foltik
/
shimapan
réplica de https://github.com/Foltik/Shimapan
1
0
Fork 0
Código Incidencias 0 Lanzamientos 0 Wiki Actividad
A simple file sharing site with an easy to use API and online panel.
No puede seleccionar más de 25 temas Los temas deben comenzar con una letra o número, pueden incluir guiones ('-') y pueden tener hasta 35 caracteres de largo.
272 Commits
2 Ramas
56MB
Árbol: 3c7947ada1
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde '3c7947ada1'
${ noResults }
shimapan/app/routes/api/invites.js

90 líneas
2.8KB
Original Blame Histórico 

  1. const express = require('express');

  2. const router = express.Router();

  3. const crypto = require('crypto');

  4. 

  5. const ModelPath = '../../models/';

  6. const Invite = require(ModelPath + 'Invite.js');

  7. const User = require(ModelPath + 'User.js');

  8. 

  9. const authenticate = require('../../util/auth/authenticateRequest');

  10. const verifyBody = require('../../util/verifyBody');

  11. 

  12. 

  13. 

  14. const createParams = [{name: 'scope', instance: Array}];

  15. 

  16. router.post('/create', authenticate('invite.create'), verifyBody(createParams), async (req, res, next) => {

  17.     // Make sure the user has all the request scope

  18.     const inviteScope = req.body.scope;

  19.     if (!inviteScope.every(s => req.scope.includes(s)))

  20.         return res.status(403).json({message: 'Requested scope exceeds own scope.'});

  21. 

  22.     const invite = {

  23.         code: crypto.randomBytes(12).toString('hex'),

  24.         scope: inviteScope,

  25.         issuer: req.username,

  26.         issued: Date.now(),

  27.         expires: req.body.expires

  28.     };

  29. 

  30.     await Promise.all([

  31.         Invite.create(invite).catch(next),

  32.         User.updateOne({username: req.username}, {$inc: {inviteCount: 1}})

  33.     ]);

  34. 

  35.     res.status(200).json({

  36.         message: 'Invite created.',

  37.         code: invite.code

  38.     });

  39. });

  40. 

  41. 

  42. 

  43. const deleteParams = [{name: 'code', type: 'string'}];

  44. 

  45. router.post('/delete', authenticate('invite.delete'), verifyBody(deleteParams), async (req, res, next) => {

  46.     let query = {code: req.body.code};

  47. 

  48.     // Users need a permission to delete invites other than their own

  49.     if (!req.scope.includes('invite.delete.others'))

  50.         query.issuer = req.username;

  51. 

  52.     // Find the invite

  53.     const invite = await Invite.findOne(query).catch(next);

  54.     if (!invite)

  55.         return res.status(422).json({message: 'Invite not found.'});

  56. 

  57.     // Users need a permission to delete invites that have been used

  58.     if (!req.scope.includes('invite.delete.used') && invite.used != null && invite.recipient != null)

  59.         return res.status(403).json({message: 'Forbidden to delete used invites.'});

  60. 

  61.     await Invite.deleteOne({_id: invite._id}).catch(next);

  62.     res.status(200).json({message: 'Invite deleted.'});

  63. });

  64. 

  65. 

  66. 

  67. const getParams = [

  68.     {name: 'code', type: 'string', optional: true},

  69.     {name: 'issuer', type: 'string', optional: true}];

  70. 

  71. router.get('/get', authenticate('invite.get'), verifyBody(getParams), async (req, res, next) => {

  72.     let query = {};

  73. 

  74.     // Users need a permission to list invites other than their own

  75.     if (!req.scope.includes('invite.get.others'))

  76.         query.issuer = req.username;

  77.     else if (req.body.issuer)

  78.         query.issuer = req.body.issuer;

  79. 

  80.     // Narrow down the query by code if specified

  81.     if (req.body.code)

  82.         query.code = req.body.code;

  83. 

  84.     const invites = await Invite.find(query).catch(next);

  85.     res.status(200).json(invites);

  86. });

  87. 

  88. 

  89. 

  90. module.exports = router;