Split API into multiple files & setup public user permissions
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Garrett Mills 2020-11-11 12:23:31 -06:00
parent 4636521d50
commit 9df5f2d5f4
Signed by: garrettmills
GPG Key ID: D2BF5FBA8298F246
14 changed files with 74 additions and 65 deletions

View File

@ -43,6 +43,7 @@ class Home extends Controller {
app_name: this.configs.get('app.name'), app_name: this.configs.get('app.name'),
system_base: this.configs.get('app.url'), system_base: this.configs.get('app.url'),
authenticated_user: !!req.user, authenticated_user: !!req.user,
public_user: !!req?.user?.is_public_user(),
}) })
} }
} }

View File

@ -33,6 +33,7 @@ class SessionController extends Controller {
id: user.id, id: user.id,
username: user.uid, username: user.uid,
preferences: user.preferences || {}, preferences: user.preferences || {},
is_public_user: user.is_public_user(),
}, },
app: { app: {
name: this.configs.get('app.name'), name: this.configs.get('app.name'),

View File

@ -94,6 +94,15 @@ class PublicUserModel extends User {
return page return page
} }
async can(permission) {
const PublicUserPermission = this.models.get('auth:PublicUserPermission')
return PublicUserPermission.can(permission)
}
is_public_user() {
return true
}
} }
module.exports = exports = PublicUserModel module.exports = exports = PublicUserModel

View File

@ -57,6 +57,9 @@ class User extends AuthUser {
} }
// Other members and methods here // Other members and methods here
is_public_user() {
return false
}
} }
module.exports = exports = User module.exports = exports = User

View File

@ -15,9 +15,9 @@ class ApiRoute extends Middleware {
req.user = await PublicUser.get_for_request(req) req.user = await PublicUser.get_for_request(req)
return next() return next()
} else { } else {
// If not signed in, save the target url so we can redirect back here after auth return res.status(401)
req.session.auth.flow = req.originalUrl .message('API authentication required')
return res.redirect('/auth/login') .api()
} }
} }
} }

View File

@ -2,23 +2,21 @@ module.exports = exports = {
prefix: '/api/v1/code', prefix: '/api/v1/code',
middleware: [ middleware: [],
'auth:ApiRoute',
],
get: { get: {
// Get the code ref node config for the specified code editor // Get the code ref node config for the specified code editor
'/:PageId/:NodeId/get/:CodiumId': ['controller::api:v1:FormCode.get_config'], '/:PageId/:NodeId/get/:CodiumId': ['middleware::auth:ApiRoute', 'controller::api:v1:FormCode.get_config'],
}, },
post: { post: {
// Create a new code ref config // Create a new code ref config
'/:PageId/:NodeId/create': ['controller::api:v1:FormCode.create_new'], '/:PageId/:NodeId/create': ['middleware::auth:ApiRoute', 'controller::api:v1:FormCode.create_new'],
// Set the data for the specified code ref // Set the data for the specified code ref
'/:PageId/:NodeId/set/:CodiumId': ['controller::api:v1:FormCode.set_values'], '/:PageId/:NodeId/set/:CodiumId': ['middleware::auth:ApiRoute', 'controller::api:v1:FormCode.set_values'],
// delete the specified code ref // delete the specified code ref
'/:PageId/:NodeId/delete/:CodiumId': ['controller::api:v1:FormCode.drop_code'], '/:PageId/:NodeId/delete/:CodiumId': ['middleware::auth:ApiRoute', 'controller::api:v1:FormCode.drop_code'],
}, },
} }

View File

@ -2,13 +2,11 @@ module.exports = exports = {
prefix: '/api/v1/data', prefix: '/api/v1/data',
middleware: [ middleware: [],
'auth:ApiRoute'
],
get: { get: {
// Export the entire personal tree as HTML // Export the entire personal tree as HTML
'/export/html': ['controller::Export.html_export'], '/export/html': ['middleware::auth:ApiRoute', 'controller::Export.html_export'],
}, },
post: { post: {

