Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 13 additions & 26 deletions api/main_endpoints/routes/Advertisement.js
Original file line number Diff line number Diff line change
@@ -1,14 +1,12 @@
const express = require('express');
const router = express.Router();
const { OK, BAD_REQUEST, FORBIDDEN, UNAUTHORIZED, NOT_FOUND } = require('../../util/constants').STATUS_CODES;
const {
decodeToken,
checkIfTokenSent,
} = require('../util/token-functions.js');
const { decodeToken } = require('../util/token-functions.js');
const logger = require('../../util/logger');
const Advertisement = require('../models/Advertisement');
const AuditLog = require('../models/AuditLog.js');
const AuditLogActions = require('../util/auditLogActions.js');
const membershipState = require('../../util/constants.js').MEMBERSHIP_STATE;

router.get('/', async (req, res) => {
const count = await Advertisement.countDocuments();
Expand All @@ -26,10 +24,9 @@ router.get('/', async (req, res) => {


router.get('/getAllAdvertisements', async (req, res) => {
if (!checkIfTokenSent(req)) {
return res.sendStatus(FORBIDDEN);
} else if (!await decodeToken(req)) {
return res.sendStatus(UNAUTHORIZED);
const decoded = await decodeToken(req, membershipState.OFFICER);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}
Advertisement.find()
.sort({ createdAt: -1 })
Expand All @@ -41,13 +38,9 @@ router.get('/getAllAdvertisements', async (req, res) => {
});

router.post('/createAdvertisement', async (req, res) => {
if (!checkIfTokenSent(req)) {
return res.sendStatus(FORBIDDEN);
}

const user = await decodeToken(req);
if (!user) {
return res.sendStatus(UNAUTHORIZED);
const decoded = await decodeToken(req, membershipState.OFFICER);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}

const newAd = new Advertisement({
Expand All @@ -58,7 +51,7 @@ router.post('/createAdvertisement', async (req, res) => {
try {
const createdAd = await Advertisement.create(newAd);
AuditLog.create({
userId: user._id,
userId: decoded.token._id,
action: AuditLogActions.CREATE_AD,
details: {
message: createdAd.message,
Expand All @@ -75,15 +68,9 @@ router.post('/createAdvertisement', async (req, res) => {
});

router.post('/deleteAdvertisement', async (req, res) => {
if (!checkIfTokenSent(req)) {
return res.sendStatus(FORBIDDEN);
} else if (!await decodeToken(req)) {
return res.sendStatus(UNAUTHORIZED);
}

const user = await decodeToken(req);
if (!user) {
return res.sendStatus(UNAUTHORIZED);
const decoded = await decodeToken(req, membershipState.OFFICER);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}

try {
Expand All @@ -94,7 +81,7 @@ router.post('/deleteAdvertisement', async (req, res) => {
}

AuditLog.create({
userId: user._id,
userId: decoded.token._id,
action: AuditLogActions.DELETE_AD,
details: {
deletedAd: {
Expand Down
23 changes: 8 additions & 15 deletions api/main_endpoints/routes/AuditLog.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,25 +3,18 @@ const router = express.Router();
const AuditLog = require('../models/AuditLog');

const { OK, UNAUTHORIZED, SERVER_ERROR } = require('../../util/constants').STATUS_CODES;
const { OFFICER } = require('../../util/constants.js').MEMBERSHIP_STATE;
const membershipState = require('../../util/constants.js').MEMBERSHIP_STATE;

const { checkIfTokenSent, checkIfTokenValid, decodeTokenFromBodyOrQuery } = require('../util/token-functions.js');
const { decodeToken } = require('../util/token-functions.js');

const logger = require('../../util/logger');
const User = require('../models/User.js');
let { clients } = require('../util/AuditLog.js');

router.get('/getAuditLogs', async (req, res) => {
if (!checkIfTokenSent(req)) {
logger.warn('/getAuditLogs was requested without a token');
return res.sendStatus(UNAUTHORIZED);
}

const isValid = checkIfTokenValid(req, OFFICER);

if (!isValid) {
logger.warn('/getAuditLogs was requested with an invalid or unauthorized token');
return res.sendStatus(UNAUTHORIZED);
const decoded = await decodeToken(req, membershipState.OFFICER);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}

const itemsPerPage = 50;
Expand Down Expand Up @@ -73,9 +66,9 @@ router.get('/getAuditLogs', async (req, res) => {
});

router.get('/listen', async (req, res) => {
const decoded = await decodeTokenFromBodyOrQuery(req);
if (!Object.keys(decoded) || decoded.accessLevel < OFFICER) {
return res.sendStatus(UNAUTHORIZED);
const decoded = await decodeToken(req, membershipState.OFFICER);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}

