---|main| Initial commit
This commit is contained in:
@@ -0,0 +1,160 @@
|
||||
var router = require('express').Router(),
|
||||
mongoose = require('mongoose'),
|
||||
Application = mongoose.model('Application'),
|
||||
User = mongoose.model('User');
|
||||
const auth = require('../auth'),
|
||||
mailer = require('@sendgrid/mail');
|
||||
|
||||
mailer.setApiKey(process.env.SENDGRID_API_KEY);
|
||||
|
||||
// Preload application objects on routes with ':application'
|
||||
router.param('application', function (req, res, next, slug) {
|
||||
Application.findOne({ slug: slug })
|
||||
.populate('author')
|
||||
.then(function (application) {
|
||||
if (!application) {
|
||||
return res.sendStatus(404);
|
||||
}
|
||||
req.application = application;
|
||||
return next();
|
||||
}).catch(next);
|
||||
});
|
||||
|
||||
router.get('/', auth.required, function (req, res, next) {
|
||||
var query = {};
|
||||
var limit = 20;
|
||||
var offset = 0;
|
||||
|
||||
if (typeof req.query.limit !== 'undefined') {
|
||||
limit = req.query.limit;
|
||||
}
|
||||
if (typeof req.query.offset !== 'undefined') {
|
||||
offset = req.query.offset;
|
||||
}
|
||||
if (typeof req.query.apikey !== 'undefined') {
|
||||
query.apikey = req.query.apikey;
|
||||
}
|
||||
if (typeof req.query.maskedkey !== 'undefined') {
|
||||
query.maskedkey = req.query.maskedkey;
|
||||
}
|
||||
|
||||
Promise.all([
|
||||
req.query.author ? User.findOne({ username: req.query.author }) : null
|
||||
]).then(function (author) {
|
||||
if (author[0]) {
|
||||
query.author = author[0]._id;
|
||||
}
|
||||
return Promise.all([
|
||||
Application.find(query)
|
||||
.limit(Number(limit))
|
||||
.skip(Number(offset))
|
||||
.sort({ createdAt: 'desc' })
|
||||
.populate('author')
|
||||
.exec(),
|
||||
Application.count(query).exec(),
|
||||
req.payload ? User.findById(req.payload.id) : null
|
||||
]).then(function (results) {
|
||||
var applications = results[0];
|
||||
var applicationsCount = results[1];
|
||||
var user = results[2];
|
||||
|
||||
return res.json({
|
||||
applications: applications.map(function (application) {
|
||||
return application.toJSONFor(user);
|
||||
}),
|
||||
applicationsCount: applicationsCount
|
||||
});
|
||||
});
|
||||
}).catch(next);
|
||||
});
|
||||
|
||||
router.post('/', auth.required, function (req, res, next) {
|
||||
Promise.all([
|
||||
User.findById(req.payload.id),
|
||||
auth.generateAPIKey()
|
||||
]).then(function (results) {
|
||||
var user = results[0];
|
||||
var keys = results[1];
|
||||
if (!user) {
|
||||
return res.sendStatus(401).json({message: "Unauthorized - You are not allowed to access this resource."});
|
||||
}
|
||||
var application = new Application(req.body.application);
|
||||
application.author = user;
|
||||
application.apikey = keys.encrypted;
|
||||
application.maskedkey = keys.masked;
|
||||
return application.save().then(function () {
|
||||
var msg = {
|
||||
to: user.email,
|
||||
from: process.env.SENDGRID_FROM_MAIL,
|
||||
subject: `Api-Key ${application.title}`,
|
||||
text: `Votre Api-Key: ${keys.key}\nAttention, cette Api-Key doit être conservée et ne sera plus affichée.\n\n${application.title}\n${application.description}`,
|
||||
html: `<h2>${application.title}</h2>
|
||||
<p>
|
||||
Votre Api-Key: ${keys.key}<br />
|
||||
<strong>Attention, cette Api-Key doit être conservée et ne sera plus affichée.</strong>
|
||||
</p>
|
||||
<hr />
|
||||
<p>${application.description}</p>`
|
||||
};
|
||||
mailer.send(msg).then(resp => {
|
||||
return res.json({ application: application.toJSONFor(user) });
|
||||
})
|
||||
.catch(err => {
|
||||
res.sendStatus(500).json({message: "A SendGrid error occured while sending an email", err: err});
|
||||
});
|
||||
});
|
||||
}).catch(next);
|
||||
});
|
||||
|
||||
// return an application
|
||||
router.get('/:application', auth.required, function (req, res, next) {
|
||||
Promise.all([
|
||||
req.payload ? User.findById(req.payload.id) : null,
|
||||
req.application.populate('author')
|
||||
]).then(function (results) {
|
||||
var user = results[0];
|
||||
return res.json({ application: req.application.toJSONFor(user) });
|
||||
}).catch(next);
|
||||
});
|
||||
|
||||
router.put('/:application', auth.required, function (req, res, next) {
|
||||
User.findById(req.payload.id).then(function (user) {
|
||||
if (req.application.author._id.toString() === req.payload.id.toString()) {
|
||||
if (typeof req.body.application.title !== 'undefined') {
|
||||
req.application.title = req.body.application.title;
|
||||
}
|
||||
if (typeof req.body.application.description !== 'undefined') {
|
||||
req.application.description = req.body.application.description;
|
||||
}
|
||||
if (typeof req.body.application.apikey !== 'undefined') {
|
||||
req.application.apikey = req.body.application.apikey;
|
||||
}
|
||||
if (typeof req.body.application.maskedkey !== 'undefined') {
|
||||
req.application.maskedkey = req.body.application.maskedkey;
|
||||
}
|
||||
req.application.save().then(function (application) {
|
||||
return res.json({ application: application.toJSONFor(user) });
|
||||
}).catch(next);
|
||||
} else {
|
||||
return res.sendStatus(403);
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
// delete application
|
||||
router.delete('/:application', auth.required, function (req, res, next) {
|
||||
User.findById(req.payload.id).then(function (user) {
|
||||
if (!user) {
|
||||
return res.sendStatus(401).json({message: "Unauthorized - You are not allowed to access this resource."});
|
||||
}
|
||||
if (user.role == 'Admin' || req.application.author._id.toString() === req.payload.id.toString()) {
|
||||
return req.application.remove().then(function () {
|
||||
return res.sendStatus(204);
|
||||
});
|
||||
} else {
|
||||
return res.sendStatus(403).json({message: "Forbidden - You are not allowed to access this resource."});
|
||||
}
|
||||
}).catch(next);
|
||||
});
|
||||
|
||||
module.exports = router;
|
||||
Reference in New Issue
Block a user