mirror of
https://github.com/pawelmalak/flame.git
synced 2024-12-18 23:41:39 +03:00
Added auth middleware. Added access control to apps
This commit is contained in:
parent
d1c61bb393
commit
e3f167921c
1
api.js
1
api.js
@ -21,6 +21,7 @@ api.use('/api/weather', require('./routes/weather'));
|
|||||||
api.use('/api/categories', require('./routes/category'));
|
api.use('/api/categories', require('./routes/category'));
|
||||||
api.use('/api/bookmarks', require('./routes/bookmark'));
|
api.use('/api/bookmarks', require('./routes/bookmark'));
|
||||||
api.use('/api/queries', require('./routes/queries'));
|
api.use('/api/queries', require('./routes/queries'));
|
||||||
|
api.use('/api/auth', require('./routes/auth'));
|
||||||
|
|
||||||
// Custom error handler
|
// Custom error handler
|
||||||
api.use(errorHandler);
|
api.use(errorHandler);
|
||||||
|
@ -1,11 +1,16 @@
|
|||||||
const asyncWrapper = require('../../middleware/asyncWrapper');
|
const asyncWrapper = require('../../middleware/asyncWrapper');
|
||||||
const App = require('../../models/App');
|
const App = require('../../models/App');
|
||||||
const loadConfig = require('../../utils/loadConfig');
|
const loadConfig = require('../../utils/loadConfig');
|
||||||
|
const ErrorResponse = require('../../utils/ErrorResponse');
|
||||||
|
|
||||||
// @desc Create new app
|
// @desc Create new app
|
||||||
// @route POST /api/apps
|
// @route POST /api/apps
|
||||||
// @access Public
|
// @access Public
|
||||||
const createApp = asyncWrapper(async (req, res, next) => {
|
const createApp = asyncWrapper(async (req, res, next) => {
|
||||||
|
if (!req.isAuthenticated) {
|
||||||
|
return next(new ErrorResponse('Unauthorized', 401));
|
||||||
|
}
|
||||||
|
|
||||||
const { pinAppsByDefault } = await loadConfig();
|
const { pinAppsByDefault } = await loadConfig();
|
||||||
|
|
||||||
let app;
|
let app;
|
||||||
|
@ -1,10 +1,15 @@
|
|||||||
const asyncWrapper = require('../../middleware/asyncWrapper');
|
const asyncWrapper = require('../../middleware/asyncWrapper');
|
||||||
const App = require('../../models/App');
|
const App = require('../../models/App');
|
||||||
|
const ErrorResponse = require('../../utils/ErrorResponse');
|
||||||
|
|
||||||
// @desc Delete app
|
// @desc Delete app
|
||||||
// @route DELETE /api/apps/:id
|
// @route DELETE /api/apps/:id
|
||||||
// @access Public
|
// @access Public
|
||||||
const deleteApp = asyncWrapper(async (req, res, next) => {
|
const deleteApp = asyncWrapper(async (req, res, next) => {
|
||||||
|
if (!req.isAuthenticated) {
|
||||||
|
return next(new ErrorResponse('Unauthorized', 401));
|
||||||
|
}
|
||||||
|
|
||||||
await App.destroy({
|
await App.destroy({
|
||||||
where: { id: req.params.id },
|
where: { id: req.params.id },
|
||||||
});
|
});
|
||||||
|
@ -25,13 +25,18 @@ const getAllApps = asyncWrapper(async (req, res, next) => {
|
|||||||
await useKubernetes(apps);
|
await useKubernetes(apps);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// apps visibility
|
||||||
|
const where = req.isAuthenticated ? {} : { isPublic: true };
|
||||||
|
|
||||||
if (orderType == 'name') {
|
if (orderType == 'name') {
|
||||||
apps = await App.findAll({
|
apps = await App.findAll({
|
||||||
order: [[Sequelize.fn('lower', Sequelize.col('name')), 'ASC']],
|
order: [[Sequelize.fn('lower', Sequelize.col('name')), 'ASC']],
|
||||||
|
where,
|
||||||
});
|
});
|
||||||
} else {
|
} else {
|
||||||
apps = await App.findAll({
|
apps = await App.findAll({
|
||||||
order: [[orderType, 'ASC']],
|
order: [[orderType, 'ASC']],
|
||||||
|
where,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,12 +1,15 @@
|
|||||||
const asyncWrapper = require('../../middleware/asyncWrapper');
|
const asyncWrapper = require('../../middleware/asyncWrapper');
|
||||||
const App = require('../../models/App');
|