const headers = {
Expand Down
27 changes: 9 additions & 18 deletions api/main_endpoints/routes/Auth.js
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,7 @@ const PasswordReset = require('../models/PasswordReset.js');
const logger = require('../../util/logger');
const { registerUser, testPasswordStrength } = require('../util/userHelpers');
const { verifyCaptcha } = require('../util/captcha');
const {
checkIfTokenSent,
checkIfTokenValid,
decodeToken
} = require('../util/token-functions');
const { decodeToken } = require('../util/token-functions');
const jwt = require('jsonwebtoken');
const {
OK,
Expand Down Expand Up @@ -60,10 +56,9 @@ router.post('/register', async (req, res) => {
});

router.post('/resendVerificationEmail', async (req, res) => {
if (!checkIfTokenSent(req)) {
return res.sendStatus(FORBIDDEN);
} else if (!checkIfTokenValid(req, membershipState.OFFICER)) {
return res.sendStatus(UNAUTHORIZED);
const decoded = await decodeToken(req, membershipState.OFFICER);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}
const maybeUser = await userWithEmailExists(req.body.email);
if (!maybeUser) {
Expand Down Expand Up @@ -239,16 +234,12 @@ router.post('/login', function(req, res) {
// Verifies the users session if they have an active jwtToken.
// Used on the inital load of root '/'
// Returns the name and accesslevel of the user w/ the given access token
router.post('/verify', function(req, res) {
if (!checkIfTokenSent(req)) {
return res.status(UNAUTHORIZED).json({});
}
const token = decodeToken(req);
if (token === null || Object.keys(token).length === 0) {
res.status(UNAUTHORIZED).json({});
} else {
res.status(OK).json(token);
router.post('/verify', async function(req, res) {
const decoded = await decodeToken(req);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}
res.status(OK).json(decoded.token);
});

router.post('/generateHashedId', async (req, res) => {
Expand Down
26 changes: 10 additions & 16 deletions api/main_endpoints/routes/Cleezy.js
Original file line number Diff line number Diff line change
@@ -1,10 +1,7 @@
const express = require('express');
const axios = require('axios');
const router = express.Router();
const {
decodeToken,
checkIfTokenSent,
} = require('../util/token-functions.js');
const { decodeToken } = require('../util/token-functions.js');
const {
OK,
UNAUTHORIZED,
Expand All @@ -28,10 +25,9 @@ router.get('/list', async (req, res) => {
});
}
const { page = 0, search, sortColumn = 'created_at', sortOrder = 'DESC'} = req.query;
if (!checkIfTokenSent(req)) {
return res.sendStatus(FORBIDDEN);
} else if (!await decodeToken(req)) {
return res.sendStatus(UNAUTHORIZED);
const decoded = await decodeToken(req);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}
try {
const returnData = await cleezyHelpers.searchCleezyUrls({ page, search, sortColumn, sortOrder });
Expand All @@ -47,10 +43,9 @@ router.get('/list', async (req, res) => {
});

router.post('/createUrl', async (req, res) => {
if (!checkIfTokenSent(req)) {
return res.sendStatus(FORBIDDEN);
} else if (!await decodeToken(req)) {
return res.sendStatus(UNAUTHORIZED);
const decoded = await decodeToken(req);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}
const { url, alias, expiresAt } = req.body;
let jsonbody = { url, alias: alias || null };
Expand All @@ -68,10 +63,9 @@ router.post('/createUrl', async (req, res) => {
});

router.post('/deleteUrl', async (req, res) => {
if (!checkIfTokenSent(req)) {
return res.sendStatus(FORBIDDEN);
} else if (!await decodeToken(req)) {
return res.sendStatus(UNAUTHORIZED);
const decoded = await decodeToken(req);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}
const { alias } = req.body;
axios
Expand Down
17 changes: 5 additions & 12 deletions api/main_endpoints/routes/LedSign.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,7 @@ const {
SERVER_ERROR,
UNAUTHORIZED
} = require('../../util/constants').STATUS_CODES;
const {
decodeToken,
checkIfTokenSent
} = require('../util/token-functions.js');
const { decodeToken } = require('../util/token-functions.js');
const logger = require('../../util/logger');
const { updateSign, healthCheck, turnOffSign } = require('../util/LedSign.js');
const AuditLogActions = require('../util/auditLogActions.js');
Expand Down Expand Up @@ -37,14 +34,10 @@ router.get('/healthCheck', async (req, res) => {
});

