 17:13:19 -04:00			`]);`

			`res.status(200).json({`
			`message: 'Invite created.',`
			`code: invite.code`
			`});`
Remove wrap from the rest of routes 2019-01-02 14:25:51 -05:00			`});`
Redo invite API routes and add full testing suite 2018-07-28 17:13:19 -04:00
Rename and rework auth middleware 2019-01-02 16:47:18 -05:00

Redo invite API routes and add full testing suite 2018-07-28 17:13:19 -04:00			`const deleteParams = [{name: 'code', type: 'string'}];`
Rename and rework auth middleware 2019-01-02 16:47:18 -05:00
			`router.post('/delete', authenticate('invite.delete'), verifyBody(deleteParams), async (req, res, next) => {`
Redo invite API routes and add full testing suite 2018-07-28 17:13:19 -04:00			`let query = {code: req.body.code};`

			`// Users need a permission to delete invites other than their own`
Rename and rework auth middleware 2019-01-02 16:47:18 -05:00			`if (!req.scope.includes('invite.delete.others'))`
Redo invite API routes and add full testing suite 2018-07-28 17:13:19 -04:00			`query.issuer = req.username;`

			`// Find the invite`
			`const invite = await Invite.findOne(query).catch(next);`
			`if (!invite)`
Separate middleware from verifyBody logic into bodyVerifier 2018-08-01 17:11:08 -04:00			`return res.status(422).json({message: 'Invite not found.'});`
Redo invite API routes and add full testing suite 2018-07-28 17:13:19 -04:00
			`// Users need a permission to delete invites that have been used`
Rename and rework auth middleware 2019-01-02 16:47:18 -05:00			`if (!req.scope.includes('invite.delete.used') && invite.used != null && invite.recipient != null)`
Redo invite API routes and add full testing suite 2018-07-28 17:13:19 -04:00			`return res.status(403).json({message: 'Forbidden to delete used invites.'});`

			`await Invite.deleteOne({_id: invite._id}).catch(next);`
			`res.status(200).json({message: 'Invite deleted.'});`
Remove wrap from the rest of routes 2019-01-02 14:25:51 -05:00			`});`
Redo invite API routes and add full testing suite 2018-07-28 17:13:19 -04:00
Rename and rework auth middleware 2019-01-02 16:47:18 -05:00

			`const getParams = [`
			`{name: 'code', type: 'string', optional: true},`
			`{name: 'issuer', type: 'string', optional: true}];`

			`router.get('/get', authenticate('invite.get'), verifyBody(getParams), async (req, res, next) => {`
Redo invite API routes and add full testing suite 2018-07-28 17:13:19 -04:00			`let query = {};`

			`// Users need a permission to list invites other than their own`
Rename and rework auth middleware 2019-01-02 16:47:18 -05:00			`if (!req.scope.includes('invite.get.others'))`
Redo invite API routes and add full testing suite 2018-07-28 17:13:19 -04:00			`query.issuer = req.username;`
Separate middleware from verifyBody logic into bodyVerifier 2018-08-01 17:11:08 -04:00			`else if (req.body.issuer)`
			`query.issuer = req.body.issuer;`
Redo invite API routes and add full testing suite 2018-07-28 17:13:19 -04:00
			`// Narrow down the query by code if specified`
			`if (req.body.code)`
			`query.code = req.body.code;`

			`const invites = await Invite.find(query).catch(next);`
			`res.status(200).json(invites);`
Remove wrap from the rest of routes 2019-01-02 14:25:51 -05:00			`});`
Redo invite API routes and add full testing suite 2018-07-28 17:13:19 -04:00
Rename and rework auth middleware 2019-01-02 16:47:18 -05:00

Redo invite API routes and add full testing suite 2018-07-28 17:13:19 -04:00			`module.exports = router;`