Return unauthorised at the controller level rather than at middleware level
Signed-off-by: Fred Boniface <fred@fjla.uk>
This commit is contained in:
parent
12753d76a1
commit
69f72dfff1
7
app.js
7
app.js
@ -66,12 +66,13 @@ app.use(cors()); // Allow access from any origin
|
|||||||
app.use(express.json()); //JSON Parsing for POST Requests
|
app.use(express.json()); //JSON Parsing for POST Requests
|
||||||
app.use(compression()); // Compress API Data if supported by client
|
app.use(compression()); // Compress API Data if supported by client
|
||||||
app.use(limiter);
|
app.use(limiter);
|
||||||
|
app.use(authenticate);
|
||||||
|
|
||||||
// 2023 Rationalisation Routes (/api/v2, /misc)
|
// 2023 Rationalisation Routes (/api/v2, /misc)
|
||||||
app.use('/api/v2/pis', authenticate, pis2Rtr); // API Version 2
|
app.use('/api/v2/pis', pis2Rtr); // API Version 2
|
||||||
app.use('/api/v2/live',authenticate, live2Rtr); // API Version 2
|
app.use('/api/v2/live', live2Rtr); // API Version 2
|
||||||
app.use('/api/v2/ref', ref2Rtr); // API Version 2
|
app.use('/api/v2/ref', ref2Rtr); // API Version 2
|
||||||
app.use('/api/v2/timetable', authenticate, tt2Rtr); // API Version 2
|
app.use('/api/v2/timetable', tt2Rtr); // API Version 2
|
||||||
app.use('/api/v2/user', user2Rtr); // API Version 2
|
app.use('/api/v2/user', user2Rtr); // API Version 2
|
||||||
app.use('/misc', miscRtr); // Non public-api endpoints (Stats, Issue, etc.)
|
app.use('/misc', miscRtr); // Non public-api endpoints (Stats, Issue, etc.)
|
||||||
|
|
||||||
|
@ -12,6 +12,11 @@ async function get(req, res, next){ // API v1 only
|
|||||||
}
|
}
|
||||||
|
|
||||||
async function getTrain(req, res, next) { // API v2 Only
|
async function getTrain(req, res, next) { // API v2 Only
|
||||||
|
if (!req.isAuthed) {
|
||||||
|
const err = new Error('Unauthorized');
|
||||||
|
err.status = 401;
|
||||||
|
throw err;
|
||||||
|
}
|
||||||
let type = req.params.searchType;
|
let type = req.params.searchType;
|
||||||
let id = req.params.id;
|
let id = req.params.id;
|
||||||
try {
|
try {
|
||||||
@ -25,12 +30,11 @@ async function getTrain(req, res, next) { // API v2 Only
|
|||||||
res.json(await ldb.getServicesByOther(id));
|
res.json(await ldb.getServicesByOther(id));
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
res.status(404);
|
res.status(400).json({status: 'error', message:'Invalid search type'});
|
||||||
res.json({status: 'error', message:'Invalid search type'});
|
|
||||||
}
|
}
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
console.error('Unknown Error', err.message);
|
|
||||||
err.status = 500;
|
err.status = 500;
|
||||||
|
console.error('Unknown Error', err.message);
|
||||||
next(err);
|
next(err);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -40,11 +44,14 @@ async function getStation(req, res, next) { // API v2 Only
|
|||||||
let id = req.params.id;
|
let id = req.params.id;
|
||||||
try {
|
try {
|
||||||
if (type == 'staff') {
|
if (type == 'staff') {
|
||||||
|
if (!req.isAuthed) {
|
||||||
|
const err = new Error('Unauthorized');
|
||||||
|
err.status = 401;
|
||||||
|
throw err;
|
||||||
|
}
|
||||||
res.json(await ldb.get(id, true));
|
res.json(await ldb.get(id, true));
|
||||||
next();
|
|
||||||
} else {
|
} else {
|
||||||
res.json(await ldb.get(id, false));
|
res.json(await ldb.get(id, false));
|
||||||
next();
|
|
||||||
}
|
}
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
console.error('Unknown Error', err.message);
|
console.error('Unknown Error', err.message);
|
||||||
|
@ -1,6 +1,11 @@
|
|||||||
const pis = require('../services/pis.services');
|
const pis = require('../services/pis.services');
|
||||||
|
|
||||||
async function byOrigDest(req, res, next){
|
async function byOrigDest(req, res, next){
|
||||||
|
if (!req.isAuthed) {
|
||||||
|
const err = new Error('Unauthorized');
|
||||||
|
err.status = 401;
|
||||||
|
throw err;
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
let start = req.params.start;
|
let start = req.params.start;
|
||||||
let end = req.params.end;
|
let end = req.params.end;
|
||||||
@ -13,33 +18,48 @@ async function byOrigDest(req, res, next){
|
|||||||
|
|
||||||
/* Used in /api/v2 */
|
/* Used in /api/v2 */
|
||||||
async function byStartEndCRS(req, res, next){
|
async function byStartEndCRS(req, res, next){
|
||||||
|
if (!req.isAuthed) {
|
||||||
|
const err = new Error('Unauthorized');
|
||||||
|
err.status = 401;
|
||||||
|
return next(err);
