shimapan/app/routes/api/keys.js

const express = require('express');
const router = express.Router();
const config = require('config');
const crypto = require('crypto');

const ModelPath = '../../models/';
const Key = require(ModelPath + 'Key.js');

const verifyBody = require('../../util/verifyBody');
const verifyScope = require('../../util/verifyScope');
const requireAuth = require('../../util/auth').requireAuth;

const createParams = [
    {name: 'identifier', type: 'string', sanitize: true},
    {name: 'scope', instance: Array}];
router.post('/create', requireAuth('key.create'), verifyBody(createParams), async (req, res) => {
    const keyCount = await Key.countDocuments({issuer: req.username});
    if (keyCount >= config.get('Key.limit'))
        return res.status(403).json({message: 'Key limit reached.'});

    const scope = req.body.scope;
    if (!scope.every(scope => verifyScope(req.scope, scope)))
        return res.status(403).json({message: 'Requested scope exceeds own scope.'});

    const key = {
        key: await crypto.randomBytes(32).toString('hex'),
        identifier: req.body.identifier,
        scope: scope,
        issuer: req.username,
        date: Date.now()
    };

    await Key.create(key);

    res.status(200).json({
        message: 'Key created.',
        key: key.key
    });
});

const getProps = [
    {name: 'identifier', type: 'string', optional: true},
    {name: 'issuer', type: 'string', optional: true}];
router.get('/get', requireAuth('key.get'), verifyBody(getProps), async (req, res) => {
    let query = {};

    if (req.body.identifier)
        query.identifier = req.body.identifier;

    if (!verifyScope(req.scope, 'key.get.others'))
        query.issuer = req.username;
    else if (req.body.issuer)
        query.issuer = req.body.issuer;

    const keys = await Key.find(query);

    res.status(200).json(keys);
});

const deleteProps = [
    {name: 'key', type: 'string'},
    {name: 'issuer', type: 'string', optional: true}];
router.post('/delete', requireAuth('key.delete'), verifyBody(deleteProps), async (req, res) => {
    let query = {key : req.body.key};

    if (!verifyScope(req.scope, 'key.delete.others'))
        query.issuer = req.username;
    else if (req.body.issuer)
        query.issuer = req.body.issuer;

    const key = await Key.findOne(query);
    if (!key)
        return res.status(422).json({message: 'Key not found.'});

    await Key.deleteOne({_id: key._id});
    res.status(200).json({message: 'Key deleted.'});
});

module.exports = router;
Update keys.js route 2018-08-01 18:57:45 -04:00			`const express = require('express');`
			`const router = express.Router();`
			`const config = require('config');`
			`const crypto = require('crypto');`

			`const ModelPath = '../../models/';`
			`const Key = require(ModelPath + 'Key.js');`

Separate verification logic and add QueryVerifier 2019-01-02 14:20:10 -05:00			`const verifyBody = require('../../util/verifyBody');`
Update keys.js route 2018-08-01 18:57:45 -04:00			`const verifyScope = require('../../util/verifyScope');`
			`const requireAuth = require('../../util/auth').requireAuth;`

			`const createParams = [`
			`{name: 'identifier', type: 'string', sanitize: true},`
			`{name: 'scope', instance: Array}];`
Remove wrap from the rest of routes 2019-01-02 14:25:51 -05:00			`router.post('/create', requireAuth('key.create'), verifyBody(createParams), async (req, res) => {`
Fix key limit check and add test 2018-08-13 06:13:47 -04:00			`const keyCount = await Key.countDocuments({issuer: req.username});`
Update keys.js route 2018-08-01 18:57:45 -04:00			`if (keyCount >= config.get('Key.limit'))`
			`return res.status(403).json({message: 'Key limit reached.'});`

			`const scope = req.body.scope;`
			`if (!scope.every(scope => verifyScope(req.scope, scope)))`
			`return res.status(403).json({message: 'Requested scope exceeds own scope.'});`

			`const key = {`
			`key: await crypto.randomBytes(32).toString('hex'),`
			`identifier: req.body.identifier,`
			`scope: scope,`
			`issuer: req.username,`
			`date: Date.now()`
			`};`

			`await Key.create(key);`

			`res.status(200).json({`
			`message: 'Key created.',`
			`key: key.key`
			`});`
Remove wrap from the rest of routes 2019-01-02 14:25:51 -05:00			`});`
Update keys.js route 2018-08-01 18:57:45 -04:00
			`const getProps = [`
			`{name: 'identifier', type: 'string', optional: true},`
			`{name: 'issuer', type: 'string', optional: true}];`
Remove wrap from the rest of routes 2019-01-02 14:25:51 -05:00			`router.get('/get', requireAuth('key.get'), verifyBody(getProps), async (req, res) => {`
Update keys.js route 2018-08-01 18:57:45 -04:00			`let query = {};`
Work on stuff 2017-10-18 13:31:08 -04:00
			`if (req.body.identifier)`
			`query.identifier = req.body.identifier;`

Update keys.js route 2018-08-01 18:57:45 -04:00			`if (!verifyScope(req.scope, 'key.get.others'))`
			`query.issuer = req.username;`
			`else if (req.body.issuer)`
			`query.issuer = req.body.issuer;`

			`const keys = await Key.find(query);`

			`res.status(200).json(keys);`
Remove wrap from the rest of routes 2019-01-02 14:25:51 -05:00			`});`
Update keys.js route 2018-08-01 18:57:45 -04:00
Small formatting change 2018-08-14 08:32:42 -04:00			`const deleteProps = [`
			`{name: 'key', type: 'string'},`
			`{name: 'issuer', type: 'string', optional: true}];`
Remove wrap from the rest of routes 2019-01-02 14:25:51 -05:00			`router.post('/delete', requireAuth('key.delete'), verifyBody(deleteProps), async (req, res) => {`
Update keys.js route 2018-08-01 18:57:45 -04:00			`let query = {key : req.body.key};`

			`if (!verifyScope(req.scope, 'key.delete.others'))`
			`query.issuer = req.username;`
			`else if (req.body.issuer)`
			`query.issuer = req.body.issuer;`

			`const key = await Key.findOne(query);`
			`if (!key)`
			`return res.status(422).json({message: 'Key not found.'});`

			`await Key.deleteOne({_id: key._id});`
			`res.status(200).json({message: 'Key deleted.'});`
Remove wrap from the rest of routes 2019-01-02 14:25:51 -05:00			`});`
Finish keyInfo modal and API routes 2017-10-21 15:10:24 -04:00
Work on stuff 2017-10-18 13:31:08 -04:00			`module.exports = router;`