const App = require('../../models/App');
|
||||||
|
const ErrorResponse = require('../../utils/ErrorResponse');
|
||||||
|
|
||||||
// @desc Get single app
|
// @desc Get single app
|
||||||
// @route GET /api/apps/:id
|
// @route GET /api/apps/:id
|
||||||
// @access Public
|
// @access Public
|
||||||
const getSingleApp = asyncWrapper(async (req, res, next) => {
|
const getSingleApp = asyncWrapper(async (req, res, next) => {
|
||||||
|
const visibility = req.isAuthenticated ? {} : { isPublic: true };
|
||||||
|
|
||||||
const app = await App.findOne({
|
const app = await App.findOne({
|
||||||
where: { id: req.params.id },
|
where: { id: req.params.id, ...visibility },
|
||||||
});
|
});
|
||||||
|
|
||||||
if (!app) {
|
if (!app) {
|
||||||
|
@ -1,10 +1,15 @@
|
|||||||
const asyncWrapper = require('../../middleware/asyncWrapper');
|
const asyncWrapper = require('../../middleware/asyncWrapper');
|
||||||
const App = require('../../models/App');
|
const App = require('../../models/App');
|
||||||
|
const ErrorResponse = require('../../utils/ErrorResponse');
|
||||||
|
|
||||||
// @desc Reorder apps
|
// @desc Reorder apps
|
||||||
// @route PUT /api/apps/0/reorder
|
// @route PUT /api/apps/0/reorder
|
||||||
// @access Public
|
// @access Public
|
||||||
const reorderApps = asyncWrapper(async (req, res, next) => {
|
const reorderApps = asyncWrapper(async (req, res, next) => {
|
||||||
|
if (!req.isAuthenticated) {
|
||||||
|
return next(new ErrorResponse('Unauthorized', 401));
|
||||||
|
}
|
||||||
|
|
||||||
req.body.apps.forEach(async ({ id, orderId }) => {
|
req.body.apps.forEach(async ({ id, orderId }) => {
|
||||||
await App.update(
|
await App.update(
|
||||||
{ orderId },
|
{ orderId },
|
||||||
|
@ -1,10 +1,15 @@
|
|||||||
const asyncWrapper = require('../../middleware/asyncWrapper');
|
const asyncWrapper = require('../../middleware/asyncWrapper');
|
||||||
const App = require('../../models/App');
|
const App = require('../../models/App');
|
||||||
|
const ErrorResponse = require('../../utils/ErrorResponse');
|
||||||
|
|
||||||
// @desc Update app
|
// @desc Update app
|
||||||
// @route PUT /api/apps/:id
|
// @route PUT /api/apps/:id
|
||||||
// @access Public
|
// @access Public
|
||||||
const updateApp = asyncWrapper(async (req, res, next) => {
|
const updateApp = asyncWrapper(async (req, res, next) => {
|
||||||
|
if (!req.isAuthenticated) {
|
||||||
|
return next(new ErrorResponse('Unauthorized', 401));
|
||||||
|
}
|
||||||
|
|
||||||
let app = await App.findOne({
|
let app = await App.findOne({
|
||||||
where: { id: req.params.id },
|
where: { id: req.params.id },
|
||||||
});
|
});
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
module.exports = {
|
module.exports = {
|
||||||
login: require('./login'),
|
login: require('./login'),
|
||||||
|
validate: require('./validate'),
|
||||||
};
|
};
|
||||||
|
21
controllers/auth/validate.js
Normal file
21
controllers/auth/validate.js
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
const asyncWrapper = require('../../middleware/asyncWrapper');
|
||||||
|
const ErrorResponse = require('../../utils/ErrorResponse');
|
||||||
|
const jwt = require('jsonwebtoken');
|
||||||
|
|
||||||
|
// @desc Verify token
|
||||||
|
// @route POST /api/auth/verify
|
||||||
|
// @access Public
|
||||||
|
const validate = asyncWrapper(async (req, res, next) => {
|
||||||
|
try {
|
||||||
|
jwt.verify(req.body.token, process.env.SECRET);
|
||||||
|
|
||||||
|
res.status(200).json({
|
||||||
|
success: true,
|
||||||
|
data: { token: { isValid: true } },
|
||||||
|
});
|
||||||
|
} catch (err) {
|
||||||
|
return next(new ErrorResponse('Token expired', 401));
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
module.exports = validate;
|
@ -7,7 +7,7 @@ const up = async (query) => {
|
|||||||
const template = {
|
const template = {
|
||||||
