Mirrors
/
Matterwiki
mirror of https://github.com/Matterwiki/Matterwiki.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Made admin endpoints only admin accessible

Browse Source
pull/1/head
Nishant Arora 8 years ago
parent e84bc52708
commit 767b0463ac
4 changed files with 200 additions and 108 deletions
Show Stats Download Patch File Download Diff File

133
api/admin.js
Unescape Escape View File

@ -0,0 +1,133 @@
/*
This file contains all the endpoints which are accessible only to the admin.
The endpoints are
GET /users
POST /users
PUT /users
DELETE /users
NOTE:
The above users endpoints are not present in this file as they are all the users
endpoints this API has, they are present in a separate file, users.js
All those still come under the ADMIN endpoints
PUT /topics
DELETE /topics
DELETE /articles
*/
// Importing the topics model
var Topics = require('../models/topic.js');
var Articles = require('../models/article.js');
var db = require('../db.js'); //this file contains the knex file import. it's equal to knex=require('knex')
module.exports = function(app) {
app.put('/topics',function(req,res){
/*
This is a PUT endpoint for updating a topic information.
It takes the id of the topic to be updated and then updates it with the new object.
the error key in the returning object is a boolen which is false if there is no error and true otherwise
TODO: Add updates only for columns that are in the request body. Handle exceptions.
*/
Topics.forge({id: req.body.id})
.save({name: req.body.name, description: req.body.description})
.then(function(topic) {
res.json({
error: {
error: false,
message: ''
},
code: 'B125',
data: topic
});
})
.catch(function (error) {
res.status(500).json({
error: {
error: true,
message: error.message
},
code: 'B126',
data: {
}
});
});
});
app.delete('/topics',function(req,res){
/*
This is a DELETE endpoint for delete a complete topic from the database.
It takes the id of the topic and then delete that record from the database.
the error key in the returning object is a boolen which is false if there is no error and true otherwise
*/
Topics.forge({id: req.body.id})
.destroy()
.then(function() {
res.json({
error: {
error: false,
message: ''
},
code: 'B127',
data: {
}
});
})
.catch(function (error) {
res.status(500).json({
error: {
error: true,
message: error.message
},
code: 'B128',
data: {
}
});
});
});
app.delete('/articles',function(req,res){
/*
This is a DELETE endpoint for delete a complete article from the database.
It takes the id of the article and then deletes that record from the database.
the error key in the returning object is a boolen which is false if there is no error and true otherwise
*/
Articles.forge({id: req.body.id})
.destroy()
.then(function() {
res.json({
error: {
error: false,
message: ''
},
code: 'B109',
data: {
}
});
})
.catch(function (error) {
res.status(500).json({
error: {
error: true,
message: error.message
},
code: 'B110',
data: {
}
});
});
});
}

35
api/articles.js
Unescape Escape View File

@ -146,41 +146,6 @@ module.exports = function(app){
});
app.delete('/articles',function(req,res){
/*
This is a DELETE endpoint for delete a complete article from the database.
It takes the id of the article and then deletes that record from the database.
the error key in the returning object is a boolen which is false if there is no error and true otherwise
*/
Articles.forge({id: req.body.id})
.destroy()
.then(function() {
res.json({
error: {
error: false,
message: ''
},
code: 'B109',
data: {
}
});
})
.catch(function (error) {
res.status(500).json({
error: {
error: true,
message: error.message
},
code: 'B110',
data: {
}
});
});
});
app.get('/articles/compare',function(req,res){
/*

72
api/topics.js
Unescape Escape View File

@ -76,78 +76,6 @@ module.exports = function(app) {
});
app.put('/topics',function(req,res){
/*
This is a PUT endpoint for updating a topic information.
It takes the id of the topic to be updated and then updates it with the new object.
the error key in the returning object is a boolen which is false if there is no error and true otherwise
TODO: Add updates only for columns that are in the request body. Handle exceptions.
*/
Topics.forge({id: req.body.id})
.save({name: req.body.name, description: req.body.description})
.then(function(topic) {
res.json({
error: {
error: false,
message: ''
},
code: 'B125',
data: topic
});
})
.catch(function (error) {
res.status(500).json({
error: {
error: true,
message: error.message
},
code: 'B126',
data: {
}
});
});
});
app.delete('/topics',function(req,res){
/*
This is a DELETE endpoint for delete a complete topic from the database.
It takes the id of the topic and then delete that record from the database.
the error key in the returning object is a boolen which is false if there is no error and true otherwise
*/
Topics.forge({id: req.body.id})
.destroy()
.then(function() {
res.json({
error: {
error: false,
message: ''
},
code: 'B127',
data: {
}
});
})
.catch(function (error) {
res.status(500).json({
error: {
error: true,
message: error.message
},
code: 'B128',
data: {
}
});
});
});
app.get('/topic/:id/articles',function(req,res){
/*
This is a GET endpoint that responds with the list of all the articles that belong to a particular topic (topic of given id param)

68
index.js
Unescape Escape View File

@ -11,6 +11,7 @@ var bodyParser = require('body-parser'); //body parser to parse the request body
var db = require('./db.js'); //this file contains the knex file import. it's equal to knex=require('knex')
var app = express();
var apiRoutes = express.Router();
var apiRoutesAdmin = express.Router();
var jwt = require('jsonwebtoken');
var misc = require('./misc.js');
var config = require('./config'); //config file in the app directory which contains the JWT key
@ -74,6 +75,66 @@ apiRoutes.use(function(req, res, next) {
}
});
apiRoutesAdmin.use(function(req, res, next) {
// check header or url parameters or post parameters for token
var token = req.body.token || req.query.token || req.headers['x-access-token'];
// decode token
if (token) {
// verifies secret and checks for expiration
jwt.verify(token, app.get('superSecret'), function(err, decoded) {
if (err) {
return res.json({
error: {
error: true,
message: 'Failed to authenticate token'
},
code: 'B101',
data: {
}
});
} else {
if(decoded.id == 1) {
// if everything is good, save to request for use in other routes
req.decoded = decoded;
next();
}
else {
return res.status(403).json({
error: {
error: true,
message: 'You are not authorized to perform this action'
},
code: 'BNOTADMIN',
data: {
}
});
}
}
});
} else {
// if there is no token
// return an error
return res.status(403).json({
error: {
error: true,
message: 'No token provided'
},
code: 'B102',
data: {
}
});
}
});
// Importing all endpoints for articles
require('./api/articles')(apiRoutes);
@ -81,12 +142,17 @@ require('./api/articles')(apiRoutes);
require('./api/topics')(apiRoutes);
// Importing all endpoints for users
require('./api/users')(apiRoutes);
require('./api/users')(apiRoutesAdmin);
// Importing all endpoints for archives
require('./api/archives')(apiRoutes);
// Importing all endpoints which are only admin accessible
require('./api/admin')(apiRoutesAdmin);
app.use('/api', apiRoutes);
app.use('/api', apiRoutesAdmin);
app.use(express.static(__dirname + '/client'));

Write Preview
Loading…
Cancel
Save