125 lines
4.4 KiB
JavaScript
125 lines
4.4 KiB
JavaScript
'use strict';
|
|
|
|
exports = module.exports = {
|
|
add: add,
|
|
get: get,
|
|
del: del,
|
|
getAll: getAll,
|
|
addToken: addToken,
|
|
getTokens: getTokens,
|
|
delTokens: delTokens,
|
|
delToken: delToken
|
|
};
|
|
|
|
var assert = require('assert'),
|
|
BoxError = require('../boxerror.js'),
|
|
clients = require('../clients.js'),
|
|
constants = require('../constants.js'),
|
|
HttpError = require('connect-lastmile').HttpError,
|
|
HttpSuccess = require('connect-lastmile').HttpSuccess,
|
|
validUrl = require('valid-url');
|
|
|
|
function add(req, res, next) {
|
|
var data = req.body;
|
|
|
|
if (!data) return next(new HttpError(400, 'Cannot parse data field'));
|
|
if (typeof data.appId !== 'string' || !data.appId) return next(new HttpError(400, 'appId is required'));
|
|
if (typeof data.redirectURI !== 'string' || !data.redirectURI) return next(new HttpError(400, 'redirectURI is required'));
|
|
if (typeof data.scope !== 'string' || !data.scope) return next(new HttpError(400, 'scope is required'));
|
|
if (!validUrl.isWebUri(data.redirectURI)) return next(new HttpError(400, 'redirectURI must be a valid uri'));
|
|
|
|
clients.add(data.appId, clients.TYPE_EXTERNAL, data.redirectURI, data.scope, function (error, result) {
|
|
if (error) return next(BoxError.toHttpError(error));
|
|
|
|
next(new HttpSuccess(201, result));
|
|
});
|
|
}
|
|
|
|
function get(req, res, next) {
|
|
assert.strictEqual(typeof req.params.clientId, 'string');
|
|
|
|
clients.get(req.params.clientId, function (error, result) {
|
|
if (error) return next(BoxError.toHttpError(error));
|
|
|
|
next(new HttpSuccess(200, result));
|
|
});
|
|
}
|
|
|
|
function del(req, res, next) {
|
|
assert.strictEqual(typeof req.params.clientId, 'string');
|
|
|
|
clients.get(req.params.clientId, function (error, result) {
|
|
if (error) return next(BoxError.toHttpError(error));
|
|
|
|
// we do not allow to use the REST API to delete addon clients
|
|
if (result.type !== clients.TYPE_EXTERNAL) return next(new HttpError(405, 'Deleting app addon clients is not allowed.'));
|
|
|
|
clients.del(req.params.clientId, function (error, result) {
|
|
if (error) return next(BoxError.toHttpError(error));
|
|
|
|
next(new HttpSuccess(204, result));
|
|
});
|
|
});
|
|
}
|
|
|
|
function getAll(req, res, next) {
|
|
clients.getAll(function (error, result) {
|
|
if (error) return next(BoxError.toHttpError(error));
|
|
|
|
next(new HttpSuccess(200, { clients: result }));
|
|
});
|
|
}
|
|
|
|
function addToken(req, res, next) {
|
|
assert.strictEqual(typeof req.params.clientId, 'string');
|
|
assert.strictEqual(typeof req.user, 'object');
|
|
assert.strictEqual(typeof req.body, 'object');
|
|
|
|
var data = req.body;
|
|
var expiresAt = data.expiresAt ? parseInt(data.expiresAt, 10) : Date.now() + constants.DEFAULT_TOKEN_EXPIRATION;
|
|
if (isNaN(expiresAt) || expiresAt <= Date.now()) return next(new HttpError(400, 'expiresAt must be a timestamp in the future'));
|
|
if ('name' in req.body && typeof req.body.name !== 'string') return next(new HttpError(400, 'name must be a string'));
|
|
|
|
clients.addTokenByUserId(req.params.clientId, req.user.id, expiresAt, { name: req.body.name || '' }, function (error, result) {
|
|
if (error) return next(BoxError.toHttpError(error));
|
|
|
|
next(new HttpSuccess(201, { token: result }));
|
|
});
|
|
}
|
|
|
|
function getTokens(req, res, next) {
|
|
assert.strictEqual(typeof req.params.clientId, 'string');
|
|
assert.strictEqual(typeof req.user, 'object');
|
|
|
|
clients.getTokensByUserId(req.params.clientId, req.user.id, function (error, result) {
|
|
if (error) return next(BoxError.toHttpError(error));
|
|
|
|
result = result.map(clients.removeTokenPrivateFields);
|
|
|
|
next(new HttpSuccess(200, { tokens: result }));
|
|
});
|
|
}
|
|
|
|
function delTokens(req, res, next) {
|
|
assert.strictEqual(typeof req.params.clientId, 'string');
|
|
assert.strictEqual(typeof req.user, 'object');
|
|
|
|
clients.delTokensByUserId(req.params.clientId, req.user.id, function (error) {
|
|
if (error) return next(BoxError.toHttpError(error));
|
|
|
|
next(new HttpSuccess(204));
|
|
});
|
|
}
|
|
|
|
function delToken(req, res, next) {
|
|
assert.strictEqual(typeof req.params.clientId, 'string');
|
|
assert.strictEqual(typeof req.params.tokenId, 'string');
|
|
assert.strictEqual(typeof req.user, 'object');
|
|
|
|
clients.delToken(req.params.clientId, req.params.tokenId, function (error) {
|
|
if (error) return next(BoxError.toHttpError(error));
|
|
|
|
next(new HttpSuccess(204));
|
|
});
|
|
}
|