mifi/pfosi-looking-api
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

no message

Browse Source
This commit is contained in:
Mike Fitzpatrick
2018-03-05 21:55:31 -05:00
parent 69db9ed152
commit b28456ecb6
2 changed files with 514 additions and 443 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
routes/profiles.js
View File

@@ -38,12 +38,13 @@ function processQueryParams (params) {
} }
function update (req, res, next) { function update (req, res, next) {
Token.verifyThen(req.get('authorization'), 'edit', (err, decoded) => { Token.verifyThen(req.get('authorization'), 'update', (err, decoded) => {
if (err) { if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err }); res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return; return;
} }
if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter(); var ProfileEvents = new EventEmitter();
var id = req.params.id; var id = req.params.id;
var data = req.body; var data = req.body;
@@ -64,16 +65,18 @@ function update (req, res, next) {
}); });
Profiles.update(ProfileEvents, id, data); Profiles.update(ProfileEvents, id, data);
}
}); });
} }
function updateMessage (req, res, next) { function updateMessage (req, res, next) {
// Token.verifyThen(req.get('authorization'), 'edit', (err, decoded) => { Token.verifyThen(req.get('authorization'), 'update', (err, decoded) => {
// if (err) { if (err || (decoded && !decoded.hasPermission)) {
// res.status(403).json({ message: 'User not authorized to perform this action.', err: err }); res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
// return; return;
// } }
if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter(); var ProfileEvents = new EventEmitter();
var profileId = req.params.profileId; var profileId = req.params.profileId;
var messageId = req.params.messageId; var messageId = req.params.messageId;
@@ -95,11 +98,19 @@ function updateMessage (req, res, next) {
}); });
Profiles.updateMessage(ProfileEvents, profileId, messageId, data); Profiles.updateMessage(ProfileEvents, profileId, messageId, data);
// }); }
});
} }
Router.route('/find' + ParamStr) Router.route('/find' + ParamStr)
.get((req, res) => { .get((req, res) => {
Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter(); var ProfileEvents = new EventEmitter();
var find = processQueryParams(req.params); var find = processQueryParams(req.params);
@@ -124,10 +135,19 @@ Router.route('/find' + ParamStr)
}); });
Profiles.find(ProfileEvents, query); Profiles.find(ProfileEvents, query);
}
});
}); });
Router.route('/list' + ParamStr) Router.route('/list' + ParamStr)
.get((req, res) => { .get((req, res) => {
Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter(); var ProfileEvents = new EventEmitter();
var find = processQueryParams(req.params); var find = processQueryParams(req.params);
@@ -152,10 +172,19 @@ Router.route('/list' + ParamStr)
}); });
Profiles.find(ProfileEvents, query); Profiles.find(ProfileEvents, query);
}
});
}); });
Router.route('/:profileId/messages/images/:which?') Router.route('/:profileId/messages/images/:which?')
.get((req, res) => { .get((req, res) => {
Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var method; var method;
var ProfileEvents = new EventEmitter(); var ProfileEvents = new EventEmitter();
var profileId = req.params.profileId; var profileId = req.params.profileId;
@@ -183,10 +212,19 @@ Router.route('/:profileId/messages/images/:which?')
}); });
Profiles[method](ProfileEvents, profileId); Profiles[method](ProfileEvents, profileId);
}
});
}); });
Router.route('/:profileId/messages/:messageId?') Router.route('/:profileId/messages/:messageId?')
.delete((req, res) => { .delete((req, res) => {
Token.verifyThen(req.get('authorization'), 'delete', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter(); var ProfileEvents = new EventEmitter();
var profileId = req.params.profileId || null; var profileId = req.params.profileId || null;
var messageId = req.params.messageId || null; var messageId = req.params.messageId || null;
@@ -202,8 +240,17 @@ Router.route('/:profileId/messages/:messageId?')
}); });
Profiles.deleteMessage(ProfileEvents, profileId, messageId); Profiles.deleteMessage(ProfileEvents, profileId, messageId);
}
});
}) })
.get((req, res) => { .get((req, res) => {
Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter(); var ProfileEvents = new EventEmitter();
var profileId = req.params.profileId || null; var profileId = req.params.profileId || null;
var messageId = req.params.messageId || null; var messageId = req.params.messageId || null;
@@ -220,18 +267,21 @@ Router.route('/:profileId/messages/:messageId?')
}); });
Profiles[method](ProfileEvents, profileId, messageId); Profiles[method](ProfileEvents, profileId, messageId);
}
});
}) })
.patch( updateMessage ) .patch( updateMessage )
.put( updateMessage ); .put( updateMessage );
Router.route('/:id?') Router.route('/:id?')
.delete( (req, res) => { .delete( (req, res) => {
// Token.verifyThen(req.get('authorization'), 'delete', (err, decoded) => { Token.verifyThen(req.get('authorization'), 'delete', (err, decoded) => {
// if (err) { if (err || (decoded && !decoded.hasPermission)) {
// res.status(403).json({ message: 'User not authorized to perform this action.', err: err }); res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
// return; return;
// } }
if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter(); var ProfileEvents = new EventEmitter();
var id = req.params.id; var id = req.params.id;
@@ -246,15 +296,17 @@ Router.route('/:id?')
}); });
Profiles.delete(ProfileEvents, id); Profiles.delete(ProfileEvents, id);
// }); }
});
}) })
.get( (req, res) => { .get( (req, res) => {
// Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => { Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
// if (err) { if (err || (decoded && !decoded.hasPermission)) {
// res.status(403).json({ message: 'User not authorized to perform this action.', err: err }); res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
// return; return;
// } }
if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter(); var ProfileEvents = new EventEmitter();
var id = req.params.id || null; var id = req.params.id || null;
var method = id ? 'get' : 'all'; var method = id ? 'get' : 'all';
@@ -270,16 +322,18 @@ Router.route('/:id?')
}); });
Profiles[method](ProfileEvents, id); Profiles[method](ProfileEvents, id);
// }); }
});
}) })
.patch( update ) .patch( update )
.post((req, res) => { .post((req, res) => {
// Token.verifyThen(req.get('authorization'), 'add', (err, decoded) => { Token.verifyThen(req.get('authorization'), 'add', (err, decoded) => {
// if (err) { if (err || (decoded && !decoded.hasPermission)) {
// res.status(403).json({ message: 'User not authorized to perform this action.', err: err }); res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
// return; return;
// } }
if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter(); var ProfileEvents = new EventEmitter();
var profile = Array.isArray(req.body) ? req.body : [ req.body ]; var profile = Array.isArray(req.body) ? req.body : [ req.body ];
var multi = profile.length > 1; var multi = profile.length > 1;
@@ -295,7 +349,8 @@ Router.route('/:id?')
}); });
Profiles.create(ProfileEvents, profile); Profiles.create(ProfileEvents, profile);
// }); }
});
}) })
.put( update ); .put( update );

