src/routes/clients.js

'use strict';

exports = module.exports = {
    add: add,
    get: get,
    del: del,
    getAll: getAll,
    addToken: addToken,
    getTokens: getTokens,
    delTokens: delTokens,
    delToken: delToken
};

var assert = require('assert'),
    BoxError = require('../boxerror.js'),
    clients = require('../clients.js'),
    constants = require('../constants.js'),
    HttpError = require('connect-lastmile').HttpError,
    HttpSuccess = require('connect-lastmile').HttpSuccess,
    validUrl = require('valid-url');

function add(req, res, next) {
    var data = req.body;

    if (!data) return next(new HttpError(400, 'Cannot parse data field'));
    if (typeof data.appId !== 'string' || !data.appId) return next(new HttpError(400, 'appId is required'));
    if (typeof data.redirectURI !== 'string' || !data.redirectURI) return next(new HttpError(400, 'redirectURI is required'));
    if (typeof data.scope !== 'string' || !data.scope) return next(new HttpError(400, 'scope is required'));
    if (!validUrl.isWebUri(data.redirectURI)) return next(new HttpError(400, 'redirectURI must be a valid uri'));

    clients.add(data.appId, clients.TYPE_EXTERNAL, data.redirectURI, data.scope, function (error, result) {
        if (error) return next(BoxError.toHttpError(error));

        next(new HttpSuccess(201, result));
    });
}

function get(req, res, next) {
    assert.strictEqual(typeof req.params.clientId, 'string');

    clients.get(req.params.clientId, function (error, result) {
        if (error) return next(BoxError.toHttpError(error));

        next(new HttpSuccess(200, result));
    });
}

function del(req, res, next) {
    assert.strictEqual(typeof req.params.clientId, 'string');

    clients.get(req.params.clientId, function (error, result) {
        if (error) return next(BoxError.toHttpError(error));

        // we do not allow to use the REST API to delete addon clients
        if (result.type !== clients.TYPE_EXTERNAL) return next(new HttpError(405, 'Deleting app addon clients is not allowed.'));

        clients.del(req.params.clientId, function (error, result) {
            if (error) return next(BoxError.toHttpError(error));

            next(new HttpSuccess(204, result));
        });
    });
}

function getAll(req, res, next) {
    clients.getAll(function (error, result) {
        if (error) return next(BoxError.toHttpError(error));

        next(new HttpSuccess(200, { clients: result }));
    });
}

function addToken(req, res, next) {
    assert.strictEqual(typeof req.params.clientId, 'string');
    assert.strictEqual(typeof req.user, 'object');
    assert.strictEqual(typeof req.body, 'object');

    var data = req.body;
    var expiresAt = data.expiresAt ? parseInt(data.expiresAt, 10) : Date.now() + constants.DEFAULT_TOKEN_EXPIRATION;
    if (isNaN(expiresAt) || expiresAt <= Date.now()) return next(new HttpError(400, 'expiresAt must be a timestamp in the future'));
    if ('name' in req.body && typeof req.body.name !== 'string') return next(new HttpError(400, 'name must be a string'));

    clients.addTokenByUserId(req.params.clientId, req.user.id, expiresAt, { name: req.body.name || '' }, function (error, result) {
        if (error) return next(BoxError.toHttpError(error));

        next(new HttpSuccess(201, { token: result }));
    });
}

function getTokens(req, res, next) {
    assert.strictEqual(typeof req.params.clientId, 'string');
    assert.strictEqual(typeof req.user, 'object');

    clients.getTokensByUserId(req.params.clientId, req.user.id, function (error, result) {
        if (error) return next(BoxError.toHttpError(error));

        result = result.map(clients.removeTokenPrivateFields);

        next(new HttpSuccess(200, { tokens: result }));
    });
}

function delTokens(req, res, next) {
    assert.strictEqual(typeof req.params.clientId, 'string');
    assert.strictEqual(typeof req.user, 'object');

    clients.delTokensByUserId(req.params.clientId, req.user.id, function (error) {
        if (error) return next(BoxError.toHttpError(error));

        next(new HttpSuccess(204));
    });
}

function delToken(req, res, next) {
    assert.strictEqual(typeof req.params.clientId, 'string');
    assert.strictEqual(typeof req.params.tokenId, 'string');
    assert.strictEqual(typeof req.user, 'object');

    clients.delToken(req.params.clientId, req.params.tokenId, function (error) {
        if (error) return next(BoxError.toHttpError(error));

        next(new HttpSuccess(204));
    });
}
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`'use strict';`

