jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Move ClientsError to BoxError

Browse Source
This commit is contained in:
Girish Ramakrishnan
2019-10-22 21:16:00 -07:00
parent 11d80cec7d
commit 2df642000d
6 changed files with 62 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/routes/accesscontrol.js
View File

@@ -12,9 +12,9 @@ var accesscontrol = require('../accesscontrol.js'),
assert = require('assert'),
BasicStrategy = require('passport-http').BasicStrategy,
BearerStrategy = require('passport-http-bearer').Strategy,
BoxError = require('../boxerror.js'),
clients = require('../clients.js'),
ClientPasswordStrategy = require('passport-oauth2-client-password').Strategy,
ClientsError = clients.ClientsError,
HttpError = require('connect-lastmile').HttpError,
LocalStrategy = require('passport-local').Strategy,
passport = require('passport'),
@@ -62,7 +62,7 @@ function initialize(callback) {
// Used to authenticate a OAuth2 client which uses clientId and clientSecret in the Authorization header
passport.use(new BasicStrategy(function (clientId, clientSecret, callback) {
clients.get(clientId, function (error, client) {
if (error && error.reason === ClientsError.NOT_FOUND) return callback(null, false);
if (error && error.reason === BoxError.NOT_FOUND) return callback(null, false);
if (error) return callback(error);
if (client.clientSecret !== clientSecret) return callback(null, false);
callback(null, client);
@@ -72,7 +72,7 @@ function initialize(callback) {
// Used to authenticate a OAuth2 client which uses clientId and clientSecret in the request body (client_id, client_secret)
passport.use(new ClientPasswordStrategy(function (clientId, clientSecret, callback) {
clients.get(clientId, function(error, client) {
if (error && error.reason === ClientsError.NOT_FOUND) return callback(null, false);
if (error && error.reason === BoxError.NOT_FOUND) return callback(null, false);
if (error) { return callback(error); }
if (client.clientSecret !== clientSecret) { return callback(null, false); }
callback(null, client);

