DB API Reads

2020-03-01 15:37:52 -06:00
parent fc5fc14b3f
commit dfcaf046c6
17 changed files with 585 additions and 18 deletions
--- a/app/routing/middleware/api/DatabaseRoute.middleware.js
+++ b/app/routing/middleware/api/DatabaseRoute.middleware.js
@@ -0,0 +1,30 @@
+const Middleware = require('libflitter/middleware/Middleware')
+
+/*
+ * DatabaseRoute Middleware
+ * -------------------------------------------------------------
+ * Put some description here!
+ */
+class DatabaseRoute extends Middleware {
+    static get services() {
+        return [...super.services, 'models']
+    }
+
+    async test(req, res, next, args = {}){
+        const Database = this.models.get('api:db:Database')
+
+        const id = req.params.database_id ? req.params.database_id : (req.query.database_id ? req.query.database_id : false)
+        if ( !id ) return res.status(400).message('Missing required: database_id').api()
+
+        const db = await Database.findOne({UUID: id})
+        if ( !db ) return res.status(404).message('Unable to find database with that ID.').api()
+        if ( !(await db.is_accessible_by(req.user)) ) return req.security.deny()
+
+        if ( !req.form ) req.form = {}
+        req.form.database = db
+
+        next()
+    }
+}
+
+module.exports = exports = DatabaseRoute
--- a/app/routing/middleware/api/auth/BearerToken.middleware.js
+++ b/app/routing/middleware/api/auth/BearerToken.middleware.js
@@ -0,0 +1,52 @@
+const Middleware = require('libflitter/middleware/Middleware')
+
+/*
+ * BearerToken Middleware
+ * -------------------------------------------------------------
+ * Put some description here!
+ */
+class BearerToken extends Middleware {
+    static get services() {
+        return [...super.services, 'models']
+    }
+
+    /*
+     * Run the middleware test.
+     * This method is required by all Flitter middleware.
+     * It should either call the next function in the stack,
+     * or it should handle the response accordingly.
+     */
+    async test(req, res, next, args = []){
+        const Token = this.models.get('api:Token')
+
+        const token_string = req.headers.authorization
+        if ( !token_string ) return this.fail(res, )
+        else if ( !token_string.startsWith('bearer ') ) return this.fail(res, 'Invalid authorization token. Prefix with "bearer".')
+
+        try {
+            const token = await Token.verify(token_string.replace('bearer ', ''))
+            const user = await token.user()
+            if ( !user || !token ) return this.fail(res)
+
+            if ( Array.isArray(args) ) {
+                for (const grant of args) {
+                    if (!token.can(grant)) {
+                        return this.fail(res)
+                    }
+                }
+            }
+
+            req.user = user
+            req.token = token
+            next()
+        } catch (e) {
+            return this.fail(res, String(e))
+        }
+    }
+    
+    fail(res, msg = 'Unauthorized') {
+        return res.status(401).message(msg).api({})
+    }
+}
+
+module.exports = exports = BearerToken