type: INTEGER,
|
type: INTEGER,
|
||||||
allowNull: true,
|
allowNull: true,
|
||||||
defaultValue: 0,
|
defaultValue: 1,
|
||||||
};
|
};
|
||||||
|
|
||||||
for await (let table of tables) {
|
for await (let table of tables) {
|
||||||
|
25
middleware/auth.js
Normal file
25
middleware/auth.js
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
const jwt = require('jsonwebtoken');
|
||||||
|
|
||||||
|
const auth = (req, res, next) => {
|
||||||
|
const authHeader = req.header('Authorization');
|
||||||
|
let token;
|
||||||
|
let tokenIsValid = false;
|
||||||
|
|
||||||
|
if (authHeader && authHeader.startsWith('Bearer ')) {
|
||||||
|
token = authHeader.split(' ')[1];
|
||||||
|
}
|
||||||
|
|
||||||
|
if (token) {
|
||||||
|
try {
|
||||||
|
jwt.verify(token, process.env.SECRET);
|
||||||
|
} finally {
|
||||||
|
tokenIsValid = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
req.isAuthenticated = tokenIsValid;
|
||||||
|
|
||||||
|
next();
|
||||||
|
};
|
||||||
|
|
||||||
|
module.exports = auth;
|
@ -29,7 +29,7 @@ const App = sequelize.define(
|
|||||||
isPublic: {
|
isPublic: {
|
||||||
type: DataTypes.INTEGER,
|
type: DataTypes.INTEGER,
|
||||||
allowNull: true,
|
allowNull: true,
|
||||||
defaultValue: 0,
|
defaultValue: 1,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -23,7 +23,7 @@ const Bookmark = sequelize.define(
|
|||||||
isPublic: {
|
isPublic: {
|
||||||
type: DataTypes.INTEGER,
|
type: DataTypes.INTEGER,
|
||||||
allowNull: true,
|
allowNull: true,
|
||||||
defaultValue: 0,
|
defaultValue: 1,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -20,7 +20,7 @@ const Category = sequelize.define(
|
|||||||
isPublic: {
|
isPublic: {
|
||||||
type: DataTypes.INTEGER,
|
type: DataTypes.INTEGER,
|
||||||
allowNull: true,
|
allowNull: true,
|
||||||
defaultValue: 0,
|
defaultValue: 1,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
const express = require('express');
|
const express = require('express');
|
||||||
const router = express.Router();
|
const router = express.Router();
|
||||||
const upload = require('../middleware/multer');
|
const upload = require('../middleware/multer');
|
||||||
|
const auth = require('../middleware/auth');
|
||||||
|
|
||||||
const {
|
const {
|
||||||
createApp,
|
createApp,
|
||||||
@ -11,10 +12,14 @@ const {
|
|||||||
reorderApps,
|
reorderApps,
|
||||||
} = require('../controllers/apps');
|
} = require('../controllers/apps');
|
||||||
|
|
||||||
router.route('/').post(upload, createApp).get(getAllApps);
|
router.route('/').post(auth, upload, createApp).get(auth, getAllApps);
|
||||||
|
|
||||||
router.route('/:id').get(getSingleApp).put(upload, updateApp).delete(deleteApp);
|
router
|
||||||
|
.route('/:id')
|
||||||
|
.get(auth, getSingleApp)
|
||||||
|
.put(auth, upload, updateApp)
|
||||||
|
.delete(auth, deleteApp);
|
||||||
|
|
||||||
router.route('/0/reorder').put(reorderApps);
|
router.route('/0/reorder').put(auth, reorderApps);
|
||||||
|
|
||||||
module.exports = router;
|
module.exports = router;
|
||||||
|
@ -1,9 +1,11 @@
|
|||||||
const express = require('express');
|
const express = require('express');
|
||||||
const router = express.Router();
|
const router = express.Router();
|
||||||
|
|
||||||
const { login } = require('../controllers/auth');
|
const { login, validate } = require('../controllers/auth');
|
||||||
const requireBody = require('../middleware/requireBody');
|
const requireBody = require('../middleware/requireBody');
|
||||||
|
|
||||||
router.route('/').post(requireBody(['password', 'duration']), login);
|
router.route('/').post(requireBody(['password', 'duration']), login);
|
||||||
|
|
||||||
|
router.route('/validate').post(requireBody(['token']), validate);
|
||||||
|
|
||||||
module.exports = router;
|
module.exports = router;
|
||||||
|
Loading…
Reference in New Issue
Block a user