router.post('/updateSignText', async (req, res) => {
if (!checkIfTokenSent(req)) {
logger.warn('/updateSignText was requested without a token');
return res.sendStatus(UNAUTHORIZED);
}
const user = await decodeToken(req); // Store the user here
if (!user || Object.keys(user) === 0) {
const decoded = await decodeToken(req);
if (decoded.status !== OK) {
logger.warn('/updateSignText was requested with an invalid token');
return res.sendStatus(UNAUTHORIZED);
return res.sendStatus(decoded.status);
}
if (!LED_SIGN.ENABLED && !runningInTest) {
logger.warn('led sign is disabled, returning 200 by default');
Expand All @@ -65,7 +58,7 @@ router.post('/updateSignText', async (req, res) => {
}

await AuditLog.create({
userId: user._id,
userId: decoded.token._id,
action: AuditLogActions.UPDATE_SIGN,
details: {
newSignText: req.body.text,
Expand Down
12 changes: 6 additions & 6 deletions api/main_endpoints/routes/Messages.js
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ const bodyParser = require('body-parser');
const User = require('../models/User.js');
const logger = require('../../util/logger');
const client = require('prom-client');
const { decodeToken, decodeTokenFromBodyOrQuery } = require('../util/token-functions.js');
const { decodeToken } = require('../util/token-functions.js');
const { MetricsHandler, register } = require('../../util/metrics.js');


Expand Down Expand Up @@ -80,11 +80,11 @@ router.post('/send', async (req, res) => {
}

// Assume user passed a non null/undefined token
const userObj = decodeToken(req);
const userObj = await decodeToken(req);
if (!userObj) {
return res.sendStatus(UNAUTHORIZED);
}
nameToUse = userObj.firstName;
nameToUse = userObj.token.firstName;
try {
writeMessage(id, `${message}`, `${nameToUse}:`);
return res.json({ status: 'Message sent' });
Expand Down Expand Up @@ -152,11 +152,11 @@ router.get('/listen', async (req, res) => {

let filterQuery = {}; // filter to find user in the database
if (token) {
let userObj = decodeTokenFromBodyOrQuery(req);
if (!Object.keys(userObj)) {
const userObj = await decodeToken(req);
if (!userObj.token) {
return res.sendStatus(UNAUTHORIZED);
}
filterQuery._id = userObj._id;
filterQuery._id = userObj.token._id;
} else {
filterQuery.apiKey = apiKey;
}
Expand Down
30 changes: 12 additions & 18 deletions api/main_endpoints/routes/OfficeAccessCard.js
Original file line number Diff line number Diff line change
Expand Up @@ -6,20 +6,15 @@ const {
OK,
FORBIDDEN,
} = require('../../util/constants').STATUS_CODES;
const { OFFICER } = require('../../util/constants').MEMBERSHIP_STATE;
const membershipState = require('../../util/constants').MEMBERSHIP_STATE;
const express = require('express');
const router = express.Router();
const bodyParser = require('body-parser');
const OfficeAccessCard = require('../models/OfficeAccessCard.js');
const logger = require('../../util/logger');
const { officeAccessCard = {} } = require('../../config/config.json');
const { API_KEY = 'NOTHING_REALLY' } = officeAccessCard;
const {
decodeTokenFromBodyOrQuery,
decodeToken,
checkIfTokenSent,
checkIfTokenValid
} = require('../util/token-functions.js');
const { decodeToken } = require('../util/token-functions.js');
const ROWS_PER_PAGE = 25;
const {
checkIfCardExists,
Expand Down Expand Up @@ -142,9 +137,9 @@ router.get('/verify', async (req, res) => {
});

router.post('/delete', async (req, res) => {
const decoded = decodeToken(req);
if (!decoded) {
return res.sendStatus(UNAUTHORIZED);
const decoded = await decodeToken(req);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}

const { alias } = req.body;
Expand Down Expand Up @@ -173,7 +168,7 @@ router.post('/delete', async (req, res) => {
statusCode: OK,
});
AuditLog.create({
userId: decoded._id,
userId: decoded.token._id,
action: AuditLogActions.DELETE_CARD,
details: { alias }
});
Expand All @@ -189,10 +184,9 @@ router.post('/delete', async (req, res) => {
});

router.post('/getAllCards', async (req, res) => {
if (!checkIfTokenSent(req)) {
return res.sendStatus(FORBIDDEN);
} else if (!checkIfTokenValid(req)) {
return res.sendStatus(UNAUTHORIZED);
const decoded = await decodeToken(req);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}

const skip = Math.max(Number(req.body.page) || 0, 0) * ROWS_PER_PAGE;
Expand All @@ -216,9 +210,9 @@ router.post('/getAllCards', async (req, res) => {
});

router.get('/listen', async (req, res) => {
const decoded = await decodeTokenFromBodyOrQuery(req);
if (!Object.keys(decoded) || decoded.accessLevel < OFFICER) {
return res.sendStatus(UNAUTHORIZED);
const decoded = await decodeToken(req, membershipState.OFFICER);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}

const headers = {
Expand Down
Loading
Loading