1
0
mirror of https://github.com/Foltik/Shimapan synced 2025-01-07 08:42:49 -05:00

Update keys.js route

This commit is contained in:
Jack Foltz 2018-08-01 18:57:45 -04:00
parent 0ab946031e
commit cc788d10e4
Signed by: foltik
GPG Key ID: 303F88F996E95541
2 changed files with 66 additions and 72 deletions

View File

@ -1,87 +1,78 @@
var express = require('express');
var router = express.Router();
var crypto = require('crypto');
const express = require('express');
const router = express.Router();
const config = require('config');
const crypto = require('crypto');
var User = require('../../models/User.js');
var Key = require('../../models/Key.js');
const ModelPath = '../../models/';
const Key = require(ModelPath + 'Key.js');
var requireScope = function (perm) {
return function(req, res, next) {
User.findOne({username: req.session.passport.user}, function(err, user) {
if (err) throw err;
if (user.scope.indexOf(perm) === -1)
res.status(400).json({'message': 'No permission.'});
else
next();
});
}
};
const wrap = require('../../util/wrap');
const bodyVerifier = require('../../util/verifyBody').bodyVerifier;
const verifyScope = require('../../util/verifyScope');
const requireAuth = require('../../util/auth').requireAuth;
router.post('/create', requireScope('api.create'), function (req, res) {
if (!req.body.identifier || !req.body.scope) {
res.status(400).json({'message': 'Bad request.'});
return;
}
const createParams = [
{name: 'identifier', type: 'string', sanitize: true},
{name: 'scope', instance: Array}];
router.post('/create', requireAuth('key.create'), bodyVerifier(createParams), wrap(async (req, res) => {
const keyCount = await Key.countDocuments({username: req.username});
if (keyCount >= config.get('Key.limit'))
return res.status(403).json({message: 'Key limit reached.'});
Key.count({'username': req.session.passport.user}, function (err, count) {
if (count >= 10) {
res.status(403).json({'message': 'Key limit reached.'});
return;
}
const scope = req.body.scope;
if (!scope.every(scope => verifyScope(req.scope, scope)))
return res.status(403).json({message: 'Requested scope exceeds own scope.'});
var scope;
try {
scope = JSON.parse(req.body.scope);
} catch (e) {
res.status(500).json({'message': e.name + ': ' + e.message});
return;
}
const key = {
key: await crypto.randomBytes(32).toString('hex'),
identifier: req.body.identifier,
scope: scope,
issuer: req.username,
date: Date.now()
};
var id = req.sanitize(req.body.identifier);
if (id.length === 0) id = "err";
await Key.create(key);
var entry = {
key: crypto.randomBytes(32).toString('hex'),
identifier: id,
scope: scope,
username: req.session.passport.user,
date: Date.now()
};
res.status(200).json({
message: 'Key created.',
key: key.key
});
}));
Key.create(entry, function (err) {
if (err) {
throw err;
} else {
res.status(200).json({
key: entry.key,
identifier: entry.identifier,
scope: entry.scope
});
}
})
})
});
router.get('/get', function (req, res, next) {
var query = {username: req.session.passport.user};
const getProps = [
{name: 'identifier', type: 'string', optional: true},
{name: 'issuer', type: 'string', optional: true}];
router.get('/get', requireAuth('key.get'), bodyVerifier(getProps), wrap(async (req, res) => {
let query = {};
if (req.body.identifier)
query.identifier = req.body.identifier;
Key.find(query, function (err, keys) {
if (err) {
next(err);
} else {
res.status(200).json(keys);
}
})
});
if (!verifyScope(req.scope, 'key.get.others'))
query.issuer = req.username;
else if (req.body.issuer)
query.issuer = req.body.issuer;
router.post('/delete', requireScope('api.delete'), function(req, res, next) {
Key.deleteOne({key: req.body.key}, function(err) {
if (err) next(err);
else res.status(200).json({'message': 'Successfully deleted.'});
});
});
const keys = await Key.find(query);
res.status(200).json(keys);
}));
const deleteProps = [{name: 'key', type: 'string'}, {name: 'issuer', type: 'string', optional: true}];
router.post('/delete', requireAuth('key.delete'), bodyVerifier(deleteProps), wrap(async (req, res) => {
let query = {key : req.body.key};
if (!verifyScope(req.scope, 'key.delete.others'))
query.issuer = req.username;
else if (req.body.issuer)
query.issuer = req.body.issuer;
const key = await Key.findOne(query);
if (!key)
return res.status(422).json({message: 'Key not found.'});
await Key.deleteOne({_id: key._id});
res.status(200).json({message: 'Key deleted.'});
}));
module.exports = router;

View File

@ -28,6 +28,9 @@
"hashIterations": 25000
}
},
"Key": {
"limit": 5
},
"Log": {
"httpLevel": "combined"
}