web - routes -> comments
This commit is contained in:
Ruben Meyer
parent
8c2d8a6920
commit
f895af3890
@ -7,23 +7,30 @@
|
|||||||
var express = require('express');
|
var express = require('express');
|
||||||
var route = express.Router();
|
var route = express.Router();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* register a user; currently not implemented
|
||||||
|
* @url /register
|
||||||
|
* @method POST
|
||||||
|
*/
|
||||||
route.post('/register', (req, res) => {
|
route.post('/register', (req, res) => {
|
||||||
|
// if registration is disabled
|
||||||
if(!global['app'].cfg.web.registration) {
|
if(!global['app'].cfg.web.registration) {
|
||||||
return res.type('json').status(400).end(JSON.stringify({status: 400, message: "msg.auth.registration.deactivated"}));
|
return res.type('json').status(400).end(JSON.stringify({status: 400, message: "msg.auth.registration.deactivated"}));
|
||||||
} else {
|
} else {
|
||||||
// TODO: register
|
// am i rite?
|
||||||
return res.type('json').status(200).end(JSON.stringify({}));
|
return res.type('json').status(200).end(JSON.stringify({}));
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
route.post('/login', (req, res) => {
|
/**
|
||||||
/*
|
* login a user
|
||||||
* done - check body vars -> else ERR 401 'msg.auth.login.failed'
|
* @url /api/login
|
||||||
* done - get users by mail / nickname -> else ERR 401 'msg.auth.login.failed' OR ERR 500 'msg.database.error'
|
* @method POST
|
||||||
* done - validate password hash -> else ERR 401 'msg.auth.login.failed'
|
* @POST ['email', 'password']
|
||||||
* TODO - add new activity 'action.user.login'
|
* @TODO add new activity 'action.user.login'
|
||||||
*/
|
*/
|
||||||
|
route.post('/login', (req, res) => {
|
||||||
|
// if user is logged in (existing session); FAIL
|
||||||
if(req.session.user) {
|
if(req.session.user) {
|
||||||
return res.type('json').end(JSON.stringify({
|
return res.type('json').end(JSON.stringify({
|
||||||
status: 401,
|
status: 401,
|
||||||
@ -32,7 +39,7 @@ route.post('/login', (req, res) => {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// check body variables
|
// check body variables
|
||||||
if(!req.body.email && !req.body.password) {
|
if(!req.body.email || !req.body.password) {
|
||||||
return res.type('json').status(401).end(JSON.stringify({
|
return res.type('json').status(401).end(JSON.stringify({
|
||||||
status: 401,
|
status: 401,
|
||||||
message: [
|
message: [
|
||||||
@ -44,10 +51,14 @@ route.post('/login', (req, res) => {
|
|||||||
let email = req.body.email;
|
let email = req.body.email;
|
||||||
let pass = req.body.password;
|
let pass = req.body.password;
|
||||||
|
|
||||||
|
// database query: get user by email
|
||||||
global['modules'].database.getUser(email, (err, rep) => {
|
global['modules'].database.getUser(email, (err, rep) => {
|
||||||
console.log(err, rep);
|
// if database error
|
||||||
if(err) {
|
if(err) {
|
||||||
|
// log error while debugging
|
||||||
global['logs'].debug(err);
|
global['logs'].debug(err);
|
||||||
|
|
||||||
|
// login failed because of database error
|
||||||
return res.type('json').status(500).end(JSON.stringify({
|
return res.type('json').status(500).end(JSON.stringify({
|
||||||
status: 500,
|
status: 500,
|
||||||
message: [
|
message: [
|
||||||
@ -56,11 +67,14 @@ route.post('/login', (req, res) => {
|
|||||||
]
|
]
|
||||||
}));
|
}));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// no reply (user does not exist) or password is wrong
|
||||||
if(!rep || rep === null || rep.length == 0 || rep.length > 1 || !global['modules'].auth.validateHash(rep[0].passhash, pass)) {
|
if(!rep || rep === null || rep.length == 0 || rep.length > 1 || !global['modules'].auth.validateHash(rep[0].passhash, pass)) {
|
||||||