View File

@ -2,35 +2,33 @@ module.exports = exports = {
prefix: '/api/v1/db', prefix: '/api/v1/db',
middleware: [ middleware: [],
'auth:ApiRoute'
],
get: { get: {
// Get the database ref node config for the specified database // Get the database ref node config for the specified database
'/:PageId/:NodeId/get/:DatabaseId': ['controller::api:v1:FormDatabase.get_config'], '/:PageId/:NodeId/get/:DatabaseId': ['middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.get_config'],
// Get the column config records for the specified database // Get the column config records for the specified database
'/:PageId/:NodeId/get/:DatabaseId/columns': [ 'controller::api:v1:FormDatabase.get_columns' ], '/:PageId/:NodeId/get/:DatabaseId/columns': [ 'middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.get_columns' ],
// Get the row records for the specified database // Get the row records for the specified database
'/:PageId/:NodeId/get/:DatabaseId/data': [ 'controller::api:v1:FormDatabase.get_data' ], '/:PageId/:NodeId/get/:DatabaseId/data': [ 'middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.get_data' ],
}, },
post: { post: {
// Create a new database ref config // Create a new database ref config
'/:PageId/:NodeId/create': ['controller::api:v1:FormDatabase.create_new'], '/:PageId/:NodeId/create': ['middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.create_new'],
// Set the column configs for a database ref // Set the column configs for a database ref
'/:PageId/:NodeId/set/:DatabaseId/columns': [ 'controller::api:v1:FormDatabase.set_columns' ], '/:PageId/:NodeId/set/:DatabaseId/columns': [ 'middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.set_columns' ],
// Set the database name // Set the database name
'/:PageId/:NodeId/set/:DatabaseId/Name': [ 'controller::api:v1:FormDatabase.set_name' ], '/:PageId/:NodeId/set/:DatabaseId/Name': [ 'middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.set_name' ],
// Delete the specified database ref // Delete the specified database ref
'/:PageId/:NodeId/drop/:DatabaseId': [ 'controller::api:v1:FormDatabase.drop_database' ], '/:PageId/:NodeId/drop/:DatabaseId': [ 'middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.drop_database' ],
// Set the row data for the specified database ref // Set the row data for the specified database ref
'/:PageId/:NodeId/set/:DatabaseId/data': ['controller::api:v1:FormDatabase.set_data'], '/:PageId/:NodeId/set/:DatabaseId/data': ['middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.set_data'],
}, },
} }

View File

@ -2,27 +2,25 @@ module.exports = exports = {
prefix: '/api/v1/files', prefix: '/api/v1/files',
middleware: [ middleware: [],
'auth:ApiRoute',
],
get: { get: {
// Get the file ref node config for the specified file ref // Get the file ref node config for the specified file ref
'/:PageId/:NodeId/get/:FilesId': ['controller::api:v1:File.get_config'], '/:PageId/:NodeId/get/:FilesId': ['middleware::auth:ApiRoute', 'controller::api:v1:File.get_config'],
// Download the specified file ID from the specified file ref node // Download the specified file ID from the specified file ref node
'/:PageId/:NodeId/get/:FilesId/:FileId': ['controller::api:v1:File.download'], '/:PageId/:NodeId/get/:FilesId/:FileId': ['middleware::auth:ApiRoute', 'controller::api:v1:File.download'],
}, },
post: { post: {
// FIXME - files, not file. Fix in front-end! // FIXME - files, not file. Fix in front-end!
// Upload the file in the 'uploaded_file' key to the specified file ref node // Upload the file in the 'uploaded_file' key to the specified file ref node
'/file/upload/:PageId/:NodeId/:FilesId': ['middleware::upload:UploadFile', 'controller::api:v1:File.save_upload'], '/file/upload/:PageId/:NodeId/:FilesId': ['middleware::auth:ApiRoute', 'middleware::upload:UploadFile', 'controller::api:v1:File.save_upload'],
// Create a new file ref node // Create a new file ref node
'/:PageId/:NodeId/create': ['controller::api:v1:File.create_config'], '/:PageId/:NodeId/create': ['middleware::auth:ApiRoute', 'controller::api:v1:File.create_config'],
// Delete a file ref node and its files // Delete a file ref node and its files
'/:PageId/:NodeId/delete/:FilesId': ['controller::api:v1:File.delete_group'], '/:PageId/:NodeId/delete/:FilesId': ['middleware::auth:ApiRoute', 'controller::api:v1:File.delete_group'],
}, },
} }

