Centralized errors and added their translations. Didn't test
This commit is contained in:
@@ -3,71 +3,63 @@ import jwt from 'jsonwebtoken';
|
||||
import config from '../../config.json' with {type: "json"};
|
||||
import GroupService from '../services/group.js';
|
||||
import UserService from '../services/user.js';
|
||||
import customError from '../response/customError.js';
|
||||
import responseCodes from '../response/responseCodes.js';
|
||||
|
||||
const TAG = "/middlewares/auth.js";
|
||||
|
||||
const requireUsername = async (req, res, next) => {
|
||||
if (req.method == "OPTIONS") next();
|
||||
|
||||
try {
|
||||
const { username } = req.body;
|
||||
if (!username) return res.status(400).send("Username is required");
|
||||
next();
|
||||
} catch (e) { return res.status(500).send(unknownError(`${TAG}/requireUsername: ${e}`)); }
|
||||
const { username } = req.body;
|
||||
if (!username) throw new customError(`requireUsername username is required`, responseCodes.responses.usernames.required)
|
||||
next();
|
||||
};
|
||||
|
||||
const requirePassword = async (req, res, next) => {
|
||||
if (req.method == "OPTIONS") next();
|
||||
|
||||
try {
|
||||
const { password } = req.body;
|
||||
if (!password) return res.status(400).send("Password is required");
|
||||
next();
|
||||
} catch (e) { return res.status(500).send(unknownError(`${TAG}/requirePassword: ${e}`)); }
|
||||
const { password } = req.body;
|
||||
if (!password) throw new customError(`requirePassword password is required`, responseCodes.responses.passwords.required);
|
||||
next();
|
||||
};
|
||||
|
||||
const authenticate = async (req, res, next) => {
|
||||
if (req.method == "OPTIONS") next();
|
||||
|
||||
try {
|
||||
if (!req.headers.authorization) return res.status(403).send("No authorization header supplied");
|
||||
const token = req.headers.authorization.split(' ')[1];
|
||||
if (!token) return res.status(403).send("No authorization token supplied");
|
||||
if (!jwt.verify(token, config.secret)) return res.status(403).send("Authorization token is incorrect");
|
||||
if (!req.headers.authorization) throw new customError(`authenticate no authorization header`, responseCodes.responses.authentication.not_found);
|
||||
const token = req.headers.authorization.split(' ')[1];
|
||||
if (!token) throw new customError(`authenticate no authorization token in header`, responseCodes.responses.authentication.not_found);
|
||||
if (!jwt.verify(token, config.secret)) throw new customError(`authenticate token is invalid`, responseCodes.responses.authentication.invalid);
|
||||
|
||||
next();
|
||||
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/authenticate: ${e}`)); }
|
||||
next();
|
||||
};
|
||||
|
||||
const authorizeGroupOwner = async (req, res, next) => {
|
||||
if (req.method == "OPTIONS") next();
|
||||
|
||||
try {
|
||||
const token = req.headers.authorization.split(' ')[1];
|
||||
const token = req.headers.authorization.split(' ')[1];
|
||||
|
||||
const { groupId } = req.params;
|
||||
const { groupId } = req.params;
|
||||
|
||||
let user = jwt.decode(token, config.secret);
|
||||
let user = jwt.decode(token, config.secret);
|
||||
|
||||
let adminId = await GroupService.getAdminId(groupId);
|
||||
if (user.login.id != adminId) return res.status(403).send("Not your group");
|
||||
next();
|
||||
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/authorizeGroupOwner: ${e}`)); }
|
||||
let adminId = await GroupService.getAdminId(groupId);
|
||||
if (user.login.id != adminId) throw new customError(`authorizeGroupOwner not an owner`, responseCodes.responses.groups.not_an_owner)
|
||||
next();
|
||||
};
|
||||
|
||||
const checkGroupPassword = async (req, res, next) => {
|
||||
if (req.method == "OPTIONS") next();
|
||||
|
||||
try {
|
||||
const { groupId } = req.params;
|
||||
const { password } = req.body;
|
||||
const { groupId } = req.params;
|
||||
const { password } = req.body;
|
||||
|
||||
const groupPassword = await GroupService.getPassword(groupId);
|
||||
const groupPassword = await GroupService.getPassword(groupId);
|
||||
|
||||
if (groupPassword != password) return res.status(403).send("Wrong password");
|
||||
next();
|
||||
if (groupPassword != password) throw new customError(`checkGroupPassword password is invalid`, responseCodes.responses.passwords.invalid);
|
||||
next();
|
||||
|
||||
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/checkGroupPassword: ${e}`)); }
|
||||
};
|
||||
|
||||
const userIsInGroup = async (req, res, next) => {
|
||||
@@ -77,7 +69,7 @@ const userIsInGroup = async (req, res, next) => {
|
||||
|
||||
const token = req.headers.authorization.split(' ')[1];
|
||||
let user = jwt.decode(token, config.secret);
|
||||
if (!await UserService.isInGroup(user.login.id, groupId)) return res.status(403).send("You are not a member of this group");