return res.type('json').status(401).end(JSON.stringify({
|
return res.type('json').status(401).end(JSON.stringify({
|
||||||
status: 401,
|
status: 401,
|
||||||
message: 'msg.auth.login.failed'
|
message: 'msg.auth.login.failed'
|
||||||
}));
|
}));
|
||||||
|
// do login
|
||||||
} else {
|
} else {
|
||||||
// add cookies; login
|
// add cookies; login
|
||||||
// new activity 'action.user.login'
|
// new activity 'action.user.login'
|
||||||
@ -80,12 +94,27 @@ route.post('/login', (req, res) => {
|
|||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
/**
|
||||||
|
* apps verify token
|
||||||
|
* @url /api/authenticate
|
||||||
|
* @method POST
|
||||||
|
* @POST ['applicationId', 'applicationSecret', 'userId', 'token']
|
||||||
|
* @TODO add implementation
|
||||||
|
*/
|
||||||
route.post('/authenticate', (req, res) => {
|
route.post('/authenticate', (req, res) => {
|
||||||
// TODO: authenticate
|
// TODO: authenticate
|
||||||
});
|
});
|
||||||
|
|
||||||
|
/**
|
||||||
|
* redirect user to app
|
||||||
|
* @url /api/redirect
|
||||||
|
* @method GET
|
||||||
|
* @GET ['id']
|
||||||
|
*/
|
||||||
route.get('/redirect', (req, res) => {
|
route.get('/redirect', (req, res) => {
|
||||||
|
// if user is logged in
|
||||||
if(req.session && req.session.user) {
|
if(req.session && req.session.user) {
|
||||||
|
// missing query data to retrieve app
|
||||||
if(!req.query || !req.query.id) {
|
if(!req.query || !req.query.id) {
|
||||||
return res.type('json').status(500).end(JSON.stringify({
|
return res.type('json').status(500).end(JSON.stringify({
|
||||||
status: 500,
|
status: 500,
|
||||||
@ -94,10 +123,13 @@ route.get('/redirect', (req, res) => {
|
|||||||
]
|
]
|
||||||
}));
|
}));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// set auth code
|
||||||
global['modules'].database.setAuthCode({
|
global['modules'].database.setAuthCode({
|
||||||
aId: req.query.id,
|
aId: req.query.id,
|
||||||
uId: req.session.user.id
|
uId: req.session.user.id
|
||||||
}, (err, rep) => {
|
}, (err, rep) => {
|
||||||
|
// database error
|
||||||
if(err) {
|
if(err) {
|
||||||
global['logs'].debug(err);
|
global['logs'].debug(err);
|
||||||
return res.type('json').status(500).end(JSON.stringify({
|
return res.type('json').status(500).end(JSON.stringify({
|
||||||
@ -108,7 +140,9 @@ route.get('/redirect', (req, res) => {
|
|||||||
}));
|
}));
|
||||||
}
|
}
|
||||||
else if(rep) {
|
else if(rep) {
|
||||||
|
// retrieve apps
|
||||||
global['modules'].database.getApps((err2, rep2) => {
|
global['modules'].database.getApps((err2, rep2) => {
|
||||||
|
// database error
|
||||||
if(err2) {
|
if(err2) {
|
||||||
global['logs'].debug(err2);
|
global['logs'].debug(err2);
|
||||||
return res.type('json').status(500).end(JSON.stringify({
|
return res.type('json').status(500).end(JSON.stringify({
|
||||||
@ -118,13 +152,17 @@ route.get('/redirect', (req, res) => {
|
|||||||
]
|
]
|
||||||
}));
|
}));
|
||||||
}
|
}
|
||||||
|
// for each app
|
||||||
rep2.forEach((app) => {
|
rep2.forEach((app) => {
|
||||||
|
// if app.id is equal to queried app
|
||||||
if(app.id == req.query.id) {
|
if(app.id == req.query.id) {
|
||||||
|
// redirect to app
|
||||||
return res.redirect(app.access+"?uid="+req.session.user.id+"&token="+rep.token);
|
return res.redirect(app.access+"?uid="+req.session.user.id+"&token="+rep.token);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
} else {
|
} else {
|
||||||
|
// database error
|
||||||
return res.type('json').status(500).end(JSON.stringify({
|
return res.type('json').status(500).end(JSON.stringify({
|
||||||
status: 500,
|
status: 500,
|
||||||
message: [
|
message: [
|
||||||
@ -133,6 +171,7 @@ route.get('/redirect', (req, res) => {
|
|||||||
}));
|
}));
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