49
src/routes/clients.js
View File

@@ -12,13 +12,25 @@ exports = module.exports = {
};
var assert = require('assert'),
BoxError = require('../boxerror.js'),
clients = require('../clients.js'),
ClientsError = clients.ClientsError,
constants = require('../constants.js'),
HttpError = require('connect-lastmile').HttpError,
HttpSuccess = require('connect-lastmile').HttpSuccess,
validUrl = require('valid-url');
function toHttpError(error) {
switch (error.reason) {
case BoxError.NOT_FOUND:
return new HttpError(404, error);
case BoxError.BAD_FIELD:
return new HttpError(400, error);
case BoxError.INTERNAL_ERROR:
default:
return new HttpError(500, error);
}
}
function add(req, res, next) {
var data = req.body;
@@ -29,9 +41,8 @@ function add(req, res, next) {
if (!validUrl.isWebUri(data.redirectURI)) return next(new HttpError(400, 'redirectURI must be a valid uri'));
clients.add(data.appId, clients.TYPE_EXTERNAL, data.redirectURI, data.scope, function (error, result) {
if (error && error.reason === ClientsError.INVALID_SCOPE) return next(new HttpError(400, error.message));
if (error && error.reason === ClientsError.BAD_FIELD) return next(new HttpError(400, error.message));
if (error) return next(new HttpError(500, error));
if (error) return next(toHttpError(error));
next(new HttpSuccess(201, result));
});
}
@@ -40,8 +51,8 @@ function get(req, res, next) {
assert.strictEqual(typeof req.params.clientId, 'string');
clients.get(req.params.clientId, function (error, result) {
if (error && error.reason === ClientsError.NOT_FOUND) return next(new HttpError(404, error.message));
if (error) return next(new HttpError(500, error));
if (error) return next(toHttpError(error));
next(new HttpSuccess(200, result));
});
}
@@ -50,16 +61,14 @@ function del(req, res, next) {
assert.strictEqual(typeof req.params.clientId, 'string');
clients.get(req.params.clientId, function (error, result) {
if (error && error.reason === ClientsError.NOT_FOUND) return next(new HttpError(404, error.message));
if (error) return next(new HttpError(500, error));
if (error) return next(toHttpError(error));
// we do not allow to use the REST API to delete addon clients
if (result.type !== clients.TYPE_EXTERNAL) return next(new HttpError(405, 'Deleting app addon clients is not allowed.'));
clients.del(req.params.clientId, function (error, result) {
if (error && error.reason === ClientsError.NOT_FOUND) return next(new HttpError(404, error.message));
if (error && error.reason === ClientsError.NOT_ALLOWED) return next(new HttpError(405, error.message));
if (error) return next(new HttpError(500, error));
if (error) return next(toHttpError(error));
next(new HttpSuccess(204, result));
});
});
@@ -67,7 +76,8 @@ function del(req, res, next) {
function getAll(req, res, next) {
clients.getAll(function (error, result) {
if (error && error.reason !== ClientsError.NOT_FOUND) return next(new HttpError(500, error));
if (error) return next(toHttpError(error));
next(new HttpSuccess(200, { clients: result }));
});
}
@@ -83,8 +93,8 @@ function addToken(req, res, next) {
if ('name' in req.body && typeof req.body.name !== 'string') return next(new HttpError(400, 'name must be a string'));
clients.addTokenByUserId(req.params.clientId, req.user.id, expiresAt, { name: req.body.name || '' }, function (error, result) {
if (error && error.reason === ClientsError.NOT_FOUND) return next(new HttpError(404, error.message));
if (error) return next(new HttpError(500, error));
if (error) return next(toHttpError(error));
next(new HttpSuccess(201, { token: result }));
});
}
@@ -94,8 +104,7 @@ function getTokens(req, res, next) {
assert.strictEqual(typeof req.user, 'object');
clients.getTokensByUserId(req.params.clientId, req.user.id, function (error, result) {
if (error && error.reason === ClientsError.NOT_FOUND) return next(new HttpError(404, error.message));
if (error) return next(new HttpError(500, error));
if (error) return next(toHttpError(error));
result = result.map(clients.removeTokenPrivateFields);
@@ -108,8 +117,8 @@ function delTokens(req, res, next) {
assert.strictEqual(typeof req.user, 'object');
clients.delTokensByUserId(req.params.clientId, req.user.id, function (error) {
if (error && error.reason === ClientsError.NOT_FOUND) return next(new HttpError(404, error.message));
if (error) return next(new HttpError(500, error));
if (error) return next(toHttpError(error));
next(new HttpSuccess(204));
});
}
@@ -120,9 +129,7 @@ function delToken(req, res, next) {
assert.strictEqual(typeof req.user, 'object');
clients.delToken(req.params.clientId, req.params.tokenId, function (error) {
if (error && error.reason === ClientsError.NOT_FOUND) return next(new HttpError(404, error.message));
if (error && error.reason === ClientsError.INVALID_TOKEN) return next(new HttpError(404, error.message));
if (error) return next(new HttpError(500, error));
if (error) return next(toHttpError(error));
next(new HttpSuccess(204));
});

4
src/routes/oauth2.js
View File

@@ -22,8 +22,8 @@ exports = module.exports = {
var apps = require('../apps.js'),
assert = require('assert'),
authcodedb = require('../authcodedb.js'),
BoxError = require('../boxerror.js'),
clients = require('../clients'),
ClientsError = clients.ClientsError,
constants = require('../constants.js'),
DatabaseError = require('../databaseerror.js'),
debug = require('debug')('box:routes/oauth2'),
@@ -463,7 +463,7 @@ function authorization() {
debug('authorization: client %s with callback to %s.', clientId, redirectURI);
clients.get(clientId, function (error, client) {
if (error && error.reason === ClientsError.NOT_FOUND) return callback(null, false);
if (error && error.reason === BoxError.NOT_FOUND) return callback(null, false);
if (error) return callback(error);
// ignore the origin passed into form the client, but use the one from the clientdb