'use strict'; exports = module.exports = { add: add, get: get, del: del, getAll: getAll, addToken: addToken, getTokens: getTokens, delTokens: delTokens, delToken: delToken }; var assert = require('assert'), BoxError = require('../boxerror.js'), clients = require('../clients.js'), constants = require('../constants.js'), HttpError = require('connect-lastmile').HttpError, HttpSuccess = require('connect-lastmile').HttpSuccess, validUrl = require('valid-url'); function add(req, res, next) { var data = req.body; if (!data) return next(new HttpError(400, 'Cannot parse data field')); if (typeof data.appId !== 'string' || !data.appId) return next(new HttpError(400, 'appId is required')); if (typeof data.redirectURI !== 'string' || !data.redirectURI) return next(new HttpError(400, 'redirectURI is required')); if (typeof data.scope !== 'string' || !data.scope) return next(new HttpError(400, 'scope is required')); if (!validUrl.isWebUri(data.redirectURI)) return next(new HttpError(400, 'redirectURI must be a valid uri')); clients.add(data.appId, clients.TYPE_EXTERNAL, data.redirectURI, data.scope, function (error, result) { if (error) return next(BoxError.toHttpError(error)); next(new HttpSuccess(201, result)); }); } function get(req, res, next) { assert.strictEqual(typeof req.params.clientId, 'string'); clients.get(req.params.clientId, function (error, result) { if (error) return next(BoxError.toHttpError(error)); next(new HttpSuccess(200, result)); }); } function del(req, res, next) { assert.strictEqual(typeof req.params.clientId, 'string'); clients.get(req.params.clientId, function (error, result) { if (error) return next(BoxError.toHttpError(error)); // we do not allow to use the REST API to delete addon clients if (result.type !== clients.TYPE_EXTERNAL) return next(new HttpError(405, 'Deleting app addon clients is not allowed.')); clients.del(req.params.clientId, function (error, result) { if (error) return next(BoxError.toHttpError(error)); next(new HttpSuccess(204, result)); }); }); } function getAll(req, res, next) { clients.getAll(function (error, result) { if (error) return next(BoxError.toHttpError(error)); next(new HttpSuccess(200, { clients: result })); }); } function addToken(req, res, next) { assert.strictEqual(typeof req.params.clientId, 'string'); assert.strictEqual(typeof req.user, 'object'); assert.strictEqual(typeof req.body, 'object'); var data = req.body; var expiresAt = data.expiresAt ? parseInt(data.expiresAt, 10) : Date.now() + constants.DEFAULT_TOKEN_EXPIRATION; if (isNaN(expiresAt) || expiresAt <= Date.now()) return next(new HttpError(400, 'expiresAt must be a timestamp in the future')); if ('name' in req.body && typeof req.body.name !== 'string') return next(new HttpError(400, 'name must be a string')); clients.addTokenByUserId(req.params.clientId, req.user.id, expiresAt, { name: req.body.name || '' }, function (error, result) { if (error) return next(BoxError.toHttpError(error)); next(new HttpSuccess(201, { token: result })); }); } function getTokens(req, res, next) { assert.strictEqual(typeof req.params.clientId, 'string'); assert.strictEqual(typeof req.user, 'object'); clients.getTokensByUserId(req.params.clientId, req.user.id, function (error, result) { if (error) return next(BoxError.toHttpError(error)); result = result.map(clients.removeTokenPrivateFields); next(new HttpSuccess(200, { tokens: result })); }); } function delTokens(req, res, next) { assert.strictEqual(typeof req.params.clientId, 'string'); assert.strictEqual(typeof req.user, 'object'); clients.delTokensByUserId(req.params.clientId, req.user.id, function (error) { if (error) return next(BoxError.toHttpError(error)); next(new HttpSuccess(204)); }); } function delToken(req, res, next) { assert.strictEqual(typeof req.params.clientId, 'string'); assert.strictEqual(typeof req.params.tokenId, 'string'); assert.strictEqual(typeof req.user, 'object'); clients.delToken(req.params.clientId, req.params.tokenId, function (error) { if (error) return next(BoxError.toHttpError(error)); next(new HttpSuccess(204)); }); }