From 6b5479ef0f342270033640748747579a943e1fa7 Mon Sep 17 00:00:00 2001
From: Ramiro Bentancor <rbentancor@globaluy.com>
Date: Sun, 31 Oct 2021 21:19:09 -0300
Subject: [PATCH] Gitingore, FAQ controller and service, User controller,
authChecker, UserAPI, routes.ts
---
.env | 7 -------
.gitignore | 2 ++
src/Controllers/FAQController.ts | 16 ++++++++++++----
src/Controllers/UserController.ts | 4 ++--
src/Enum/UserTypes.ts | 5 +++++
src/Middlewares/authChecker.ts | 26 ++++++++++++++++++++++++--
src/Services/FAQService.ts | 11 ++++++++++-
src/Services/UserAPI.ts | 3 +--
src/routes.ts | 10 ++++++----
9 files changed, 62 insertions(+), 22 deletions(-)
delete mode 100644 .env
create mode 100644 src/Enum/UserTypes.ts
diff --git a/.env b/.env
deleted file mode 100644
index b351576..0000000
--- a/.env
+++ /dev/null
@@ -1,7 +0,0 @@
-PORT=7999
-INSTANCE=TEST
-HOST=localhost
-USER=root
-PASSWORD=password
-DB=parameter_database
-AUTH_BASE_URL=http://localhost:4000/users
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index c6bdbb7..44de9c1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,5 @@ build
npm-debug.log
.DS_Store
logs/
+
+.env
\ No newline at end of file
diff --git a/src/Controllers/FAQController.ts b/src/Controllers/FAQController.ts
index 4ed2625..642a82d 100644
--- a/src/Controllers/FAQController.ts
+++ b/src/Controllers/FAQController.ts
@@ -2,6 +2,7 @@ import { Request, Response, Router } from 'express';
import FAQ from '../Models/FAQ';
import FAQService from '../Services/FAQService';
import { FAQDTO } from '../DTOs/FAQDTO';
+import AuthMiddleware from '../Middlewares/authChecker';
const router = Router();
@@ -18,8 +19,11 @@ const list = async (req: Request, res: Response): Promise<Response> => {
const create = async (req: Request, res: Response): Promise<Response> => {
try {
const dto: FAQDTO = req.body;
- const newFAQ: FAQ = await FAQService.create(dto);
- return res.status(200).send(newFAQ);
+ const newFAQ: FAQ | null = await FAQService.create(dto);
+ if (newFAQ) {
+ return res.status(200).send(newFAQ);
+ }
+ return res.status(400).send('create error');
} catch (error) {
console.log(error);
return res.status(400).send('create error');
@@ -34,7 +38,7 @@ const update = async (req: Request, res: Response): Promise<Response> => {
if (updatedFAQ) {
return res.status(200).send(updatedFAQ);
}
- return res.status(400).send('id error');
+ return res.status(400).send('update error');
} catch (error) {
console.log(error);
return res.status(400).send('update error');
@@ -55,7 +59,11 @@ const deleteFAQ = async (req: Request, res: Response): Promise<Response> => {
};
router
- .get('/', list)
+ .get('/', list);
+
+router.use(AuthMiddleware.adminChecker);
+
+router
.post('/', create);
router
diff --git a/src/Controllers/UserController.ts b/src/Controllers/UserController.ts
index 085fd95..4ce2ff4 100644
--- a/src/Controllers/UserController.ts
+++ b/src/Controllers/UserController.ts
@@ -4,7 +4,7 @@
import {
Handler, Request, Response, Router,
} from 'express';
-import UserAPI from '../Services/UserAPI';
+import UserAPI, { checkUser as checkUserFromAPI } from '../Services/UserAPI';
const router = Router();
@@ -109,7 +109,7 @@ const removeAdminPermission: Handler = async (req: Request, res: Response) => {
const checkUser: Handler = async (req: Request, res: Response) => {
try {
const token: any = req.headers.authorization;
- const user: any = await UserAPI.checkUser(token);
+ const user: any = await checkUserFromAPI(token);
return res.status(200).send(user);
} catch (error) {
const e = error as Error;
diff --git a/src/Enum/UserTypes.ts b/src/Enum/UserTypes.ts
new file mode 100644
index 0000000..a8f4ae3
--- /dev/null
+++ b/src/Enum/UserTypes.ts
@@ -0,0 +1,5 @@
+export enum UserTypes {
+ unassigned = 0,
+ administrator = 1,
+ client = 2
+}
diff --git a/src/Middlewares/authChecker.ts b/src/Middlewares/authChecker.ts
