var router = require('express').Router(), mongoose = require('mongoose'), Application = mongoose.model('Application'), User = mongoose.model('User'); const auth = require('../auth'), mailer = require('@sendgrid/mail'); mailer.setApiKey(process.env.SENDGRID_API_KEY); // Preload application objects on routes with ':application' router.param('application', function (req, res, next, slug) { Application.findOne({ slug: slug }) .populate('author') .then(function (application) { if (!application) { return res.sendStatus(404); } req.application = application; return next(); }).catch(next); }); router.get('/', auth.required, function (req, res, next) { let query = {}; let limit = 25; let offset = 0; if (typeof req.query.limit !== 'undefined') { limit = req.query.limit; } if (typeof req.query.offset !== 'undefined') { offset = req.query.offset; } if (typeof req.query.apikey !== 'undefined') { query.apikey = req.query.apikey; } if (typeof req.query.maskedkey !== 'undefined') { query.maskedkey = req.query.maskedkey; } Promise.all([ req.query.author ? User.findOne({ username: req.query.author }) : null ]).then(function (author) { if (author[0]) { query.author = author[0]._id; } return Promise.all([ Application.find(query) .skip(Number(offset)) .limit(Number(limit)) .sort({ createdAt: 'desc' }) .populate('author') .exec(), Application.count(query).exec(), req.payload ? User.findById(req.payload.id) : null ]).then(function (results) { let applications = results[0]; let applicationsCount = results[1]; let user = results[2]; return res.json({ applications: applications.map(function (application) { return application.toJSONFor(user); }), applicationsCount: applicationsCount }); }); }).catch(next); }); router.post('/', auth.required, function (req, res, next) { Promise.all([ User.findById(req.payload.id), auth.generateAPIKey() ]).then(function (results) { let user = results[0]; let keys = results[1]; if (!user) { return res.sendStatus(401).json({message: "Unauthorized - You are not allowed to access this resource."}); } let application = new Application(req.body.application); application.author = user; application.apikey = keys.encrypted; application.maskedkey = keys.masked; return application.save().then(function () { let msg = { to: user.email, from: process.env.SENDGRID_FROM_MAIL, subject: `Api-Key ${application.title}`, text: `Votre Api-Key: ${keys.key}\nAttention, cette Api-Key doit être conservée et ne sera plus affichée.\n\n${application.title}\n${application.description}`, html: `

${application.title}

Votre Api-Key: ${keys.key}
Attention, cette Api-Key doit être conservée et ne sera plus affichée.


${application.description}

` }; mailer.send(msg).then(() => { return res.json({ application: application.toJSONFor(user) }); }) .catch(err => { res.sendStatus(500).json({message: "A SendGrid error occured while sending an email", err: err}); }); }); }).catch(next); }); // return an application router.get('/:application', auth.required, function (req, res, next) { Promise.all([ req.payload ? User.findById(req.payload.id) : null, req.application.populate('author') ]).then(function (results) { let user = results[0]; return res.json({ application: req.application.toJSONFor(user) }); }).catch(next); }); router.put('/:application', auth.required, function (req, res, next) { User.findById(req.payload.id).then(function (user) { if (req.application.author._id.toString() === req.payload.id.toString()) { if (typeof req.body.application.title !== 'undefined') { req.application.title = req.body.application.title; } if (typeof req.body.application.description !== 'undefined') { req.application.description = req.body.application.description; } if (typeof req.body.application.apikey !== 'undefined') { req.application.apikey = req.body.application.apikey; } if (typeof req.body.application.maskedkey !== 'undefined') { req.application.maskedkey = req.body.application.maskedkey; } req.application.save().then(function (application) { return res.json({ application: application.toJSONFor(user) }); }).catch(next); } else { return res.status(403).json({ errors: { "Forbidden": "Vous ne disposez pas des autorisations suffisantes" } }); } }); }); // delete application router.delete('/:application', auth.required, function (req, res, next) { User.findById(req.payload.id).then(function (user) { if (!user) { return res.status(401).json({ errors: { "Unauthorized": "autentification requise" } }); } if (user.role == 'Admin' || req.application.author._id.toString() === req.payload.id.toString()) { return req.application.remove().then(function () { return res.sendStatus(204); }); } else { return res.status(403).json({ errors: { "Forbidden": "Vous ne disposez pas des autorisations suffisantes" } }); } }).catch(next); }); module.exports = router;