hardi
/
opt-cc
1
0
Fork 0
Code Pull Requests Releases 47 Activity

backend register & activation route

pull/1/head
Florian Hartwich 2017-06-08 16:03:20 +02:00
parent 9b8bcd0722
commit b5bcc676ed
3 changed files with 101 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
api/middleware/permission-check.js
View File

@ -5,7 +5,6 @@ let check = (requiredPermission, actualPermission, res, next) => {
if (actualPermission >= requiredPermission) { if (actualPermission >= requiredPermission) {
return next(); return next();
} }
return res.status(403).send({ return res.status(403).send({
success: false, success: false,
message: 'permission denied' message: 'permission denied'

8
api/models/app-user.js
View File

@ -20,6 +20,14 @@ const AppUserSchema = new Schema({
min: 0, min: 0,
max: 4, max: 4,
default: 0 default: 0
},
secret: {
type: String,
required: true
},
activated: {
type: Boolean,
default: false
} }
}, { }, {
collection: 'app_user', collection: 'app_user',

143
api/routes/authenticate.js
View File

@ -8,6 +8,9 @@ const Q = require('q');
const _ = require('lodash'); const _ = require('lodash');
const logger = require('debug')('cc:authenticate'); const logger = require('debug')('cc:authenticate');
const apiAuthenticationMiddleware = require('../middleware/auth-middleware');
const checkAdmin = require('../middleware/permission-check').checkAdmin;
// HTTP status codes by name // HTTP status codes by name
const codes = require('./http-codes'); const codes = require('./http-codes');
@ -49,11 +52,12 @@ let authCheck = (username, password) => {
const diff = 3 * 60 * 24; // time till expiration [minutes] const diff = 3 * 60 * 24; // time till expiration [minutes]
if (user && bcrypt.compareSync(password, user.password)) { if (user && user.activated && bcrypt.compareSync(password, user.password)) {
// authentication successful // authentication successful
deferred.resolve({ deferred.resolve({
_id: user._id, _id: user._id,
username: user.username, username: user.username,
permission: user.permission,
token: jwt.sign({sub: user._id}, config.secret, {expiresIn: diff * 60}), token: jwt.sign({sub: user._id}, config.secret, {expiresIn: diff * 60}),
tokenExpireDate: new Date(Date.now().valueOf() + diff * 60000 - 1000) tokenExpireDate: new Date(Date.now().valueOf() + diff * 60000 - 1000)
}); });
@ -67,57 +71,94 @@ let authCheck = (username, password) => {
}; };
// ******************************** EDITING USING ADMIN PANEL ************************
authenticate.route('/editUser/:id')
.patch(apiAuthenticationMiddleware, checkAdmin, (req, res, next) => {
if (!req.body || (req.body._id && req.body._id !== req.params.id)) {
// little bit different as in PUT. :id does not need to be in data, but if the _id and url id must match
const err = new Error('id of PATCH resource and send JSON body are not equal ' + req.params.id + " " + req.body._id);
err.status = codes.notfound;
next(err);
return; // prevent node to process this function further after next() has finished.
}
// increment version manually as we do not use .save(.)
req.body.updatedAt = new Date();
req.body.$inc = {__v: 1};
// PATCH is easier with mongoose than PUT. You simply update by all data that comes from outside. no need to reset attributes that are missing.
AppUserModel.findByIdAndUpdate(req.params.id, req.body, {new: true}, (err, item) => {
if (err) {
err.status = codes.wrongrequest;
}
else if (!item) {
err = new Error("appUser not found");
err.status = codes.notfound;
}
else {
res.locals.items = item;
}
next(err);
})
})
.all(
routerHandling.httpMethodNotAllowed
);
// ******************************** SIGNUP ************************ // ******************************** SIGNUP ************************
//
// authenticate.route('/signup') authenticate.route('/signup')
// .post((req, res, next) => { .post((req, res, next) => {
// create(req.body) create(req.body)
// .then(() => { .then(() => {
// res.sendStatus(200); res.sendStatus(200);
// }) })
// .catch((err) => { .catch((err) => {
// res.status(400).send(err); res.status(400).send(err);
// }); });
// }) })
//
// .all( .all(
// routerHandling.httpMethodNotAllowed routerHandling.httpMethodNotAllowed
// ); );
//
// let create = (userParam) => { let create = (userParam) => {
// const deferred = Q.defer(); const deferred = Q.defer();
//
// // validation // validation
// AppUserModel.findOne( AppUserModel.findOne(
// {username: userParam.username}, {username: userParam.username},
// (err, user) => { (err, user) => {
// if (err) deferred.reject(err.name + ': ' + err.message); if (err) deferred.reject(err.name + ': ' + err.message);
//
// if (user) { if (user) {
// // username already exists // username already exists
// deferred.reject('Username "' + userParam.username + '" is already taken'); deferred.reject('Username "' + userParam.username + '" is already taken');
// } else { } else {
// createUser(); createUser();
// } }
// }); });
//
// let createUser = () => { let createUser = () => {
// // set user object to userParam without the cleartext password // set user object to userParam without the cleartext password
// const user = _.omit(userParam, 'password'); const user = _.omit(userParam, 'password');
//
// // add hashed password to user object // add hashed password to user object
// user.password = bcrypt.hashSync(userParam.password, 10); user.password = bcrypt.hashSync(userParam.password, 10);
//
// const newUser = new AppUserModel(user); const newUser = new AppUserModel(user);
// newUser.save((err, doc) => { newUser.save((err, doc) => {
// if (err) deferred.reject(err.name + ': ' + err.message); if (err) deferred.reject(err.name + ': ' + err.message);
//
// deferred.resolve(); deferred.resolve();
// }); });
// }; };
//
// return deferred.promise; return deferred.promise;
// }; };
authenticate.use(routerHandling.emptyResponse); authenticate.use(routerHandling.emptyResponse);