index 21c7f1a..984d8bd 100644
--- a/src/Middlewares/authChecker.ts
+++ b/src/Middlewares/authChecker.ts
@@ -1,5 +1,6 @@
import { Response, NextFunction } from 'express';
-import { validate } from '../Services/UserAPI';
+import { validate, checkUser } from '../Services/UserAPI';
+import { UserTypes } from '../Enum/UserTypes';
// eslint-disable-next-line @typescript-eslint/no-explicit-any
const authChecker = async (req: any, res: Response, next: NextFunction) => {
@@ -13,4 +14,25 @@ const authChecker = async (req: any, res: Response, next: NextFunction) => {
}
};
-export default authChecker;
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+const adminChecker = async (req: any, res: Response, next: NextFunction) => {
+ try {
+ const token = req.headers.authorization;
+ const { userId, userType } = await checkUser(token) as {
+ userId: number;
+ userType: number;
+ };
+ if (userId && userType && userType === UserTypes.administrator) {
+ next();
+ } else {
+ res.status(401).send({ message: 'auth failed' });
+ }
+ } catch (error) {
+ res.status(401).send({ message: 'auth failed' });
+ }
+};
+
+export default {
+ authChecker,
+ adminChecker,
+};
diff --git a/src/Services/FAQService.ts b/src/Services/FAQService.ts
index 6b56f39..b667113 100644
--- a/src/Services/FAQService.ts
+++ b/src/Services/FAQService.ts
@@ -25,7 +25,13 @@ const correctFAQs = async (faqs: FAQ[]): Promise<void> => new Promise((resolve,
.catch(() => reject());
});
-const create = async (createDto: FAQDTO): Promise<FAQ> => {
+const checkFAQFormat = (dto: FAQDTO): boolean => !!dto.answer
+ && !!dto.question && (dto.position) >= 1;
+
+const create = async (createDto: FAQDTO): Promise<FAQ | null> => {
+ if (!checkFAQFormat(createDto)) {
+ return null;
+ }
const faqs: FAQ[] = await FAQ.findAll({
where: {
deletedAt: null,
@@ -46,6 +52,9 @@ const create = async (createDto: FAQDTO): Promise<FAQ> => {
};
const update = async (id: number, createDto: FAQDTO): Promise<FAQ | null> => {
+ if (!checkFAQFormat(createDto)) {
+ return null;
+ }
const toUpdate: FAQ | null = await FAQ.findOne({
where: {
id,
diff --git a/src/Services/UserAPI.ts b/src/Services/UserAPI.ts
index 0ae5862..1c969c9 100644
--- a/src/Services/UserAPI.ts
+++ b/src/Services/UserAPI.ts
@@ -82,7 +82,7 @@ const listUsersById = async (userIds: any, token: any) => {
return res.data;
};
-const checkUser = async (token: string) => {
+export const checkUser = async (token: string) => {
const url = '/check-user';
const res = await instance.post(url, {}, { headers: { authorization: token } });
return res.data;
@@ -105,6 +105,5 @@ export default {
giveAdminPermission,
removeAdminPermission,
listUsersById,
- checkUser,
getUser,
};
diff --git a/src/routes.ts b/src/routes.ts
index 1fc5126..9334fb3 100644
--- a/src/routes.ts
+++ b/src/routes.ts
@@ -5,7 +5,7 @@ import ParameterController from './Controllers/ParameterController';
import FAQController from './Controllers/FAQController';
import UserController from './Controllers/UserController';
import AuditorController from './Controllers/AuditorController';
-import authChecker from './Middlewares/authChecker';
+import AuthMiddleware from './Middlewares/authChecker';
const router = Router();
@@ -14,8 +14,12 @@ router.get('/', (req: Request, res: Response): void => {
});
router.use('/users', UserController);
+
+// FAQs have authentication on some endpoints
+router.use('/faqs', FAQController);
// From this line on a auth verification will be taken
-router.use(authChecker);
+
+router.use(AuthMiddleware.authChecker);
router.use('/sheetParser', SheetController);
@@ -23,8 +27,6 @@ router.use('/repCalculator', CalculatorController);
router.use('/parameters', ParameterController);
-router.use('/faqs', FAQController);
-
router.use('/auditory', AuditorController);
export default router;
--
GitLab