Skip to content

modify and streamline token functions #1877

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 9 commits into
base: dev
Choose a base branch
from
Open

modify and streamline token functions #1877

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
9e8f0d8
combine decodeTokenFromBodyOrQuery into decodeToken
adarshm11 Aug 8, 2025
ee14d01
fixed misreference
adarshm11 Aug 8, 2025
3c63f4e
optimize logic for member access level
adarshm11 Aug 8, 2025
20c31d1
fixed bug with decodeToken
adarshm11 Aug 13, 2025
24730ba
Merge branch 'dev' into Adarsh/decodeToken
adarshm11 Aug 13, 2025
5182dd2
refactor decodeToken to handle unauthorized, forbidden, ok
adarshm11 Oct 6, 2025
08f0151
Merge branch 'dev' into Adarsh/decodeToken
adarshm11 Oct 6, 2025
4208a65
global use of decodeToken only
adarshm11 Oct 7, 2025
803ef87
fix the merge
adarshm11 Oct 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 13 additions & 26 deletions api/main_endpoints/routes/Advertisement.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,12 @@
const express = require('express');
const router = express.Router();
const { OK, BAD_REQUEST, FORBIDDEN, UNAUTHORIZED, NOT_FOUND } = require('../../util/constants').STATUS_CODES;
const {
decodeToken,
checkIfTokenSent,
} = require('../util/token-functions.js');
const { decodeToken } = require('../util/token-functions.js');
const logger = require('../../util/logger');
const Advertisement = require('../models/Advertisement');
const AuditLog = require('../models/AuditLog.js');
const AuditLogActions = require('../util/auditLogActions.js');
const membershipState = require('../../util/constants.js').MEMBERSHIP_STATE;

router.get('/', async (req, res) => {
const count = await Advertisement.countDocuments();
Expand All @@ -26,10 +24,9 @@ router.get('/', async (req, res) => {


router.get('/getAllAdvertisements', async (req, res) => {
if (!checkIfTokenSent(req)) {
return res.sendStatus(FORBIDDEN);
} else if (!await decodeToken(req)) {
return res.sendStatus(UNAUTHORIZED);
const decoded = await decodeToken(req, membershipState.OFFICER);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}
Advertisement.find()
.sort({ createdAt: -1 })
Expand All @@ -41,13 +38,9 @@ router.get('/getAllAdvertisements', async (req, res) => {
});

router.post('/createAdvertisement', async (req, res) => {
if (!checkIfTokenSent(req)) {
return res.sendStatus(FORBIDDEN);
}

const user = await decodeToken(req);
if (!user) {
return res.sendStatus(UNAUTHORIZED);
const decoded = await decodeToken(req, membershipState.OFFICER);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}

const newAd = new Advertisement({
Expand All @@ -58,7 +51,7 @@ router.post('/createAdvertisement', async (req, res) => {
try {
const createdAd = await Advertisement.create(newAd);
AuditLog.create({
userId: user._id,
userId: decoded.token._id,
action: AuditLogActions.CREATE_AD,
details: {
message: createdAd.message,
Expand All @@ -75,15 +68,9 @@ router.post('/createAdvertisement', async (req, res) => {
});

router.post('/deleteAdvertisement', async (req, res) => {
if (!checkIfTokenSent(req)) {
return res.sendStatus(FORBIDDEN);
} else if (!await decodeToken(req)) {
return res.sendStatus(UNAUTHORIZED);
}

const user = await decodeToken(req);
if (!user) {
return res.sendStatus(UNAUTHORIZED);
const decoded = await decodeToken(req, membershipState.OFFICER);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}

try {
Expand All @@ -94,7 +81,7 @@ router.post('/deleteAdvertisement', async (req, res) => {
}

AuditLog.create({
userId: user._id,
userId: decoded.token._id,
action: AuditLogActions.DELETE_AD,
details: {
deletedAd: {
Expand Down
23 changes: 8 additions & 15 deletions api/main_endpoints/routes/AuditLog.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,25 +3,18 @@ const router = express.Router();
const AuditLog = require('../models/AuditLog');

const { OK, UNAUTHORIZED, SERVER_ERROR } = require('../../util/constants').STATUS_CODES;
const { OFFICER } = require('../../util/constants.js').MEMBERSHIP_STATE;
const membershipState = require('../../util/constants.js').MEMBERSHIP_STATE;

const { checkIfTokenSent, checkIfTokenValid, decodeTokenFromBodyOrQuery } = require('../util/token-functions.js');
const { decodeToken } = require('../util/token-functions.js');

const logger = require('../../util/logger');
const User = require('../models/User.js');
let { clients } = require('../util/AuditLog.js');

router.get('/getAuditLogs', async (req, res) => {
if (!checkIfTokenSent(req)) {
logger.warn('/getAuditLogs was requested without a token');
return res.sendStatus(UNAUTHORIZED);
}

const isValid = checkIfTokenValid(req, OFFICER);

