Return unauthorised at the controller level rather than at middleware level

Signed-off-by: Fred Boniface <fred@fjla.uk>
2023-07-08 18:39:24 +01:00 · 2023-07-08 18:39:24 +01:00 · 69f72dfff1
commit 69f72dfff1
parent 12753d76a1
5 changed files with 57 additions and 21 deletions
--- a/app.js
+++ b/app.js
@ -66,12 +66,13 @@ app.use(cors()); // Allow access from any origin
 app.use(express.json()); //JSON Parsing for POST Requests
 app.use(compression()); // Compress API Data if supported by client
 app.use(limiter);
 app.use(authenticate);
 // 2023 Rationalisation Routes (/api/v2, /misc)
-app.use('/api/v2/pis', authenticate, pis2Rtr); // API Version 2
+app.use('/api/v2/pis', pis2Rtr); // API Version 2
-app.use('/api/v2/live',authenticate, live2Rtr); // API Version 2
+app.use('/api/v2/live', live2Rtr); // API Version 2
 app.use('/api/v2/ref', ref2Rtr); // API Version 2
-app.use('/api/v2/timetable', authenticate, tt2Rtr); // API Version 2
+app.use('/api/v2/timetable', tt2Rtr); // API Version 2
 app.use('/api/v2/user', user2Rtr); // API Version 2
 app.use('/misc', miscRtr); // Non public-api endpoints (Stats, Issue, etc.)
--- a/src/controllers/ldb.controllers.js
+++ b/src/controllers/ldb.controllers.js
@ -12,6 +12,11 @@ async function get(req, res, next){ // API v1 only
 }
 async function getTrain(req, res, next) { // API v2 Only
  if (!req.isAuthed) {
    const err = new Error('Unauthorized');
    err.status = 401;
    throw err;
  }
  let type = req.params.searchType;
  let id = req.params.id;
  try {
@ -25,12 +30,11 @@ async function getTrain(req, res, next) { // API v2 Only
      res.json(await ldb.getServicesByOther(id));
      break;
    default:
-      res.status(404);
+      res.status(400).json({status: 'error', message:'Invalid search type'});
      res.json({status: 'error', message:'Invalid search type'});
    }
  } catch (err) {
    console.error('Unknown Error', err.message);
    err.status = 500;
    console.error('Unknown Error', err.message);
    next(err);
  }
 }
@ -40,11 +44,14 @@ async function getStation(req, res, next) { // API v2 Only
  let id = req.params.id;
  try {
    if (type == 'staff') {
      if (!req.isAuthed) {
        const err = new Error('Unauthorized');
        err.status = 401;
        throw err;
      }
      res.json(await ldb.get(id, true));
      next();
    } else {
      res.json(await ldb.get(id, false));
      next();
    }
  } catch (err) {
    console.error('Unknown Error', err.message);
--- a/src/controllers/pis.controllers.js
+++ b/src/controllers/pis.controllers.js
@ -1,6 +1,11 @@
 const pis = require('../services/pis.services');
 async function byOrigDest(req, res, next){
  if (!req.isAuthed) {
    const err = new Error('Unauthorized');
    err.status = 401;
    throw err;
  }
  try {
    let start = req.params.start;
    let end = req.params.end;
@ -13,33 +18,48 @@ async function byOrigDest(req, res, next){
 /* Used in /api/v2 */
 async function byStartEndCRS(req, res, next){
  if (!req.isAuthed) {
    const err = new Error('Unauthorized');
    err.status = 401;
    return next(err);
  }
  try {
    let startCrs = req.params.startCrs;
    let endCrs = req.params.endCrs;
    res.json(await pis.findPisByOrigDest(startCrs,endCrs));
  } catch (err) {
    console.error('Unknown Error', err.message);
-    next(err);
+    return next(err);
  }
 }
 /* Used in /api/v2 */
 async function byCode(req, res, next){
  if (!req.isAuthed) {
    const err = new Error('Unauthorized');
    err.status = 401;
    return next(err);
  }
  try {
    let code = req.params.code;
    res.json(await pis.findPisByCode(code));
  } catch (err) {
    console.error('Unknown Error', err.message);
-    next(err);
+    return next(err);
  }
 }
 async function random(req, res, next){
  if (!req.isAuthed) {
    const err = new Error('Unauthorized');
    err.status = 401;
    return next(err);
  }
  try {
    res.json(await pis.findRandom());
  } catch (err) {
    console.error('Unknown Error', err.message);
-    next(err);
+    return next(err);
  }
 }
--- a/src/controllers/train.controllers.js
+++ b/src/controllers/train.controllers.js
@ -1,6 +1,11 @@
 const train = require('../services/trainService.services');
 async function getByHeadcodeToday(req, res, next){
  if (!req.isAuthed) {
    const err = new Error('Unauthorized');
    err.status = 401;
    throw err;
  }
  try {
    var searchHeadcode = req.params.id;
    res.json(await train.findByHeadcodeToday(searchHeadcode));
@ -12,6 +17,11 @@ async function getByHeadcodeToday(req, res, next){
 }
 async function get(req, res, next) {
  if (!req.isAuthed) {
    const err = new Error('Unauthorized');
    err.status = 401;
    throw err;
  }
  let date = req.params.date;
  let searchType = req.params.searchType;
  let id = req.params.id;
--- a/src/middlewares/auth.middlewares.js
+++ b/src/middlewares/auth.middlewares.js
@ -6,25 +6,23 @@ module.exports = async function authCheck(req, res, next) {
  try {
    var uuid = req.headers.uuid;
  } catch(err) {
-    log.out('authMiddlewares: No authentication attempted', 'dbug');
+    log.out('authMiddlewares: User !isAuthed', 'dbug');
-    err.status = 401;
+    req.isAuthed = false;
-    return next(err);
+    return next();
  }
  try {
    var result = await utils.isAuthed(uuid) || false;
    if (!result) {
      req.isAuthed = false;
-      const err = new Error('Unauthorised');
+      log.out('authMiddlewares: User !isAuthed',
      err.status = 401;
      log.out('authMiddlewares: Authentication attempted with incorrect key',
        'warn');
      return next(err);
    } else {
      req.isAuthed = true;
-      log.out('authMiddlewares: User authenticated', 'dbug');
+      log.out('authMiddlewares: User isAuthed', 'dbug');
      return next();
    }
    return next();
  } catch(err) {
-    return next(err);
+    req.isAuthed = false;
    return next();
  }
 };