jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Add tokens routes

Browse Source
This commit is contained in:
Johannes Zellner
2020-02-07 16:20:05 +01:00
parent 237f2c5112
commit ac4aa4bd3d
4 changed files with 116 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/routes/tokens.js
+73
View File
@@ -0,0 +1,73 @@
'use strict';
exports = module.exports = {
verifyOwnership: verifyOwnership,
getAll: getAll,
get: get,
add: add,
del: del
};
var assert = require('assert'),
BoxError = require('../boxerror.js'),
HttpError = require('connect-lastmile').HttpError,
HttpSuccess = require('connect-lastmile').HttpSuccess,
tokens = require('../tokens.js');
function verifyOwnership(req, res, next) {
assert.strictEqual(typeof req.user, 'object');
assert.strictEqual(typeof req.params.id, 'string');
tokens.get(req.params.id, function (error, result) {
if (error) return next(BoxError.toHttpError(error));
if (result.identifier !== req.user.id) return next(new HttpError(403, 'User is not owner'));
req.token = result;
next();
});
}
function getAll(req, res, next) {
assert.strictEqual(typeof req.user, 'object');
tokens.getAllByUserId(req.user.id, function (error, result) {
if (error) return next(BoxError.toHttpError(error));
next(new HttpSuccess(200, { tokens: result }));
});
}
function get(req, res, next) {
assert.strictEqual(typeof req.user, 'object');
assert.strictEqual(typeof req.token, 'object');
next(new HttpSuccess(200, req.token));
}
function add(req, res, next) {
assert.strictEqual(typeof req.user, 'object');
assert.strictEqual(typeof req.body, 'object');
if (typeof req.body.name !== 'string') return next(new HttpError(400, 'name must be string'));
const expiration = 100 * 365 * 24 * 60 * 60 * 1000; // forever - 100 years TODO maybe we should allow 0 or -1 to make that explicit
tokens.add(tokens.ID_SDK, req.user.id, expiration, { name: req.body.name }, function (error, result) {
if (error) return next(BoxError.toHttpError(error));
next(new HttpSuccess(201, result));
});
}
function del(req, res, next) {
assert.strictEqual(typeof req.user, 'object');
assert.strictEqual(typeof req.token, 'object');
tokens.del(req.token.id, function (error) {
if (error) return next(BoxError.toHttpError(error));
next(new HttpSuccess(204, {}));
});
}