var express = require('express'); var router = express.Router(); var crypto = require('crypto'); var User = require('../../models/User.js'); var Key = require('../../models/Key.js'); var requireScope = function (perm) { return function(req, res, next) { User.findOne({username: req.session.passport.user}, function(err, user) { if (err) throw err; if (user.scope.indexOf(perm) === -1) res.status(400).json({'message': 'No permission.'}); else next(); }); } }; router.post('/create', requireScope('api.create'), function (req, res) { if (!req.body.identifier || !req.body.scope) { res.status(400).json({'message': 'Bad request.'}); return; } Key.count({'username': req.session.passport.user}, function (err, count) { if (count >= 10) { res.status(403).json({'message': 'Key limit reached.'}); return; } var scope; try { scope = JSON.parse(req.body.scope); } catch (e) { res.status(500).json({'message': e.name + ': ' + e.message}); return; } var id = req.sanitize(req.body.identifier); if (id.length === 0) id = "err"; var entry = { key: crypto.randomBytes(32).toString('hex'), identifier: id, scope: scope, username: req.session.passport.user, date: Date.now() }; Key.create(entry, function (err) { if (err) { throw err; } else { res.status(200).json({ key: entry.key, identifier: entry.identifier, scope: entry.scope }); } }) }) }); router.get('/get', function (req, res, next) { var query = {username: req.session.passport.user}; if (req.body.identifier) query.identifier = req.body.identifier; Key.find(query, function (err, keys) { if (err) { next(err); } else { res.status(200).json(keys); } }) }); router.post('/delete', requireScope('api.delete'), function(req, res, next) { Key.deleteOne({key: req.body.key}, function(err) { if (err) next(err); else res.status(200).json({'message': 'Successfully deleted.'}); }); }); module.exports = router;