From 22471d64c7589b15cd34abc1246a17422a193629 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Malak?= Date: Thu, 11 Nov 2021 16:18:31 +0100 Subject: [PATCH] Backend: auth for config and queries. Refactor of middleware exports --- api.js | 2 +- controllers/apps/createApp.js | 5 ----- controllers/apps/deleteApp.js | 5 ----- controllers/apps/reorderApps.js | 5 ----- controllers/apps/updateApp.js | 5 ----- middleware/index.js | 8 ++++++++ middleware/requireAuth.js | 11 +++++++++++ routes/apps.js | 16 ++++++++++------ routes/config.js | 7 +++++-- routes/queries.js | 10 ++++++++-- 10 files changed, 43 insertions(+), 31 deletions(-) create mode 100644 middleware/index.js create mode 100644 middleware/requireAuth.js diff --git a/api.js b/api.js index 9caa377..840529a 100644 --- a/api.js +++ b/api.js @@ -1,6 +1,6 @@ const { join } = require('path'); const express = require('express'); -const errorHandler = require('./middleware/errorHandler'); +const { errorHandler } = require('./middleware'); const api = express(); diff --git a/controllers/apps/createApp.js b/controllers/apps/createApp.js index 67951a7..361e77e 100644 --- a/controllers/apps/createApp.js +++ b/controllers/apps/createApp.js @@ -1,16 +1,11 @@ const asyncWrapper = require('../../middleware/asyncWrapper'); const App = require('../../models/App'); const loadConfig = require('../../utils/loadConfig'); -const ErrorResponse = require('../../utils/ErrorResponse'); // @desc Create new app // @route POST /api/apps // @access Public const createApp = asyncWrapper(async (req, res, next) => { - if (!req.isAuthenticated) { - return next(new ErrorResponse('Unauthorized', 401)); - } - const { pinAppsByDefault } = await loadConfig(); let app; diff --git a/controllers/apps/deleteApp.js b/controllers/apps/deleteApp.js index 5c9f77d..ed55729 100644 --- a/controllers/apps/deleteApp.js +++ b/controllers/apps/deleteApp.js @@ -1,15 +1,10 @@ const asyncWrapper = require('../../middleware/asyncWrapper'); const App = require('../../models/App'); -const ErrorResponse = require('../../utils/ErrorResponse'); // @desc Delete app // @route DELETE /api/apps/:id // @access Public const deleteApp = asyncWrapper(async (req, res, next) => { - if (!req.isAuthenticated) { - return next(new ErrorResponse('Unauthorized', 401)); - } - await App.destroy({ where: { id: req.params.id }, }); diff --git a/controllers/apps/reorderApps.js b/controllers/apps/reorderApps.js index 24e102d..29794b3 100644 --- a/controllers/apps/reorderApps.js +++ b/controllers/apps/reorderApps.js @@ -1,15 +1,10 @@ const asyncWrapper = require('../../middleware/asyncWrapper'); const App = require('../../models/App'); -const ErrorResponse = require('../../utils/ErrorResponse'); // @desc Reorder apps // @route PUT /api/apps/0/reorder // @access Public const reorderApps = asyncWrapper(async (req, res, next) => { - if (!req.isAuthenticated) { - return next(new ErrorResponse('Unauthorized', 401)); - } - req.body.apps.forEach(async ({ id, orderId }) => { await App.update( { orderId }, diff --git a/controllers/apps/updateApp.js b/controllers/apps/updateApp.js index af2ab50..2a996fb 100644 --- a/controllers/apps/updateApp.js +++ b/controllers/apps/updateApp.js @@ -1,15 +1,10 @@ const asyncWrapper = require('../../middleware/asyncWrapper'); const App = require('../../models/App'); -const ErrorResponse = require('../../utils/ErrorResponse'); // @desc Update app // @route PUT /api/apps/:id // @access Public const updateApp = asyncWrapper(async (req, res, next) => { - if (!req.isAuthenticated) { - return next(new ErrorResponse('Unauthorized', 401)); - } - let app = await App.findOne({ where: { id: req.params.id }, }); diff --git a/middleware/index.js b/middleware/index.js new file mode 100644 index 0000000..6353809 --- /dev/null +++ b/middleware/index.js @@ -0,0 +1,8 @@ +module.exports = { + asyncWrapper: require('./asyncWrapper'), + auth: require('./auth'), + errorHandler: require('./errorHandler'), + upload: require('./multer'), + requireAuth: require('./requireAuth'), + requireBody: require('./requireBody'), +}; diff --git a/middleware/requireAuth.js b/middleware/requireAuth.js new file mode 100644 index 0000000..9e4dc9b --- /dev/null +++ b/middleware/requireAuth.js @@ -0,0 +1,11 @@ +const ErrorResponse = require('../utils/ErrorResponse'); + +const requireAuth = (req, res, next) => { + if (!req.isAuthenticated) { + return next(new ErrorResponse('Unauthorized', 401)); + } + + next(); +}; + +module.exports = requireAuth; diff --git a/routes/apps.js b/routes/apps.js index 7405ebe..3fd8a6c 100644 --- a/routes/apps.js +++ b/routes/apps.js @@ -1,7 +1,8 @@ const express = require('express'); const router = express.Router(); -const upload = require('../middleware/multer'); -const auth = require('../middleware/auth'); + +// middleware +const { auth, requireAuth, upload } = require('../middleware'); const { createApp, @@ -12,14 +13,17 @@ const { reorderApps, } = require('../controllers/apps'); -router.route('/').post(auth, upload, createApp).get(auth, getAllApps); +router + .route('/') + .post(auth, requireAuth, upload, createApp) + .get(auth, getAllApps); router .route('/:id') .get(auth, getSingleApp) - .put(auth, upload, updateApp) - .delete(auth, deleteApp); + .put(auth, requireAuth, upload, updateApp) + .delete(auth, requireAuth, deleteApp); -router.route('/0/reorder').put(auth, reorderApps); +router.route('/0/reorder').put(auth, requireAuth, reorderApps); module.exports = router; diff --git a/routes/config.js b/routes/config.js index fbb632f..0f4d22f 100644 --- a/routes/config.js +++ b/routes/config.js @@ -1,6 +1,9 @@ const express = require('express'); const router = express.Router(); +// middleware +const { auth, requireAuth } = require('../middleware'); + const { getCSS, updateCSS, @@ -8,8 +11,8 @@ const { updateConfig, } = require('../controllers/config'); -router.route('/').get(getConfig).put(updateConfig); +router.route('/').get(getConfig).put(auth, requireAuth, updateConfig); -router.route('/0/css').get(getCSS).put(updateCSS); +router.route('/0/css').get(getCSS).put(auth, requireAuth, updateCSS); module.exports = router; diff --git a/routes/queries.js b/routes/queries.js index afacffd..2262611 100644 --- a/routes/queries.js +++ b/routes/queries.js @@ -1,6 +1,9 @@ const express = require('express'); const router = express.Router(); +// middleware +const { auth, requireAuth } = require('../middleware'); + const { getQueries, addQuery, @@ -8,7 +11,10 @@ const { updateQuery, } = require('../controllers/queries/'); -router.route('/').post(addQuery).get(getQueries); -router.route('/:prefix').delete(deleteQuery).put(updateQuery); +router.route('/').post(auth, requireAuth, addQuery).get(getQueries); +router + .route('/:prefix') + .delete(auth, requireAuth, deleteQuery) + .put(auth, requireAuth, updateQuery); module.exports = router;