foltik
/
shimapan
espelhamento de https://github.com/Foltik/Shimapan
1
0
Fork 0
Código Issues 0 Versões 0 Wiki Atividade
A simple file sharing site with an easy to use API and online panel.
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
272 Commits
2 Branches
29MB
Tag: 3c7947ada1
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de 3c7947ada1
${ noResults }
shimapan/app/routes/api/invites.js

90 linhas
2.8KB
Original Anotar Histórico 

  1. const express = require('express');

  2. const router = express.Router();

  3. const crypto = require('crypto');

  4. 

  5. const ModelPath = '../../models/';

  6. const Invite = require(ModelPath + 'Invite.js');

  7. const User = require(ModelPath + 'User.js');

  8. 

  9. const authenticate = require('../../util/auth/authenticateRequest');

  10. const verifyBody = require('../../util/verifyBody');

  11. 

  12. 

  13. 

  14. const createParams = [{name: 'scope', instance: Array}];

  15. 

  16. router.post('/create', authenticate('invite.create'), verifyBody(createParams), async (req, res, next) => {

  17.     // Make sure the user has all the request scope

  18.     const inviteScope = req.body.scope;

  19.     if (!inviteScope.every(s => req.scope.includes(s)))

  20.         return res.status(403).json({message: 'Requested scope exceeds own scope.'});

  21. 

  22.     const invite = {

  23.         code: crypto.randomBytes(12).toString('hex'),

  24.         scope: inviteScope,

  25.         issuer: req.username,

  26.         issued: Date.now(),

  27.         expires: req.body.expires

  28.     };

  29. 

  30.     await Promise.all([

  31.         Invite.create(invite).catch(next),

  32.         User.updateOne({username: req.username}, {$inc: {inviteCount: 1}})

  33.     ]);

  34. 

  35.     res.status(200).json({

  36.         message: 'Invite created.',

  37.         code: invite.code

  38.     });

  39. });

  40. 

  41. 

  42. 

  43. const deleteParams = [{name: 'code', type: 'string'}];

  44. 

  45. router.post('/delete', authenticate('invite.delete'), verifyBody(deleteParams), async (req, res, next) => {

  46.     let query = {code: req.body.code};

  47. 

  48.     // Users need a permission to delete invites other than their own

  49.     if (!req.scope.includes('invite.delete.others'))

  50.         query.issuer = req.username;

  51. 

  52.     // Find the invite

  53.     const invite = await Invite.findOne(query).catch(next);

  54.     if (!invite)

  55.         return res.status(422).json({message: 'Invite not found.'});

  56. 

  57.     // Users need a permission to delete invites that have been used

  58.     if (!req.scope.includes('invite.delete.used') && invite.used != null && invite.recipient != null)

  59.         return res.status(403).json({message: 'Forbidden to delete used invites.'});

  60. 

  61.     await Invite.deleteOne({_id: invite._id}).catch(next);

  62.     res.status(200).json({message: 'Invite deleted.'});

  63. });

  64. 

  65. 

  66. 

  67. const getParams = [

  68.     {name: 'code', type: 'string', optional: true},

  69.     {name: 'issuer', type: 'string', optional: true}];

  70. 

  71. router.get('/get', authenticate('invite.get'), verifyBody(getParams), async (req, res, next) => {

  72.     let query = {};

  73. 

  74.     // Users need a permission to list invites other than their own

  75.     if (!req.scope.includes('invite.get.others'))

  76.         query.issuer = req.username;

  77.     else if (req.body.issuer)

  78.         query.issuer = req.body.issuer;

  79. 

  80.     // Narrow down the query by code if specified

  81.     if (req.body.code)

  82.         query.code = req.body.code;

  83. 

  84.     const invites = await Invite.find(query).catch(next);

  85.     res.status(200).json(invites);

  86. });

  87. 

  88. 

  89. 

  90. module.exports = router;