1
0
mirror of https://github.com/Foltik/Shimapan synced 2024-11-15 01:06:32 -05:00
shimapan/app/routes/api/keys.js

88 lines
2.4 KiB
JavaScript

var express = require('express');
var router = express.Router();
var crypto = require('crypto');
var User = require('../../models/User.js');
var Key = require('../../models/Key.js');
var requireScope = function (perm) {
return function(req, res, next) {
User.findOne({username: req.session.passport.user}, function(err, user) {
if (err) throw err;
if (user.scope.indexOf(perm) === -1)
res.status(400).json({'message': 'No permission.'});
else
next();
});
}
};
router.post('/create', requireScope('api.create'), function (req, res) {
if (!req.body.identifier || !req.body.scope) {
res.status(400).json({'message': 'Bad request.'});
return;
}
Key.count({'username': req.session.passport.user}, function (err, count) {
if (count >= 10) {
res.status(403).json({'message': 'Key limit reached.'});
return;
}
var scope;
try {
scope = JSON.parse(req.body.scope);
} catch (e) {
res.status(500).json({'message': e.name + ': ' + e.message});
return;
}
var id = req.sanitize(req.body.identifier);
if (id.length === 0) id = "err";
var entry = {
key: crypto.randomBytes(32).toString('hex'),
identifier: id,
scope: scope,
username: req.session.passport.user,
date: Date.now()
};
Key.create(entry, function (err) {
if (err) {
throw err;
} else {
res.status(200).json({
key: entry.key,
identifier: entry.identifier,
scope: entry.scope
});
}
})
})
});
router.get('/get', function (req, res, next) {
var query = {username: req.session.passport.user};
if (req.body.identifier)
query.identifier = req.body.identifier;
Key.find(query, function (err, keys) {
if (err) {
next(err);
} else {
res.status(200).json(keys);
}
})
});
router.post('/delete', requireScope('api.delete'), function(req, res, next) {
Key.deleteOne({key: req.body.key}, function(err) {
if (err) next(err);
else res.status(200).json({'message': 'Successfully deleted.'});
});
});
module.exports = router;