@@ -6,13 +6,12 @@ const ModelPath = '../../models/'; | |||
const Invite = require(ModelPath + 'Invite.js'); | |||
const User = require(ModelPath + 'User.js'); | |||
const wrap = require('../../util/wrap.js'); | |||
const requireAuth = require('../../util/auth').requireAuth; | |||
const verifyScope = require('../../util/verifyScope'); | |||
const verifyBody = require('../../util/verifyBody'); | |||
const createParams = [{name: 'scope', instance: Array}]; | |||
router.post('/create', requireAuth('invite.create'), verifyBody(createParams), wrap(async (req, res, next) => { | |||
router.post('/create', requireAuth('invite.create'), verifyBody(createParams), async (req, res, next) => { | |||
const scope = req.body.scope; | |||
if (!scope.every(scope => verifyScope(req.scope, scope))) | |||
return res.status(403).json({message: 'Requested scope exceeds own scope.'}); | |||
@@ -34,10 +33,10 @@ router.post('/create', requireAuth('invite.create'), verifyBody(createParams), w | |||
message: 'Invite created.', | |||
code: invite.code | |||
}); | |||
})); | |||
}); | |||
const deleteParams = [{name: 'code', type: 'string'}]; | |||
router.post('/delete', requireAuth('invite.delete'), verifyBody(deleteParams), wrap(async (req, res, next) => { | |||
router.post('/delete', requireAuth('invite.delete'), verifyBody(deleteParams), async (req, res, next) => { | |||
let query = {code: req.body.code}; | |||
// Users need a permission to delete invites other than their own | |||
@@ -55,10 +54,10 @@ router.post('/delete', requireAuth('invite.delete'), verifyBody(deleteParams), w | |||
await Invite.deleteOne({_id: invite._id}).catch(next); | |||
res.status(200).json({message: 'Invite deleted.'}); | |||
})); | |||
}); | |||
const getParams = [{name: 'code', type: 'string', optional: true}, {name: 'issuer', type: 'string', optional: true}]; | |||
router.get('/get', requireAuth('invite.get'), verifyBody(getParams), wrap(async (req, res, next) => { | |||
router.get('/get', requireAuth('invite.get'), verifyBody(getParams), async (req, res, next) => { | |||
let query = {}; | |||
// Users need a permission to list invites other than their own | |||
@@ -73,6 +72,6 @@ router.get('/get', requireAuth('invite.get'), verifyBody(getParams), wrap(async | |||
const invites = await Invite.find(query).catch(next); | |||
res.status(200).json(invites); | |||
})); | |||
}); | |||
module.exports = router; |
@@ -6,7 +6,6 @@ const crypto = require('crypto'); | |||
const ModelPath = '../../models/'; | |||
const Key = require(ModelPath + 'Key.js'); | |||
const wrap = require('../../util/wrap'); | |||
const verifyBody = require('../../util/verifyBody'); | |||
const verifyScope = require('../../util/verifyScope'); | |||
const requireAuth = require('../../util/auth').requireAuth; | |||
@@ -14,7 +13,7 @@ const requireAuth = require('../../util/auth').requireAuth; | |||
const createParams = [ | |||
{name: 'identifier', type: 'string', sanitize: true}, | |||
{name: 'scope', instance: Array}]; | |||
router.post('/create', requireAuth('key.create'), verifyBody(createParams), wrap(async (req, res) => { | |||
router.post('/create', requireAuth('key.create'), verifyBody(createParams), async (req, res) => { | |||
const keyCount = await Key.countDocuments({issuer: req.username}); | |||
if (keyCount >= config.get('Key.limit')) | |||
return res.status(403).json({message: 'Key limit reached.'}); | |||
@@ -37,12 +36,12 @@ router.post('/create', requireAuth('key.create'), verifyBody(createParams), wrap | |||
message: 'Key created.', | |||
key: key.key | |||
}); | |||
})); | |||
}); | |||
const getProps = [ | |||
{name: 'identifier', type: 'string', optional: true}, | |||
{name: 'issuer', type: 'string', optional: true}]; | |||
router.get('/get', requireAuth('key.get'), verifyBody(getProps), wrap(async (req, res) => { | |||
router.get('/get', requireAuth('key.get'), verifyBody(getProps), async (req, res) => { | |||
let query = {}; | |||
if (req.body.identifier) | |||
@@ -56,12 +55,12 @@ router.get('/get', requireAuth('key.get'), verifyBody(getProps), wrap(async (req | |||
const keys = await Key.find(query); | |||
res.status(200).json(keys); | |||
})); | |||
}); | |||
const deleteProps = [ | |||
{name: 'key', type: 'string'}, | |||
{name: 'issuer', type: 'string', optional: true}]; | |||
router.post('/delete', requireAuth('key.delete'), verifyBody(deleteProps), wrap(async (req, res) => { | |||
router.post('/delete', requireAuth('key.delete'), verifyBody(deleteProps), async (req, res) => { | |||
let query = {key : req.body.key}; | |||
if (!verifyScope(req.scope, 'key.delete.others')) | |||
@@ -75,6 +74,6 @@ router.post('/delete', requireAuth('key.delete'), verifyBody(deleteProps), wrap( | |||
await Key.deleteOne({_id: key._id}); | |||
res.status(200).json({message: 'Key deleted.'}); | |||
})); | |||
}); | |||
module.exports = router; |
@@ -5,7 +5,6 @@ const ModelPath = '../../models/'; | |||
const Upload = require(ModelPath + 'Upload.js'); | |||
const View = require(ModelPath + 'View.js'); | |||
const wrap = require('../../util/wrap'); | |||
const verifyBody = require('../../util/verifyBody'); | |||
