leca/bsfe_server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

a lot of fixes, implementing abstract product api endpoints

Browse Source
This commit is contained in:
leca
2024-10-26 20:18:14 +03:00
parent e78f20d44e
commit a27ce5762c
11 changed files with 112 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/controllers/abstractproduct.js Normal file
View File

@@ -0,0 +1,14 @@
import AbstractProductService from '../services/abstractproduct.js';
const TAG = "/controllers/abstractproduct.js"
class AbstractProductController {
async create(req, res) {
const { groupId, barcode, name, net_weight, image_filename, category, unit } = req.body;
// console.log(groupId, barcode, name, net_weight, image_filename, category, unit)
await AbstractProductService.create(groupId, barcode, name, net_weight, image_filename, category, unit);
return res.status(200).send("Successfull");
}
};
export default new AbstractProductController();

20
src/controllers/group.js
View File

@@ -10,12 +10,12 @@ const TAG = "/controllers/group.js"
class GroupController {
async create(req, res) {
try {
let { name } = req.params;
let { groupName } = req.params;
let user = jwt.decode(req.headers.authorization.split(' ')[1], config.secret);
let status = await GroupService.create(name, user.login.id);
let status = await GroupService.create(groupName, user.login.id);
log.info(`New group with name ${name} was just created by user ${user.login.username}`);
log.info(`New group with name ${groupName} was just created by user ${user.login.username}`);
UserService.joinGroup(user.login.id, status.id);
return res.status(200).send("Successfull");
@@ -23,27 +23,25 @@ class GroupController {
}
async join(req, res) {
try {
let { id } = req.params;
await GroupService.getById(id);
let { groupId } = req.params;
let user = jwt.decode(req.headers.authorization.split(' ')[1], config.secret);
let status = await UserService.joinGroup(user.login.id, id);
let status = await UserService.joinGroup(user.login.id, groupId);
if (status == statuses.duplicate) return res.status(400).send("Already in group");
log.info(`User ${user.login.username} has just joined group with ID ${id}`);
log.info(`User ${user.login.username} has just joined group with ID ${groupId}`);
return res.status(200).send("Successfull");
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/join: ${e}`)); }
}
async updatePassword(req, res) {
try {
let { id } = req.params;
let { groupId } = req.params;
let { password } = req.body;
await GroupService.updatePassword(id, password);
log.info(`Password for group with ID ${id} was updated`);
await GroupService.updatePassword(groupId, password);
log.info(`Password for group with ID ${groupId} was updated`);
return res.status(200).send("Successfull");
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/updatePassword ${e}`)); }

2
src/index.js
View File

@@ -1,6 +1,7 @@
import express from 'express';
import UserRouter from './routers/user.js';
import GroupRouter from './routers/group.js';
import AbstractProductRouter from './routers/abstractproduct.js';
// import AdminRouter from './routers/admin.js';
import log from './utils/log.js'
@@ -12,6 +13,7 @@ app.use(express.urlencoded({extended: true}));
app.use(express.json());
app.use('/api/user/', UserRouter);
app.use('/api/group/', GroupRouter);
app.use('/api/abstractproduct', AbstractProductRouter);
// app.use('/api/admin/', AdminRouter);
app.listen(config.port, () => {

41
src/middlewares/auth.js
View File

@@ -2,26 +2,37 @@ import log from '../utils/log.js'
import jwt from 'jsonwebtoken';
import config from '../../config.json' with {type: "json"};
import GroupService from '../services/group.js';
import UserService from '../services/user.js';
const TAG = "/middlewares/auth.js"
const requireUsernameAndPassword = async (req, res, next) => {
const requireUsername = async (req, res, next) => {
if (req.method == "OPTIONS") next();
try {
const {username, password} = req.body;
const {username} = req.body;
if (!username) return res.status(400).send("Username is required");
next();
} catch (e) { return res.status(500).send(unknownError(`${TAG}/requireUsername: ${e}`)); }
}
const requirePassword = async (req, res, next) => {
if (req.method == "OPTIONS") next();
try {
const {password} = req.body;
if (!password) return res.status(400).send("Password is required");
next();
} catch (e) { return res.status(500).send(unknownError(`${TAG}/requireUsernameAndPassword: ${e}`)); }
} catch (e) { return res.status(500).send(unknownError(`${TAG}/requirePassword: ${e}`)); }
}
const authenticate = async (req, res, next) => {
if (req.method == "OPTIONS") next();
try {
if (!req.headers.authorization) return res.status(403).send("No authorization header supplied");
const token = req.headers.authorization.split(' ')[1]
if (!token) return res.status(401).send("No authorization token supplied");
if (!token) return res.status(403).send("No authorization token supplied");
if (!jwt.verify(token, config.secret)) return res.status(403).send("Authorization token is incorrect");
next();
@@ -33,13 +44,12 @@ const authorizeGroupOwner = async (req, res, next) => {
try {
const token = req.headers.authorization.split(' ')[1]
if (!token) return res.status(401).send("No authorization token supplied");
const { id } = req.params;
const { groupId } = req.params;
let user = jwt.decode(token, config.secret)
let adminId = await GroupService.getAdminId(id);
let adminId = await GroupService.getAdminId(groupId);
if (user.login.id != adminId) return res.status(403).send("Not your group");
next();
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/authorizeGroupOwner: ${e}`)); }
@@ -49,10 +59,10 @@ const checkGroupPassword = async (req, res, next) => {
if (req.method == "OPTIONS") next();
try {
const { id } = req.params;
const { groupId } = req.params;
const { password } = req.body;
const groupPassword = await GroupService.getPassword(id);
const groupPassword = await GroupService.getPassword(groupId);
if (groupPassword != password) return res.status(403).send("Wrong password");
next();
@@ -60,4 +70,15 @@ const checkGroupPassword = async (req, res, next) => {
} catch (e) {return res.status(500).send(log.unknownError(`${TAG}/checkGroupPassword: ${e}`));}
}
export default { requireUsernameAndPassword, authenticate, authorizeGroupOwner, checkGroupPassword }
const userIsInGroup = async (req, res, next) => {
if (req.method == "OPTIONS") next();
const groupId = req.body.groupId || req.params.groupId;
const token = req.headers.authorization.split(' ')[1]
let user = jwt.decode(token, config.secret)
if (!await UserService.isInGroup(user.login.id, groupId)) return res.status(403).send("You are not a member of this group");
next();
}
export default { requireUsername, requirePassword, authenticate, authorizeGroupOwner, checkGroupPassword, userIsInGroup }