60
routes/users.js
View File

@@ -5,12 +5,13 @@ var Token = require('../modules/token');
var UserModel = require('../models/user'); var UserModel = require('../models/user');
function updateUser (req, res, next) { function updateUser (req, res, next) {
Token.verifyThen(req.get('authorization'), ['view', 'super'], (err, decoded) => { Token.verifyThen(req.get('authorization'), 'super', (err, decoded) => {
if (err) { if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err }); res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return; return;
} }
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter(); var UserEvents = new EventEmitter();
var id = req.params.id; var id = req.params.id;
var data = req.body; var data = req.body;
@@ -34,20 +35,18 @@ function updateUser (req, res, next) {
} else { } else {
res.status(403).json({ message: 'User not authorized to perform this action.' }); res.status(403).json({ message: 'User not authorized to perform this action.' });
} }
}
}); });
} }
function updateUserSetting (req, res, next) { function updateUserSetting (req, res, next) {
console.log('[UsersRoute::updateUserSetting]'); Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
console.log('req.params: ', req.params);
console.log('req.body: ', req.body);
Token.verifyThen(req.get('authorization'), 'viewPublicDetails', (err, decoded) => {
if (err) { if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err }); res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return; return;
} }
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter(); var UserEvents = new EventEmitter();
var userId = req.params.userId; var userId = req.params.userId;
var settingsId = req.params.settingsId; var settingsId = req.params.settingsId;
@@ -65,17 +64,19 @@ function updateUserSetting (req, res, next) {
}); });
UserModel.updateUserSetting(UserEvents, userId, settingsId, data); UserModel.updateUserSetting(UserEvents, userId, settingsId, data);
}
}); });
} }
Router.route('/') Router.route('/')
.post((req, res, next) => { .post((req, res, next) => {
Token.verifyThen(req.get('authorization'), 'manageUsers', (err, decoded) => { Token.verifyThen(req.get('authorization'), 'super', (err, decoded) => {
if (err) { if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err }); res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return; return;
} }
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter(); var UserEvents = new EventEmitter();
var user = req.body; var user = req.body;
@@ -90,17 +91,19 @@ Router.route('/')
}); });
UserModel.createUser(UserEvents, user); UserModel.createUser(UserEvents, user);
}
}); });
}); });
Router.route('/search/:find?') Router.route('/search/:find?')
.get((req, res, next) => { .get((req, res, next) => {
Token.verifyThen(req.get('authorization'), 'manageUsers', (err, decoded) => { Token.verifyThen(req.get('authorization'), 'super', (err, decoded) => {
if (err) { if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err }); res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return; return;
} }
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter(); var UserEvents = new EventEmitter();
// Process parameters // Process parameters
@@ -137,17 +140,19 @@ Router.route('/search/:find?')
}); });
UserModel.getUsers(UserEvents, query); UserModel.getUsers(UserEvents, query);
}
}); });
}); });
Router.route('/validate/:username?') Router.route('/validate/:username?')
.get((req, res) => { .get((req, res) => {
Token.verifyThen(req.get('authorization'), 'viewPublicDetails', (err, decoded) => { Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err) { if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err }); res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return; return;
} }
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter(); var UserEvents = new EventEmitter();
var username = req.params.username || ''; var username = req.params.username || '';
@@ -166,17 +171,19 @@ Router.route('/validate/:username?')
} else { } else {
res.status(200).json({ unique: null, length: false }); res.status(200).json({ unique: null, length: false });
} }
}
}); });
}); });
