foltik
/
shimapan
огледало од https://github.com/Foltik/Shimapan
1
0
Креирај огранак 0
Код Дискусије 0 Издања 0 Вики Activity
A simple file sharing site with an easy to use API and online panel.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
272 Комити
2 Гране
56MB
Дрво: 3c7947ada1
Гране Ознаке
${ item.name }
Create branch ${ searchTerm }
from '3c7947ada1'
${ noResults }
shimapan/app/routes/api/keys.js

91 lines
2.5KB
Датотека Blame Историја 

  1. const express = require('express');

  2. const router = express.Router();

  3. const config = require('config');

  4. const crypto = require('crypto');

  5. 

  6. const ModelPath = '../../models/';

  7. const Key = require(ModelPath + 'Key.js');

  8. 

  9. const verifyBody = require('../../util/verifyBody');

  10. const authenticate = require('../../util/auth/authenticateRequest');

  11. 

  12. 

  13. 

  14. const createParams = [

  15.     {name: 'identifier', type: 'string', sanitize: true},

  16.     {name: 'scope', instance: Array}];

  17. 

  18. router.post('/create', authenticate('key.create'), verifyBody(createParams), async (req, res) => {

  19.     const keyCount = await Key.countDocuments({issuer: req.username});

  20.     if (keyCount >= config.get('Key.limit'))

  21.         return res.status(403).json({message: 'Key limit reached.'});

  22. 

  23.     // Make sure the user has all the request scope

  24.     const keyScope = req.body.scope;

  25.     if (!keyScope.every(s => req.scope.includes(s)))

  26.         return res.status(403).json({message: 'Requested scope exceeds own scope.'});

  27. 

  28.     const key = {

  29.         key: await crypto.randomBytes(32).toString('hex'),

  30.         identifier: req.body.identifier,

  31.         scope: keyScope,

  32.         issuer: req.username,

  33.         date: Date.now()

  34.     };

  35. 

  36.     await Key.create(key);

  37. 

  38.     res.status(200).json({

  39.         message: 'Key created.',

  40.         key: key.key

  41.     });

  42. });

  43. 

  44. 

  45. 

  46. const getProps = [

  47.     {name: 'identifier', type: 'string', optional: true},

  48.     {name: 'issuer', type: 'string', optional: true}];

  49. 

  50. router.get('/get', authenticate('key.get'), verifyBody(getProps), async (req, res) => {

  51.     let query = {};

  52. 

  53.     if (req.body.identifier)

  54.         query.identifier = req.body.identifier;

  55. 

  56.     if (!req.scope.includes('key.get.others'))

  57.         query.issuer = req.username;

  58.     else if (req.body.issuer)

  59.         query.issuer = req.body.issuer;

  60. 

  61.     const keys = await Key.find(query);

  62. 

  63.     res.status(200).json(keys);

  64. });

  65. 

  66. 

  67. 

  68. const deleteProps = [

  69.     {name: 'keyid', type: 'string'},

  70.     {name: 'issuer', type: 'string', optional: true}];

  71. 

  72. router.post('/delete', authenticate('key.delete'), verifyBody(deleteProps), async (req, res) => {

  73.     let query = {key : req.body.keyid};

  74. 

  75.     if (!req.scope.includes('key.delete.others'))

  76.         query.issuer = req.username;

  77.     else if (req.body.issuer)

  78.         query.issuer = req.body.issuer;

  79. 

  80.     const key = await Key.findOne(query);

  81.     if (!key)

  82.         return res.status(422).json({message: 'Key not found.'});

  83. 

  84.     await Key.deleteOne({_id: key._id});

  85.     res.status(200).json({message: 'Key deleted.'});

  86. });

  87. 

  88. 

  89. 

  90. module.exports = router;