			`exports = module.exports = {`
			`add: add,`
			`get: get,`
			`del: del,`
Simply return oauth clients instead of join with tokendb 2016-06-07 12:15:17 +02:00			`getAll: getAll,`
Keep naming consistent with delToken 2018-04-28 17:55:17 -07:00			`addToken: addToken,`
			`getTokens: getTokens,`
			`delTokens: delTokens,`
Add route to delete a single token 2016-06-07 15:34:27 +02:00			`delToken: delToken`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`};`

			`var assert = require('assert'),`
Move ClientsError to BoxError 2019-10-22 21:16:00 -07:00			`BoxError = require('../boxerror.js'),`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`clients = require('../clients.js'),`
Tokens are now valid for a week 2016-08-01 10:14:45 +02:00			`constants = require('../constants.js'),`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`HttpError = require('connect-lastmile').HttpError,`
add type field to clients table 2015-10-15 16:31:45 -07:00			`HttpSuccess = require('connect-lastmile').HttpSuccess,`
			`validUrl = require('valid-url');`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
			`function add(req, res, next) {`
			`var data = req.body;`

			`if (!data) return next(new HttpError(400, 'Cannot parse data field'));`
			`if (typeof data.appId !== 'string' \|\| !data.appId) return next(new HttpError(400, 'appId is required'));`
			`if (typeof data.redirectURI !== 'string' \|\| !data.redirectURI) return next(new HttpError(400, 'redirectURI is required'));`
			`if (typeof data.scope !== 'string' \|\| !data.scope) return next(new HttpError(400, 'scope is required'));`
			`if (!validUrl.isWebUri(data.redirectURI)) return next(new HttpError(400, 'redirectURI must be a valid uri'));`

Move client TYPE_* to clients.js 2016-06-03 15:05:00 +02:00			`clients.add(data.appId, clients.TYPE_EXTERNAL, data.redirectURI, data.scope, function (error, result) {`
Refactor toHttpError code into BoxError 2019-10-24 18:05:14 -07:00			`if (error) return next(BoxError.toHttpError(error));`
Move ClientsError to BoxError 2019-10-22 21:16:00 -07:00
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`next(new HttpSuccess(201, result));`
			`});`
			`}`

			`function get(req, res, next) {`
			`assert.strictEqual(typeof req.params.clientId, 'string');`

			`clients.get(req.params.clientId, function (error, result) {`
Refactor toHttpError code into BoxError 2019-10-24 18:05:14 -07:00			`if (error) return next(BoxError.toHttpError(error));`
Move ClientsError to BoxError 2019-10-22 21:16:00 -07:00
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`next(new HttpSuccess(200, result));`
			`});`
			`}`

			`function del(req, res, next) {`
			`assert.strictEqual(typeof req.params.clientId, 'string');`

Prevent the rest api to delete addon auth clients 2016-06-09 14:44:38 +02:00			`clients.get(req.params.clientId, function (error, result) {`
Refactor toHttpError code into BoxError 2019-10-24 18:05:14 -07:00			`if (error) return next(BoxError.toHttpError(error));`
Prevent the rest api to delete addon auth clients 2016-06-09 14:44:38 +02:00
			`// we do not allow to use the REST API to delete addon clients`
			`if (result.type !== clients.TYPE_EXTERNAL) return next(new HttpError(405, 'Deleting app addon clients is not allowed.'));`

			`clients.del(req.params.clientId, function (error, result) {`
Refactor toHttpError code into BoxError 2019-10-24 18:05:14 -07:00			`if (error) return next(BoxError.toHttpError(error));`
Move ClientsError to BoxError 2019-10-22 21:16:00 -07:00
Prevent the rest api to delete addon auth clients 2016-06-09 14:44:38 +02:00			`next(new HttpSuccess(204, result));`
			`});`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`});`
			`}`

Simply return oauth clients instead of join with tokendb 2016-06-07 12:15:17 +02:00			`function getAll(req, res, next) {`
			`clients.getAll(function (error, result) {`
Refactor toHttpError code into BoxError 2019-10-24 18:05:14 -07:00			`if (error) return next(BoxError.toHttpError(error));`
Move ClientsError to BoxError 2019-10-22 21:16:00 -07:00
Simply return oauth clients instead of join with tokendb 2016-06-07 12:15:17 +02:00			`next(new HttpSuccess(200, { clients: result }));`
			`});`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`}`