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
let startCrs = req.params.startCrs;
|
let startCrs = req.params.startCrs;
|
||||||
let endCrs = req.params.endCrs;
|
let endCrs = req.params.endCrs;
|
||||||
res.json(await pis.findPisByOrigDest(startCrs,endCrs));
|
res.json(await pis.findPisByOrigDest(startCrs,endCrs));
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
console.error('Unknown Error', err.message);
|
console.error('Unknown Error', err.message);
|
||||||
next(err);
|
return next(err);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Used in /api/v2 */
|
/* Used in /api/v2 */
|
||||||
async function byCode(req, res, next){
|
async function byCode(req, res, next){
|
||||||
|
if (!req.isAuthed) {
|
||||||
|
const err = new Error('Unauthorized');
|
||||||
|
err.status = 401;
|
||||||
|
return next(err);
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
let code = req.params.code;
|
let code = req.params.code;
|
||||||
res.json(await pis.findPisByCode(code));
|
res.json(await pis.findPisByCode(code));
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
console.error('Unknown Error', err.message);
|
console.error('Unknown Error', err.message);
|
||||||
next(err);
|
return next(err);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
async function random(req, res, next){
|
async function random(req, res, next){
|
||||||
|
if (!req.isAuthed) {
|
||||||
|
const err = new Error('Unauthorized');
|
||||||
|
err.status = 401;
|
||||||
|
return next(err);
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
res.json(await pis.findRandom());
|
res.json(await pis.findRandom());
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
console.error('Unknown Error', err.message);
|
console.error('Unknown Error', err.message);
|
||||||
next(err);
|
return next(err);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,6 +1,11 @@
|
|||||||
const train = require('../services/trainService.services');
|
const train = require('../services/trainService.services');
|
||||||
|
|
||||||
async function getByHeadcodeToday(req, res, next){
|
async function getByHeadcodeToday(req, res, next){
|
||||||
|
if (!req.isAuthed) {
|
||||||
|
const err = new Error('Unauthorized');
|
||||||
|
err.status = 401;
|
||||||
|
throw err;
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
var searchHeadcode = req.params.id;
|
var searchHeadcode = req.params.id;
|
||||||
res.json(await train.findByHeadcodeToday(searchHeadcode));
|
res.json(await train.findByHeadcodeToday(searchHeadcode));
|
||||||
@ -12,6 +17,11 @@ async function getByHeadcodeToday(req, res, next){
|
|||||||
}
|
}
|
||||||
|
|
||||||
async function get(req, res, next) {
|
async function get(req, res, next) {
|
||||||
|
if (!req.isAuthed) {
|
||||||
|
const err = new Error('Unauthorized');
|
||||||
|
err.status = 401;
|
||||||
|
throw err;
|
||||||
|
}
|
||||||
let date = req.params.date;
|
let date = req.params.date;
|
||||||
let searchType = req.params.searchType;
|
let searchType = req.params.searchType;
|
||||||
let id = req.params.id;
|
let id = req.params.id;
|
||||||
|
@ -6,25 +6,23 @@ module.exports = async function authCheck(req, res, next) {
|
|||||||
try {
|
try {
|
||||||
var uuid = req.headers.uuid;
|
var uuid = req.headers.uuid;
|
||||||
} catch(err) {
|
} catch(err) {
|
||||||
log.out('authMiddlewares: No authentication attempted', 'dbug');
|
log.out('authMiddlewares: User !isAuthed', 'dbug');
|
||||||
err.status = 401;
|
req.isAuthed = false;
|
||||||
return next(err);
|
return next();
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
var result = await utils.isAuthed(uuid) || false;
|
var result = await utils.isAuthed(uuid) || false;
|
||||||
if (!result) {
|
if (!result) {
|
||||||
req.isAuthed = false;
|
req.isAuthed = false;
|
||||||
const err = new Error('Unauthorised');
|
log.out('authMiddlewares: User !isAuthed',
|
||||||
err.status = 401;
|
|
||||||
log.out('authMiddlewares: Authentication attempted with incorrect key',
|
|
||||||
'warn');
|
'warn');
|
||||||
return next(err);
|
|
||||||
} else {
|
} else {
|
||||||
req.isAuthed = true;
|
req.isAuthed = true;
|
||||||
log.out('authMiddlewares: User authenticated', 'dbug');
|
log.out('authMiddlewares: User isAuthed', 'dbug');
|
||||||
|
}
|
||||||
|
return next();
|
||||||
|
} catch(err) {
|
||||||
|
req.isAuthed = false;
|
||||||
return next();
|
return next();
|
||||||
}
|
}
|
||||||
} catch(err) {
|
|
||||||
return next(err);
|
|
||||||
}
|
|
||||||
};
|
};
|
Loading…
Reference in New Issue
Block a user