23
src/middlewares/existance.js
View File

@@ -27,10 +27,9 @@ const usernameDoesntExist = async (req, res, next) => {
const groupExists = async (req, res, next) => {
try {
let groupId = req.params.groupId || req.body.groupId;
const { id } = req.params;
let group = await GroupService.getById(id);
let group = await GroupService.getById(groupId);
if (!group || group == statuses.not_found) return res.status(404).send("Group not found");
next();
@@ -39,13 +38,23 @@ const groupExists = async (req, res, next) => {
const groupDoesntExist = async (req, res, next) => {
try {
let groupId = req.params.groupId || req.body.groupId;
const { id } = req.params;
let group = await GroupService.getById(id);
let group = await GroupService.getById(groupId);
if (group || group != statuses.not_found) return res.status(400).send("Such group already exists");
next();
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/groupDoesntExist: ${e}`)) }
}
export default { usernameExists, usernameDoesntExist, groupExists, groupDoesntExist }
const groupNameDoesntExist = async (req, res, next) => {
try {
const { groupName } = req.params;
let group = await GroupService.getByName(groupName);
if (group) return res.status(400).send("Such group name already exists");
next();
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/groupNameDoesntExist: ${e}`)) }
}
export default { usernameExists, usernameDoesntExist, groupExists, groupDoesntExist, groupNameDoesntExist }

10
src/routers/abstractproduct.js Normal file
View File

@@ -0,0 +1,10 @@
import { Router } from 'express';
import auth from '../middlewares/auth.js';
import AbstractProductController from '../controllers/abstractproduct.js'
import existance from '../middlewares/existance.js';
const AbstractProductRouter = new Router();
AbstractProductRouter.post('/create', auth.authenticate, existance.groupExists, auth.userIsInGroup, AbstractProductController.create);
export default AbstractProductRouter;

6
src/routers/group.js
View File

@@ -5,8 +5,8 @@ import existance from '../middlewares/existance.js';
const GroupRouter = new Router();
GroupRouter.post('/create/:name', auth.authenticate, existance.groupDoesntExist, GroupController.create);
GroupRouter.post('/join/:id', auth.authenticate, existance.groupExists, auth.checkGroupPassword, GroupController.join);
GroupRouter.post('/password/:id', auth.authenticate, existance.groupExists, auth.authorizeGroupOwner, GroupController.updatePassword)
GroupRouter.post('/create/:groupName', auth.authenticate, existance.groupNameDoesntExist, GroupController.create);
GroupRouter.post('/join/:groupId', auth.authenticate, existance.groupExists, auth.requirePassword, auth.checkGroupPassword, GroupController.join);
GroupRouter.post('/password/:groupId', auth.authenticate, existance.groupExists, auth.authorizeGroupOwner, auth.requirePassword, GroupController.updatePassword)
export default GroupRouter;

5
src/routers/user.js
View File

@@ -5,8 +5,7 @@ import UserController from '../controllers/user.js'
const UserRouter = new Router();
UserRouter.post('/register', auth.requireUsernameAndPassword, existance.usernameDoesntExist, UserController.register);
UserRouter.post('/login', auth.requireUsernameAndPassword, existance.usernameExists, UserController.login);
UserRouter.post('/register', auth.requireUsername, auth.requirePassword, existance.usernameDoesntExist, UserController.register);
UserRouter.post('/login', auth.requireUsername, auth.requirePassword, existance.usernameExists, UserController.login);
export default UserRouter;

10
src/services/abstractproduct.js Normal file
View File

@@ -0,0 +1,10 @@
import db from '../db.js';
class AbstractProductService {
async create (groupid, barcode, name, net_weight, image_filename, category, unit) {
await db.query("INSERT INTO abstract_products (group_id, barcode, name, net_weight, image_filename, category, unit) VALUES ($1, $2, $3, $4, $5, $6, $7)", [groupid, barcode, name, net_weight, image_filename, category, unit]);
}
};
export default new AbstractProductService();

4
src/services/group.js
View File

@@ -29,6 +29,10 @@ class GroupService {
async getPassword(id) {
return (await db.query("SELECT password FROM groups WHERE id = $1", [id])).rows[0].password;
}
async getByName(name) {
return (await db.query("SELECT * FROM groups WHERE name = $1", [name])).rows[0]
}
};
export default new GroupService();

11
src/utils/hash.js Normal file
View File

@@ -0,0 +1,11 @@
import { createHash } from 'node:crypto'
const hashAbstractProduct = (barcode, name, net_weight, image_filename, category, unit) => {
return createHash('md5').update(`${barcode}${name}${net_weight}${image_filename}${category}${unit}`).digest('hex');
}
const hashProduct = (abstract_product_id, amount, date_of_production, expiry_date) => {
return createHash('md5').update(`${abstract_product_id}${amount}${date_of_production}${expiry_date}`).digest('hex');
}
export default { hashAbstractProduct, hashProduct };