Router.route('/force-password-reset/:id') Router.route('/force-password-reset/:id')
.post( (req, res, next) => { .post( (req, res, next) => {
Token.verifyThen(req.get('authorization'), 'manageUsers', (err, decoded) => { Token.verifyThen(req.get('authorization'), 'super', (err, decoded) => {
if (err) { if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err }); res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return; return;
} }
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter(); var UserEvents = new EventEmitter();
var id = req.params.id; var id = req.params.id;
@@ -191,17 +198,19 @@ Router.route('/force-password-reset/:id')
}); });
UserModel.forcePasswordReset(UserEvents, id); UserModel.forcePasswordReset(UserEvents, id);
}
}); });
}); });
Router.route('/:id/settings/:key?') Router.route('/:id/settings/:key?')
.get( (req, res, next) => { .get( (req, res, next) => {
Token.verifyThen(req.get('authorization'), 'viewPublicDetails', (err, decoded) => { Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err) { if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err }); res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return; return;
} }
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter(); var UserEvents = new EventEmitter();
var id = req.params.id; var id = req.params.id;
var key = req.params.key || false; var key = req.params.key || false;
@@ -218,18 +227,20 @@ Router.route('/:id/settings/:key?')
}); });
UserModel[method](UserEvents, id, key); UserModel[method](UserEvents, id, key);
}
}); });
}); });
Router.route('/:userId/settings/:settingsId?') Router.route('/:userId/settings/:settingsId?')
.patch( updateUserSetting ) .patch( updateUserSetting )
.post( (req, res, next) => { .post( (req, res, next) => {
Token.verifyThen(req.get('authorization'), 'viewPublicDetails', (err, decoded) => { Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err) { if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err }); res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return; return;
} }
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter(); var UserEvents = new EventEmitter();
var userId = req.params.userId; var userId = req.params.userId;
var data = req.body; var data = req.body;
@@ -245,18 +256,20 @@ Router.route('/:userId/settings/:settingsId?')
}); });
UserModel.createUserSetting(UserEvents, userId, data); UserModel.createUserSetting(UserEvents, userId, data);
}
}); });
}) })
.put( updateUserSetting ); .put( updateUserSetting );
Router.route('/:id?') Router.route('/:id?')
.get( (req, res, next) => { .get( (req, res, next) => {
Token.verifyThen(req.get('authorization'), ['viewPublicDetails', 'manageUsers'], (err, decoded) => { Token.verifyThen(req.get('authorization'), 'manage', (err, decoded) => {
if (err) { if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action. ' + err, err: err }); res.status(403).json({ message: 'User not authorized to perform this action. ' + err, err: err });
return; return;
} }
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter(); var UserEvents = new EventEmitter();
var id = req.params.id || false; var id = req.params.id || false;
var method = id ? 'getUser' : 'getUsers'; var method = id ? 'getUser' : 'getUsers';
@@ -276,17 +289,19 @@ Router.route('/:id?')
} else { } else {
res.status(403).json({ message: 'User not authorized to perform this action.' }); res.status(403).json({ message: 'User not authorized to perform this action.' });
} }
}
}); });
}) })
.put( updateUser ) .put( updateUser )
.patch( updateUser ) .patch( updateUser )
.delete( (req, res, next) => { .delete( (req, res, next) => {
Token.verifyThen(req.get('authorization'), 'manageUsers', (err, decoded) => { Token.verifyThen(req.get('authorization'), 'manage', (err, decoded) => {
if (err) { if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err }); res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return; return;
} }
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter(); var UserEvents = new EventEmitter();
var id = req.params.id; var id = req.params.id;
@@ -306,6 +321,7 @@ Router.route('/:id?')
}); });
UserModel.deleteUser(UserEvents, id); UserModel.deleteUser(UserEvents, id);
}
}); });
}); });