|
||||
if (!await UserService.isInGroup(user.login.id, groupId)) throw new customError(`userIsInGroup not a member`, responseCodes.responses.groups.not_a_member)
|
||||
next();
|
||||
};
|
||||
|
||||
|
||||
@@ -1,116 +0,0 @@
|
||||
import UserService from '../services/user.js';
|
||||
import GroupService from '../services/group.js';
|
||||
import AbstractProductService from '../services/abstractproduct.js';
|
||||
import ProductService from '../services/product.js';
|
||||
import CategoryService from '../services/category.js';
|
||||
import log from '../utils/log.js';
|
||||
import statuses from '../utils/status.js';
|
||||
|
||||
const TAG = "/middlewares/existance.js";
|
||||
|
||||
const usernameExists = async (req, res, next) => {
|
||||
try {
|
||||
let { username } = req.body;
|
||||
|
||||
let user = await UserService.getByUsername(username);
|
||||
if (!user || user == statuses.not_found) return res.status(404).send("User not found");
|
||||
next();
|
||||
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/usernameExists: ${e}`)); }
|
||||
};
|
||||
|
||||
const usernameDoesntExist = async (req, res, next) => {
|
||||
try {
|
||||
let { username } = req.body;
|
||||
|
||||
let user = await UserService.getByUsername(username);
|
||||
if (user != undefined && user != statuses.not_found) return res.status(400).send("Such username already taken");
|
||||
next();
|
||||
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/usernameDoesntExist: ${e}`)); }
|
||||
};
|
||||
|
||||
const groupExists = async (req, res, next) => {
|
||||
try {
|
||||
let groupId = req.params.groupId || req.body.groupId;
|
||||
|
||||
let group = await GroupService.getById(groupId);
|
||||
|
||||
if (!group || group == statuses.not_found) return res.status(404).send("Group not found");
|
||||
next();
|
||||
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/groupExists: ${e}`)) }
|
||||
};
|
||||
|
||||
const groupDoesntExist = async (req, res, next) => {
|
||||
try {
|
||||
let groupId = req.params.groupId || req.body.groupId;
|
||||
|
||||
let group = await GroupService.getById(groupId);
|
||||
|
||||
if (group || group != statuses.not_found) return res.status(400).send("Such group already exists");
|
||||
next();
|
||||
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/groupDoesntExist: ${e}`)) }
|
||||
};
|
||||
|
||||
const groupNameDoesntExist = async (req, res, next) => {
|
||||
try {
|
||||
const { groupName } = req.params;
|
||||
|
||||
let group = await GroupService.getByName(groupName);
|
||||
if (group) return res.status(400).send("Such group name already exists");
|
||||
next();
|
||||
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/groupNameDoesntExist: ${e}`)); }
|
||||
};
|
||||
|
||||
const abstractProductExists = async (req, res, next) => {
|
||||
try {
|
||||
const { groupId, localId } = req.body;
|
||||
|
||||
let result = await AbstractProductService.exists(groupId, localId);
|
||||
if (!result) return res.status(404).send("Abstract product not found");
|
||||
next();
|
||||
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/abstractProductExists: ${e}`)); }
|
||||
};
|
||||
|
||||
const productExists = async (req, res, next) => {
|
||||
try {
|
||||
const { groupId, localId } = req.body;
|
||||
|
||||
let result = await ProductService.exists(groupId, localId);
|
||||
if (!result) return res.status(404).send("Product not found");
|
||||
next();
|
||||
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/productExists: ${e}`)); }
|
||||
};
|
||||
|
||||
const categoryNameDoesntExist = async (req, res, next) => {
|
||||
try {
|
||||
const { categoryName, localId, groupId } = req.body;
|
||||
|
||||
let result = await CategoryService.getByName(groupId, localId, categoryName);
|
||||
if (result != statuses.not_found) return res.status(400).send("Such category name exists");
|
||||
next();
|
||||
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/categoryNameDoesntExist: ${e}`)); }
|
||||
};
|
||||
|
||||
const categoryExists = async (req, res, next) => {
|
||||
try {
|
||||
const { localId, groupId } = req.body;
|
||||
|
||||
let result = await CategoryService.getById(groupId, localId);
|
||||
if (!result || result == statuses.not_found) return res.status(404).send("No such category");
|
||||
next();
|
||||
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/categoryExists: ${e}`)); }
|
||||
};
|
||||
|
||||
export default {
|
||||
usernameExists,
|
||||
usernameDoesntExist,
|
||||
|
||||
groupExists,
|
||||
groupDoesntExist,
|
||||
groupNameDoesntExist,
|
||||
|
||||
abstractProductExists,
|
||||
productExists,
|
||||
|
||||
categoryNameDoesntExist,
|
||||
categoryExists
|
||||
};
|
||||
Reference in New Issue
Block a user