mifi/Eventment-API
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

- Updating routes with security

Browse Source
This commit is contained in:
Mike Fitzpatrick
2019-07-04 16:45:49 -04:00
parent dd3552dee4
commit 6d5d238d34
5 changed files with 34 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
routes/bids.js
View File

@@ -2,8 +2,8 @@ const errors = require('restify-errors');
const Bid = require('../models/bid');
module.exports = function(server) {
server.post('/bids', (req, res, next) => {
module.exports = function (server, auth) {
server.post('/bids', auth.manager, (req, res, next) => {
let data = req.body || {};
@@ -20,7 +20,7 @@ module.exports = function(server) {
});
});
server.get('/bids', (req, res, next) => {
server.get('/bids', auth.manager, (req, res, next) => {
Bid.apiQuery(req.params, function(err, docs) {
if (err) {
console.error(err);
@@ -34,7 +34,7 @@ module.exports = function(server) {
});
});
server.get('/bids/:bid_id', (req, res, next) => {
server.get('/bids/:bid_id', auth.manager, (req, res, next) => {
Bid.findOne({ _id: req.params.bid_id }, function(err, doc) {
if (err) {
console.error(err);
@@ -48,8 +48,7 @@ module.exports = function(server) {
});
});
server.put('/bids/:bid_id', (req, res, next) => {
server.put('/bids/:bid_id', auth.manager, (req, res, next) => {
let data = req.body || {};
if (!data._id) {
@@ -70,7 +69,7 @@ module.exports = function(server) {
);
}
Bid.update({ _id: data._id }, data, function(err) {
Bid.updateOne({ _id: data._id }, data, function(err) {
if (err) {
console.error(err);
return next(
@@ -84,7 +83,7 @@ module.exports = function(server) {
});
});
server.del('/bids/:bid_id', (req, res, next) => {
server.del('/bids/:bid_id', auth.manager, (req, res, next) => {
Bid.deleteOne({ _id: req.params.bid_id }, function(err) {
if (err) {
console.error(err);

14
routes/events.js
View File

@@ -2,8 +2,8 @@ const errors = require('restify-errors');
const Event = require('../models/event');
module.exports = function(server) {
server.post('/events', (req, res, next) => {
module.exports = function (server, auth) {
server.post('/events', auth.manager, (req, res, next) => {
let data = req.body || {};
@@ -20,7 +20,7 @@ module.exports = function(server) {
});
});
server.get('/events', (req, res, next) => {
server.get('/events', auth.basic, (req, res, next) => {
Event.apiQuery(req.params, function(err, docs) {
if (err) {
console.error(err);
@@ -34,7 +34,7 @@ module.exports = function(server) {
});
});
server.get('/events/:event_id', (req, res, next) => {
server.get('/events/:event_id', auth.basic, (req, res, next) => {
Event.findOne({ _id: req.params.event_id }, function(err, doc) {
if (err) {
console.error(err);
@@ -48,7 +48,7 @@ module.exports = function(server) {
});
});
server.put('/events/:event_id', (req, res, next) => {
server.put('/events/:event_id', auth.manager, (req, res, next) => {
let data = req.body || {};
@@ -70,7 +70,7 @@ module.exports = function(server) {
);
}
Event.update({ _id: data._id }, data, function(err) {
Event.updateOne({ _id: data._id }, data, function(err) {
if (err) {
console.error(err);
return next(
@@ -84,7 +84,7 @@ module.exports = function(server) {
});
});
server.del('/events/:event_id', (req, res, next) => {
server.del('/events/:event_id', auth.manager, (req, res, next) => {
Event.deleteOne({ _id: req.params.event_id }, function(err) {
if (err) {
console.error(err);