View File

@ -2,13 +2,14 @@ module.exports = exports = {
prefix: '/api/v1/menu', prefix: '/api/v1/menu',
middleware: [ middleware: [],
'auth:ApiRoute',
],
get: { get: {
// Get the user's menu tree // Get the user's menu tree
'/items': ['controller::api:v1:Menu.get_items'], '/items': [
['middleware::auth:ApiRoute', { allow_public: true }],
'controller::api:v1:Menu.get_items',
],
}, },
post: { post: {

View File

@ -2,16 +2,14 @@ module.exports = exports = {
prefix: '/api/v1/offline', prefix: '/api/v1/offline',
middleware: [ middleware: [],
'auth:ApiRoute',
],
get: { get: {
'/prefetch': ['controller::api:v1:Offline.do_prefetch'], '/prefetch': ['middleware::auth:ApiRoute', 'controller::api:v1:Offline.do_prefetch'],
}, },
post: { post: {
// re-sync data when an offline client goes back online // re-sync data when an offline client goes back online
'/sync': ['controller::api:v1:Offline.do_sync'], '/sync': ['middleware::auth:ApiRoute', 'controller::api:v1:Offline.do_sync'],
}, },
} }

View File

@ -1,40 +1,38 @@
module.exports = exports = { module.exports = exports = {
prefix: '/api/v1/page', prefix: '/api/v1/page',
middleware: [ middleware: [],
'auth:ApiRoute',
],
get: { get: {
// Get the data for the specified page // Get the data for the specified page
'/:PageId': ['controller::api:v1:Page.get_page'], '/:PageId': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.get_page'],
// Get the available versions of the given page // Get the available versions of the given page
'/:PageId/versions': ['controller::api:v1:Page.get_page_versions'], '/:PageId/versions': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.get_page_versions'],
// Get the nodes present on the specified page // Get the nodes present on the specified page
'/:PageId/nodes': ['controller::api:v1:Page.get_nodes'], '/:PageId/nodes': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.get_nodes'],
}, },
post: { post: {
// Save the data for the specified page // Save the data for the specified page
'/:PageId/save': ['controller::api:v1:Page.save_page'], '/:PageId/save': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.save_page'],
// Revert the page to a previous version // Revert the page to a previous version
'/:PageId/versions/revert': ['controller::api:v1:Page.revert_version'], '/:PageId/versions/revert': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.revert_version'],
// Save the node data for the specified page // Save the node data for the specified page
'/:PageId/nodes/save': ['controller::api:v1:Page.save_nodes'], '/:PageId/nodes/save': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.save_nodes'],
'/:PageId/nodes/save_one': ['controller::api:v1:Page.save_node_to_page'], '/:PageId/nodes/save_one': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.save_node_to_page'],
// Create a new page in the personal root // Create a new page in the personal root
'/create': ['controller::api:v1:Page.create_top_level'], '/create': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.create_top_level'],
// Create a new page as a child of the specified page // Create a new page as a child of the specified page
'/create-child': ['controller::api:v1:Page.create_child'], '/create-child': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.create_child'],
// Delete the specified page // Delete the specified page
'/delete/:PageId': ['controller::api:v1:Page.delete_page'], '/delete/:PageId': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.delete_page'],
}, },
} }

View File

@ -2,12 +2,10 @@ module.exports = exports = {
prefix: '/api/v1/search', prefix: '/api/v1/search',
middleware: [ middleware: [],
'auth:ApiRoute',
],
get: { get: {
'/': ['controller::api:v1:Misc.get_search'], '/': ['middleware::auth:ApiRoute', 'controller::api:v1:Misc.get_search'],
}, },
post: { post: {

View File

@ -2,17 +2,25 @@ const index = {
prefix: '/api/v1/session', prefix: '/api/v1/session',
middleware: [ middleware: [],
'auth:UserOnly',
],
get: { get: {
'/': [ 'controller::api:v1:Session.get_session' ], '/': [
'/device-token': [ 'controller::api:v1:Session.get_device_token' ], ['middleware::auth:ApiRoute', { allow_public: true }],
'controller::api:v1:Session.get_session',
],
'/device-token': [
'middleware::auth:ApiRoute',
'controller::api:v1:Session.get_device_token',
],
}, },
post: { post: {
'/': [ 'controller::api:v1:Session.save_session' ], '/': [
['middleware::auth:ApiRoute', { allow_public: true }],
'controller::api:v1:Session.save_session',
],
}, },
} }