if (!isValid) {
logger.warn('/getAuditLogs was requested with an invalid or unauthorized token');
return res.sendStatus(UNAUTHORIZED);
const decoded = await decodeToken(req, membershipState.OFFICER);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}

const itemsPerPage = 50;
Expand Down Expand Up @@ -73,9 +66,9 @@ router.get('/getAuditLogs', async (req, res) => {
});

router.get('/listen', async (req, res) => {
const decoded = await decodeTokenFromBodyOrQuery(req);
if (!Object.keys(decoded) || decoded.accessLevel < OFFICER) {
return res.sendStatus(UNAUTHORIZED);
const decoded = await decodeToken(req, membershipState.OFFICER);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}

const headers = {
Expand Down
27 changes: 9 additions & 18 deletions api/main_endpoints/routes/Auth.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,7 @@ const PasswordReset = require('../models/PasswordReset.js');
const logger = require('../../util/logger');
const { registerUser, testPasswordStrength } = require('../util/userHelpers');
const { verifyCaptcha } = require('../util/captcha');
const {
checkIfTokenSent,
checkIfTokenValid,
decodeToken
} = require('../util/token-functions');
const { decodeToken } = require('../util/token-functions');
const jwt = require('jsonwebtoken');
const {
OK,
Expand Down Expand Up @@ -60,10 +56,9 @@ router.post('/register', async (req, res) => {
});

router.post('/resendVerificationEmail', async (req, res) => {
if (!checkIfTokenSent(req)) {
return res.sendStatus(FORBIDDEN);
} else if (!checkIfTokenValid(req, membershipState.OFFICER)) {
return res.sendStatus(UNAUTHORIZED);
const decoded = await decodeToken(req, membershipState.OFFICER);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}
const maybeUser = await userWithEmailExists(req.body.email);
if (!maybeUser) {
Expand Down Expand Up @@ -239,16 +234,12 @@ router.post('/login', function(req, res) {
// Verifies the users session if they have an active jwtToken.
// Used on the inital load of root '/'
// Returns the name and accesslevel of the user w/ the given access token
router.post('/verify', function(req, res) {
if (!checkIfTokenSent(req)) {
return res.status(UNAUTHORIZED).json({});
}
const token = decodeToken(req);
if (token === null || Object.keys(token).length === 0) {
res.status(UNAUTHORIZED).json({});
} else {
res.status(OK).json(token);
router.post('/verify', async function(req, res) {
const decoded = await decodeToken(req);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}
res.status(OK).json(decoded.token);
});

router.post('/generateHashedId', async (req, res) => {
Expand Down
26 changes: 10 additions & 16 deletions api/main_endpoints/routes/Cleezy.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,7 @@
const express = require('express');
const axios = require('axios');
const router = express.Router();
const {
decodeToken,
checkIfTokenSent,
} = require('../util/token-functions.js');
const { decodeToken } = require('../util/token-functions.js');
const {
OK,
UNAUTHORIZED,
Expand All @@ -28,10 +25,9 @@ router.get('/list', async (req, res) => {
});
}
const { page = 0, search, sortColumn = 'created_at', sortOrder = 'DESC'} = req.query;
if (!checkIfTokenSent(req)) {
return res.sendStatus(FORBIDDEN);
} else if (!await decodeToken(req)) {
return res.sendStatus(UNAUTHORIZED);
const decoded = await decodeToken(req);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}
try {
const returnData = await cleezyHelpers.searchCleezyUrls({ page, search, sortColumn, sortOrder });
Expand All @@ -47,10 +43,9 @@ router.get('/list', async (req, res) => {
});

router.post('/createUrl', async (req, res) => {
if (!checkIfTokenSent(req)) {
return res.sendStatus(FORBIDDEN);
} else if (!await decodeToken(req)) {
return res.sendStatus(UNAUTHORIZED);
const decoded = await decodeToken(req);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}
const { url, alias, expiresAt } = req.body;
let jsonbody = { url, alias: alias || null };
Expand All @@ -68,10 +63,9 @@ router.post('/createUrl', async (req, res) => {
});

router.post('/deleteUrl', async (req, res) => {
if (!checkIfTokenSent(req)) {
return res.sendStatus(FORBIDDEN);
} else if (!await decodeToken(req)) {
return res.sendStatus(UNAUTHORIZED);
const decoded = await decodeToken(req);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}
const { alias } = req.body;
axios
Expand Down
17 changes: 5 additions & 12 deletions api/main_endpoints/routes/LedSign.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,7 @@ const {
SERVER_ERROR,
UNAUTHORIZED
} = require('../../util/constants').STATUS_CODES;
const {
decodeToken,
checkIfTokenSent
} = require('../util/token-functions.js');
const { decodeToken } = require('../util/token-functions.js');
const logger = require('../../util/logger');
const { updateSign, healthCheck, turnOffSign } = require('../util/LedSign.js');
const AuditLogActions = require('../util/auditLogActions.js');
Expand Down Expand Up @@ -37,14 +34,10 @@ router.get('/healthCheck', async (req, res) => {
});