Keep naming consistent with delToken 2018-04-28 17:55:17 -07:00			`function addToken(req, res, next) {`
Add rest api to create a new token for a client 2016-06-07 14:29:37 +02:00			`assert.strictEqual(typeof req.params.clientId, 'string');`
			`assert.strictEqual(typeof req.user, 'object');`
Make expiresAt a body parameter 2018-04-28 20:41:38 -07:00			`assert.strictEqual(typeof req.body, 'object');`
Add rest api to create a new token for a client 2016-06-07 14:29:37 +02:00
Make expiresAt a body parameter 2018-04-28 20:41:38 -07:00			`var data = req.body;`
			`var expiresAt = data.expiresAt ? parseInt(data.expiresAt, 10) : Date.now() + constants.DEFAULT_TOKEN_EXPIRATION;`
Allow optional expiresAt to be set on token creation 2016-06-07 15:47:13 +02:00			`if (isNaN(expiresAt) \|\| expiresAt <= Date.now()) return next(new HttpError(400, 'expiresAt must be a timestamp in the future'));`
Give optional name for tokens 2018-08-27 14:50:41 -07:00			`if ('name' in req.body && typeof req.body.name !== 'string') return next(new HttpError(400, 'name must be a string'));`
Allow optional expiresAt to be set on token creation 2016-06-07 15:47:13 +02:00
Give optional name for tokens 2018-08-27 14:50:41 -07:00			`clients.addTokenByUserId(req.params.clientId, req.user.id, expiresAt, { name: req.body.name \|\| '' }, function (error, result) {`
Refactor toHttpError code into BoxError 2019-10-24 18:05:14 -07:00			`if (error) return next(BoxError.toHttpError(error));`
Move ClientsError to BoxError 2019-10-22 21:16:00 -07:00
Add rest api to create a new token for a client 2016-06-07 14:29:37 +02:00			`next(new HttpSuccess(201, { token: result }));`
			`});`
			`}`

Keep naming consistent with delToken 2018-04-28 17:55:17 -07:00			`function getTokens(req, res, next) {`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`assert.strictEqual(typeof req.params.clientId, 'string');`
			`assert.strictEqual(typeof req.user, 'object');`

Keep naming consistent with delToken 2018-04-28 17:55:17 -07:00			`clients.getTokensByUserId(req.params.clientId, req.user.id, function (error, result) {`
Refactor toHttpError code into BoxError 2019-10-24 18:05:14 -07:00			`if (error) return next(BoxError.toHttpError(error));`
do not return accessToken when listing tokens 2019-02-14 14:55:13 -08:00
			`result = result.map(clients.removeTokenPrivateFields);`

app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`next(new HttpSuccess(200, { tokens: result }));`
			`});`
			`}`

Keep naming consistent with delToken 2018-04-28 17:55:17 -07:00			`function delTokens(req, res, next) {`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`assert.strictEqual(typeof req.params.clientId, 'string');`
			`assert.strictEqual(typeof req.user, 'object');`

Keep naming consistent with delToken 2018-04-28 17:55:17 -07:00			`clients.delTokensByUserId(req.params.clientId, req.user.id, function (error) {`
Refactor toHttpError code into BoxError 2019-10-24 18:05:14 -07:00			`if (error) return next(BoxError.toHttpError(error));`
Move ClientsError to BoxError 2019-10-22 21:16:00 -07:00
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`next(new HttpSuccess(204));`
			`});`
			`}`
Add route to delete a single token 2016-06-07 15:34:27 +02:00
			`function delToken(req, res, next) {`
			`assert.strictEqual(typeof req.params.clientId, 'string');`
			`assert.strictEqual(typeof req.params.tokenId, 'string');`
			`assert.strictEqual(typeof req.user, 'object');`

			`clients.delToken(req.params.clientId, req.params.tokenId, function (error) {`
Refactor toHttpError code into BoxError 2019-10-24 18:05:14 -07:00			`if (error) return next(BoxError.toHttpError(error));`
Add route to delete a single token 2016-06-07 15:34:27 +02:00
			`next(new HttpSuccess(204));`
			`});`
			`}`