// user isnt logged in
|
||||||
} else {
|
} else {
|
||||||
return res.type('json').end(JSON.stringify({
|
return res.type('json').end(JSON.stringify({
|
||||||
status: 401,
|
status: 401,
|
||||||
@ -141,12 +180,19 @@ route.get('/redirect', (req, res) => {
|
|||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
/**
|
||||||
|
* logout user
|
||||||
|
* @url /api/logout
|
||||||
|
* @method GET
|
||||||
|
*/
|
||||||
route.get('/logout', (req, res) => {
|
route.get('/logout', (req, res) => {
|
||||||
|
// user needs to be logged in
|
||||||
if(!req.session || !req.session.user) {
|
if(!req.session || !req.session.user) {
|
||||||
return res.type('json').end(JSON.stringify({
|
return res.type('json').end(JSON.stringify({
|
||||||
status: 401,
|
status: 401,
|
||||||
message: 'msg.auth.login.required'
|
message: 'msg.auth.login.required'
|
||||||
}));
|
}));
|
||||||
|
// logout user
|
||||||
} else {
|
} else {
|
||||||
res.clearCookie('RememberMe');
|
res.clearCookie('RememberMe');
|
||||||
req.session.destroy();
|
req.session.destroy();
|
||||||
|
|||||||
@ -29,6 +29,11 @@ var fileCheck = (file) => {
|
|||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* main page
|
||||||
|
* @url /
|
||||||
|
* @method all
|
||||||
|
*/
|
||||||
route.all('/', function(req, res, next) {
|
route.all('/', function(req, res, next) {
|
||||||
// TODO: show login page or dashboard
|
// TODO: show login page or dashboard
|
||||||
// res.end('login or dashboard');
|
// res.end('login or dashboard');
|
||||||
@ -40,12 +45,22 @@ route.all('/', function(req, res, next) {
|
|||||||
})
|
})
|
||||||
});
|
});
|
||||||
|
|
||||||
// login page or app request
|
/**
|
||||||
|
* login page or apprequest page
|
||||||
|
* @url /
|
||||||
|
* @method all
|
||||||
|
*/
|
||||||
route.get('/authenticate', (req, res) => {
|
route.get('/authenticate', (req, res) => {
|
||||||
|
|
||||||
|
if(req.session) {
|
||||||
|
// if there isnt an apprequest
|
||||||
|
if(!req.session.appRequest)
|
||||||
req.session.appRequest = {}; // TODO: data
|
req.session.appRequest = {}; // TODO: data
|
||||||
|
}
|
||||||
|
|
||||||
|
// query apps
|
||||||
global['modules'].database.getApps((err, rep) => {
|
global['modules'].database.getApps((err, rep) => {
|
||||||
|
// set appId in appRequest
|
||||||
if(req.query.appId) {
|
if(req.query.appId) {
|
||||||
if(req.query.appId && typeof req.query.appId == "string") {
|
if(req.query.appId && typeof req.query.appId == "string") {
|
||||||
// req.query.appId
|
// req.query.appId
|
||||||
@ -57,12 +72,14 @@ route.get('/authenticate', (req, res) => {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// if user is logged in, show request page
|
||||||
if(req.session && req.session.user) {
|
if(req.session && req.session.user) {
|
||||||
res.render('request', {
|
res.render('request', {
|
||||||
session: req.session,
|
session: req.session,
|
||||||
appRequest: req.session.appRequest,
|
appRequest: req.session.appRequest,
|
||||||
apps: rep
|
apps: rep
|
||||||
});
|
});
|
||||||
|
// if user isnt logged in, show login page
|
||||||
} else {
|
} else {
|
||||||
res.render('login', {
|
res.render('login', {
|
||||||
session: req.session,
|
session: req.session,
|
||||||
@ -73,6 +90,12 @@ route.get('/authenticate', (req, res) => {
|
|||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
/**
|
||||||
|
* all other routes
|
||||||
|
* @url /*
|
||||||
|
* @method all
|
||||||
|
* @TODO comments
|
||||||
|
*/
|
||||||
route.all('/*', (req, res, next) => {
|
route.all('/*', (req, res, next) => {
|
||||||
// passthrough to next route
|
// passthrough to next route
|
||||||
if(req.path.startsWith('/api'))
|
if(req.path.startsWith('/api'))
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user