router.post('/updateSignText', async (req, res) => {
if (!checkIfTokenSent(req)) {
logger.warn('/updateSignText was requested without a token');
return res.sendStatus(UNAUTHORIZED);
}
const user = await decodeToken(req); // Store the user here
if (!user || Object.keys(user) === 0) {
const decoded = await decodeToken(req);
if (decoded.status !== OK) {
logger.warn('/updateSignText was requested with an invalid token');
return res.sendStatus(UNAUTHORIZED);
return res.sendStatus(decoded.status);
}
if (!LED_SIGN.ENABLED && !runningInTest) {
logger.warn('led sign is disabled, returning 200 by default');
Expand All @@ -65,7 +58,7 @@ router.post('/updateSignText', async (req, res) => {
}

await AuditLog.create({
userId: user._id,
userId: decoded.token._id,
action: AuditLogActions.UPDATE_SIGN,
details: {
newSignText: req.body.text,
Expand Down
12 changes: 6 additions & 6 deletions api/main_endpoints/routes/Messages.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ const bodyParser = require('body-parser');
const User = require('../models/User.js');
const logger = require('../../util/logger');
const client = require('prom-client');
const { decodeToken, decodeTokenFromBodyOrQuery } = require('../util/token-functions.js');
const { decodeToken } = require('../util/token-functions.js');
const { MetricsHandler, register } = require('../../util/metrics.js');


Expand Down Expand Up @@ -80,11 +80,11 @@ router.post('/send', async (req, res) => {
}

// Assume user passed a non null/undefined token
const userObj = decodeToken(req);
const userObj = await decodeToken(req);
if (!userObj) {
return res.sendStatus(UNAUTHORIZED);
}
nameToUse = userObj.firstName;
nameToUse = userObj.token.firstName;
try {
writeMessage(id, `${message}`, `${nameToUse}:`);
return res.json({ status: 'Message sent' });
Expand Down Expand Up @@ -152,11 +152,11 @@ router.get('/listen', async (req, res) => {

let filterQuery = {}; // filter to find user in the database
if (token) {
let userObj = decodeTokenFromBodyOrQuery(req);
if (!Object.keys(userObj)) {
const userObj = await decodeToken(req);
if (!userObj.token) {
return res.sendStatus(UNAUTHORIZED);
}
filterQuery._id = userObj._id;
filterQuery._id = userObj.token._id;
} else {
filterQuery.apiKey = apiKey;
}
Expand Down
30 changes: 12 additions & 18 deletions api/main_endpoints/routes/OfficeAccessCard.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,20 +6,15 @@ const {
OK,
FORBIDDEN,
} = require('../../util/constants').STATUS_CODES;
const { OFFICER } = require('../../util/constants').MEMBERSHIP_STATE;
const membershipState = require('../../util/constants').MEMBERSHIP_STATE;
const express = require('express');
const router = express.Router();
const bodyParser = require('body-parser');
const OfficeAccessCard = require('../models/OfficeAccessCard.js');
const logger = require('../../util/logger');
const { officeAccessCard = {} } = require('../../config/config.json');
const { API_KEY = 'NOTHING_REALLY' } = officeAccessCard;
const {
decodeTokenFromBodyOrQuery,
decodeToken,
checkIfTokenSent,
checkIfTokenValid
} = require('../util/token-functions.js');
const { decodeToken } = require('../util/token-functions.js');
const ROWS_PER_PAGE = 25;
const {
checkIfCardExists,
Expand Down Expand Up @@ -142,9 +137,9 @@ router.get('/verify', async (req, res) => {
});

router.post('/delete', async (req, res) => {
const decoded = decodeToken(req);
if (!decoded) {
return res.sendStatus(UNAUTHORIZED);
const decoded = await decodeToken(req);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}

const { alias } = req.body;
Expand Down Expand Up @@ -173,7 +168,7 @@ router.post('/delete', async (req, res) => {
statusCode: OK,
});
AuditLog.create({
userId: decoded._id,
userId: decoded.token._id,
action: AuditLogActions.DELETE_CARD,
details: { alias }
});
Expand All @@ -189,10 +184,9 @@ router.post('/delete', async (req, res) => {
});

router.post('/getAllCards', async (req, res) => {
if (!checkIfTokenSent(req)) {
return res.sendStatus(FORBIDDEN);
} else if (!checkIfTokenValid(req)) {
return res.sendStatus(UNAUTHORIZED);
const decoded = await decodeToken(req);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}

const skip = Math.max(Number(req.body.page) || 0, 0) * ROWS_PER_PAGE;
Expand All @@ -216,9 +210,9 @@ router.post('/getAllCards', async (req, res) => {
});

router.get('/listen', async (req, res) => {
const decoded = await decodeTokenFromBodyOrQuery(req);
if (!Object.keys(decoded) || decoded.accessLevel < OFFICER) {
return res.sendStatus(UNAUTHORIZED);
const decoded = await decodeToken(req, membershipState.OFFICER);
if (decoded.status !== OK) {
return res.sendStatus(decoded.status);
}

const headers = {
Expand Down
Loading
Loading