const requireAuth = require('../../util/auth').requireAuth; | |||
@@ -15,7 +14,7 @@ const uploadProps = [ | |||
{name: 'limit', type: 'number', min: 1, max: 10000, optional: true} | |||
]; | |||
router.get('/uploads', requireAuth('stats.get'), verifyBody(uploadProps), wrap(async (req, res) => { | |||
router.get('/uploads', requireAuth('stats.get'), verifyBody(uploadProps), async (req, res) => { | |||
let constraints = {uploader: req.username}; | |||
// Set date constraints if specified | |||
@@ -47,7 +46,7 @@ router.get('/uploads', requireAuth('stats.get'), verifyBody(uploadProps), wrap(a | |||
}); | |||
res.status(200).json(uploads); | |||
})); | |||
}); | |||
const viewProps = [ | |||
@@ -56,7 +55,7 @@ const viewProps = [ | |||
{name: 'limit', type: 'number', min: 1, max: 10000, optional: true} | |||
]; | |||
router.get('/views', requireAuth('stats.get'), verifyBody(viewProps), wrap(async (req, res) => { | |||
router.get('/views', requireAuth('stats.get'), verifyBody(viewProps), async (req, res) => { | |||
let constraints = {uploader: req.username}; | |||
// Set date constraints if specified | |||
@@ -84,6 +83,6 @@ router.get('/views', requireAuth('stats.get'), verifyBody(viewProps), wrap(async | |||
}); | |||
res.status(200).json(views); | |||
})); | |||
}); | |||
module.exports = router; |
@@ -8,9 +8,7 @@ const Upload = require(ModelPath + 'Upload.js'); | |||
const uploadMultipart = require('../../util/upload/multipart'); | |||
const updateStats = require('../../util/upload/stats'); | |||
const wrap = require('../../util/wrap.js'); | |||
router.post('/', uploadMultipart, wrap(async (req, res) => { | |||
router.post('/', uploadMultipart, async (req, res) => { | |||
const upload = { | |||
uid: req.file.name, | |||
uploader: req.username, | |||
@@ -29,6 +27,6 @@ router.post('/', uploadMultipart, wrap(async (req, res) => { | |||
uid: req.file.name, | |||
url: config.get('Server.hostname') + '/v/' + upload.uid | |||
}); | |||
})); | |||
}); | |||
module.exports = router; |
@@ -4,14 +4,13 @@ const router = express.Router(); | |||
const ModelPath = '../../models/'; | |||
const User = require(ModelPath + 'User.js'); | |||
const wrap = require('../../util/wrap'); | |||
const verifyBody = require('../../util/verifyBody'); | |||
const requireAuth = require('../../util/auth').requireAuth; | |||
const getParams = [ | |||
{name: 'username', type: 'string', optional: true}, | |||
{name: 'displayname', type: 'string', optional: true}]; | |||
router.get('/get', requireAuth('user.get'), verifyBody(getParams), wrap(async (req, res) => { | |||
router.get('/get', requireAuth('user.get'), verifyBody(getParams), async (req, res) => { | |||
let query = {}; | |||
if (req.body.username) | |||
@@ -24,10 +23,10 @@ router.get('/get', requireAuth('user.get'), verifyBody(getParams), wrap(async (r | |||
const users = await User.find(query); | |||
res.status(200).json(users); | |||
})); | |||
}); | |||
const banParams = [{name: 'username', type: 'string'}]; | |||
router.post('/ban', requireAuth('user.ban'), verifyBody(banParams), wrap(async (req, res) => { | |||
router.post('/ban', requireAuth('user.ban'), verifyBody(banParams), async (req, res) => { | |||
const user = await User.findOne({username: req.body.username}); | |||
if (!user) | |||
return res.status(422).json({message: 'User not found.'}); | |||
@@ -39,10 +38,10 @@ router.post('/ban', requireAuth('user.ban'), verifyBody(banParams), wrap(async ( | |||
await user.save(); | |||
res.status(200).json({message: 'User banned.'}); | |||
})); | |||
}); | |||
const unbanParams = [{name: 'username', type: 'string'}]; | |||
router.post('/unban', requireAuth('user.unban'), verifyBody(unbanParams), wrap(async (req, res) => { | |||
router.post('/unban', requireAuth('user.unban'), verifyBody(unbanParams), async (req, res) => { | |||
const user = await User.findOne({username: req.body.username}); | |||
if (!user) | |||
return res.status(422).json({message: 'User not found.'}); | |||
@@ -54,6 +53,6 @@ router.post('/unban', requireAuth('user.unban'), verifyBody(unbanParams), wrap(a | |||
await user.save(); | |||
res.status(200).json({message: 'User unbanned.'}); | |||
})); | |||
}); | |||
module.exports = router; |
@@ -7,8 +7,6 @@ const ModelPath = '../../models/'; | |||
const Upload = require(ModelPath + 'Upload.js'); | |||
const View = require(ModelPath + 'View.js'); | |||
const wrap = require('../../util/wrap.js'); | |||
const insertView = async (req, upload) => | |||
Promise.all([ | |||
View.create({ | |||
@@ -20,7 +18,7 @@ const insertView = async (req, upload) => | |||
Upload.updateOne({uid: upload.uid}, {$inc: {views: 1}}) | |||
]); | |||
router.get('/:uid', wrap(async (req, res) => { | |||
router.get('/:uid', async (req, res) => { | |||
const upload = await Upload.findOne({uid: req.params.uid}); | |||
if (!upload) | |||
return res.status(404).json({message: 'File not found.'}); | |||
@@ -43,6 +41,6 @@ router.get('/:uid', wrap(async (req, res) => { | |||
fs.createReadStream(upload.file.path) | |||
.pipe(res); | |||
})); | |||
}); | |||
module.exports = router; |