14
routes/installs.js
View File

@@ -2,8 +2,8 @@ const errors = require('restify-errors');
const Install = require('../models/install');
module.exports = function(server) {
server.post('/installs', (req, res, next) => {
module.exports = function (server, auth) {
server.post('/installs', auth.basic, (req, res, next) => {
let data = req.body || {};
@@ -20,7 +20,7 @@ module.exports = function(server) {
});
});
server.get('/installs', (req, res, next) => {
server.get('/installs', auth.manager, (req, res, next) => {
Install.apiQuery(req.params, function(err, docs) {
if (err) {
console.error(err);
@@ -34,7 +34,7 @@ module.exports = function(server) {
});
});
server.get('/installs/:install_id', (req, res, next) => {
server.get('/installs/:install_id', auth.manager, (req, res, next) => {
Install.findOne({ _id: req.params.install_id }, function(err, doc) {
if (err) {
console.error(err);
@@ -48,7 +48,7 @@ module.exports = function(server) {
});
});
server.put('/installs/:install_id', (req, res, next) => {
server.put('/installs/:install_id', auth.manager, (req, res, next) => {
let data = req.body || {};
@@ -70,7 +70,7 @@ module.exports = function(server) {
);
}
Install.update({ _id: data._id }, data, function(err) {
Install.updateOne({ _id: data._id }, data, function(err) {
if (err) {
console.error(err);
return next(
@@ -84,7 +84,7 @@ module.exports = function(server) {
});
});
server.del('/installs/:install_id', (req, res, next) => {
server.del('/installs/:install_id', auth.manager, (req, res, next) => {
Install.deleteOne({ _id: req.params.install_id }, function(err) {
if (err) {
console.error(err);

12
routes/items.js
View File

@@ -4,8 +4,8 @@ const errors = require('restify-errors');
const Item = require('../models/item');
const { PUBLIC, STAFF } = require('../strategies/selects/item');
module.exports = function(server) {
server.post('/items', (req, res, next) => {
module.exports = function (server, auth) {
server.post('/items', auth.manager, (req, res, next) => {
const data = req.body || {};
const item = new Item(data);
@@ -21,7 +21,7 @@ module.exports = function(server) {
});
});
server.get('/items', (req, res, next) => {
server.get('/items', auth.basic, (req, res, next) => {
const select = req.user.isManager ? STAFF : PUBLIC;
Item.find(req.params, select, function(err, docs) {
@@ -37,7 +37,7 @@ module.exports = function(server) {
});
});
server.get('/items/:item_id', (req, res, next) => {
server.get('/items/:item_id', auth.basic, (req, res, next) => {
const select = req.user.isManager ? STAFF : PUBLIC;
Item.findOne({ _id: req.params.item_id }, select, function(err, doc) {
@@ -53,7 +53,7 @@ module.exports = function(server) {
});
});
server.put('/items/:item_id', (req, res, next) => {
server.put('/items/:item_id', auth.manager, (req, res, next) => {
let data = req.body || {};
if (!data._id) {
@@ -88,7 +88,7 @@ module.exports = function(server) {
});
});
server.del('/items/:item_id', (req, res, next) => {
server.del('/items/:item_id', auth.manager, (req, res, next) => {
Item.deleteOne({ _id: req.params.item_id }, function(err) {
if (err) {
console.error(err);

14
routes/sales.js
View File

@@ -8,8 +8,8 @@ const errors = require('restify-errors');
*/
const Sale = require('../models/sale');
module.exports = function(server) {
server.post('/sales', (req, res, next) => {
module.exports = function (server, auth) {
server.post('/sales', auth.manager, (req, res, next) => {
let data = req.body || {};
@@ -26,7 +26,7 @@ module.exports = function(server) {
});
});
server.get('/sales', (req, res, next) => {
server.get('/sales', auth.manager, (req, res, next) => {
Sale.apiQuery(req.params, function(err, docs) {
if (err) {
console.error(err);
@@ -40,7 +40,7 @@ module.exports = function(server) {
});
});
server.get('/sales/:sale_id', (req, res, next) => {
server.get('/sales/:sale_id', auth.manager, (req, res, next) => {
Sale.findOne({ _id: req.params.sale_id }, function(err, doc) {
if (err) {
console.error(err);
@@ -54,7 +54,7 @@ module.exports = function(server) {
});
});
server.put('/sales/:sale_id', (req, res, next) => {
server.put('/sales/:sale_id', auth.manager, (req, res, next) => {
let data = req.body || {};
@@ -76,7 +76,7 @@ module.exports = function(server) {
);
}
Sale.update({ _id: data._id }, data, function(err) {
Sale.updateOne({ _id: data._id }, data, function(err) {
if (err) {
console.error(err);
return next(
@@ -90,7 +90,7 @@ module.exports = function(server) {
});
});
server.del('/sales/:sale_id', (req, res, next) => {
server.del('/sales/:sale_id', auth.manager, (req, res, next) => {
Sale.deleteOne({ _id: req.params.sale_id }, function(err) {
if (err) {
console.error(err);