Altered API, read more

I moved /auth/account/privilege to /admin/privilege I also fixed PATCH and DELETE on /account
Added privilege modification to the API
2021-03-14 04:35:03 +11:00 · 2021-03-12 15:04:01 +11:00 · 2021-03-11 00:41:24 +11:00 · 2021-03-11 00:01:19 +11:00 · 2021-03-10 23:57:27 +11:00 · 2021-03-10 23:43:57 +11:00
13 changed files with 96 additions and 40 deletions
@@ -106,6 +106,5 @@ dist
 # Docker generated files and folders
 letsencrypt/
 mysql/
 Dockerfile
 docker-compose.yml
 startup.sql
@@ -0,0 +1,10 @@
 FROM node:15
 WORKDIR "/app"
 COPY package*.json ./
 RUN npm install --production
 COPY . /app
 EXPOSE 3200
 USER node
 ENTRYPOINT ["bash", "-c"]
 CMD ["sleep 10 && npm start"]
@@ -4,9 +4,7 @@ An API centric auth server. Uses Sequelize and mariaDB by default.
 # Setup
-TODO: Dockerize this project
+There are multiple ways to run this app - it can run on it's own via `npm start` (for production) or `npm run dev` (for development). it can also run inside docker using `docker-compose up --build` - run `node configure-script.js` to generate docker-compose.yml.
 TODO: Write setup instructions, once dockerized
 # API
@@ -39,9 +37,13 @@ Content-Type: application/json
 	"refreshToken": "fghij"
 }
-//DOCS: Retreives the private account data, results vary
+//Replace an expired authToken pair with these values
-GET /auth/account
+POST /auth/token
-Authorization: Bearer accessToken
+Content-Type: application/json
 {
 	"token": "refreshToken"
 }
 //DOCS: After this is called, the refresh route will no longer work
 DELETE /auth/logout
@@ -51,13 +53,9 @@ Authorization: Bearer accessToken
 	"token": "refreshToken"
 }
-//Replace an expired authToken pair with these values
+//DOCS: Retreives the private account data, results vary
-POST /auth/token
+GET /auth/account
-Content-Type: application/json
+Authorization: Bearer accessToken
 {
 	"token": "refreshToken"
 }
 //Result
 {
@@ -66,12 +64,12 @@ Content-Type: application/json
 }
 //DOCS: Update account data, input varies, but is always JSON
-PATCH /auth/update
+PATCH /auth/account
 Content-Type: application/json
 Authorization: Bearer accessToken
 //DOCS: Sets the timer, account will be deleted after 2 days
-DELETE /auth/deletion
+DELETE /auth/account
 Authorization: Bearer accessToken
 Content-Type: application/json
@@ -79,4 +77,13 @@ Content-Type: application/json
 	"password": "helloworld"
 }
 //DOCS: Sets the privilege of the specified user; usable only by admins
 PATCH /auth/admin/privilege
 Authorization: Bearer accessToken
 Content-Type: application/json
 {
 	"username": "example",
 	"privilege: "administrator"
 }
 ```
@@ -54,7 +54,7 @@ const question = (prompt, def = null) => {
 version: '3'
 services:
-  app:
+  ${appName}:
    build:
      context: .
    ports:
@@ -98,7 +98,9 @@ services:
      - app-network
    volumes:
      - ./mysql:/var/lib/mysql
-  traefik:
+      - ./startup.sql:/docker-entrypoint-initdb.d/startup.sql:ro
  traefik_${appName}:
    container_name: ${appName}_traefik
    image: "traefik:v2.4"
    container_name: "traefik"
    command:
@@ -116,7 +118,6 @@ services:
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./startup.sql:/docker-entrypoint-initdb.d/startup.sql:ro"
    networks:
      - app-network
 networks:
@@ -0,0 +1,20 @@
 const { accounts } = require('../database/models');
 //auth/account/privilege
 const route = async (req, res) => {
 	const updated = await accounts.update({
 		privilege: req.body.privilege
 	}, {
 		where: {
 			username: req.body.username
 		}
 	});
 	if (updated < 1) {
 		return res.status(403).send(`Unknown account`);
 	}
 	return res.status(200).end();
 };
 module.exports = route;
@@ -1,3 +1,22 @@
-module.exports = {
+const express = require('express');
-	defaultAccount: require('./default-account')
+const router = express.Router();
-};
+
 //middleware
 const tokenAuth = require('../utilities/token-auth');
 router.use(tokenAuth);
 router.use((req, res, next) => {
 	//check the user's privilege
 	if (req.user.privilege != 'administrator') {
 		return res.status(401).send('Admins only');
 	}
 	next();
 });
 require('./default-account')(); //generate the default accouunt
 //basic route management
 router.patch('/privilege', require('./account-privilege'));
 module.exports = router;
@@ -17,7 +17,7 @@ const route = async (req, res) => {
 	//compare the user's password
 	const compare = utils.promisify(bcrypt.compare);
-	const match = await compare(req.body.password, account.hash);
+	const match = await compare(req.body.password || '', account.hash);
 	if (!match) {
 		return res.status(401).send('incorrect password');
@@ -9,12 +9,12 @@ const route = async (req, res) => {
 	});
 	if (!account) {
-		res.status(401).send('Unknown account');
+		return res.status(401).send('Unknown account');
 	}
 	//respond with the private-facing data
-	res.status(200).json({
+	return res.status(200).json({
-		contact: await account.contact
+		contact: account.contact
 	});
 };
@@ -2,7 +2,7 @@ const express = require('express');
 const router = express.Router();
 //middleware
-const authToken = require('../utilities/token-auth');
+const tokenAuth = require('../utilities/token-auth');
 //signup -> validate -> login all without a token
 router.post('/signup', require('./signup'));
@@ -13,12 +13,12 @@ router.post('/login', require('./login'));
 router.post('/token', require('./token'));
 //middleware
-router.use(authToken);
+router.use(tokenAuth);
 //basic account management (needs a token)
 router.delete('/logout', require('./logout'));
-router.get('/account', require('./account'));
+router.get('/account', require('./account-query'));
-router.patch('/update', require('./update'));
+router.patch('/account', require('./account-update'));
-router.delete('/deletion', require('./deletion'));
+router.delete('/account', require('./account-delete'));
 module.exports = router;
@@ -4,7 +4,7 @@ const sequelize = new Sequelize(process.env.DB_DATABASE, process.env.DB_USERNAME
 	host: process.env.DB_HOSTNAME,
 	dialect: 'mariadb',
 	timezone: process.env.DB_TIMEZONE,
-	logging: false
+	logging: process.env.DB_LOGGING ? console.log : false
 });
 sequelize.sync();
@@ -15,8 +15,8 @@ app.use(cors());
 //database connection
 const database = require('./database');
-const admin = require('./admin');
+//access the admin
-admin.defaultAccount();
+app.use('/admin', require('./admin'));
 //access the auth
 app.use('/auth', require('./auth'));
@@ -6,16 +6,16 @@ module.exports = (req, res, next) => {
 	const token = authHeader?.split (' ')[1]; //'Bearer token'
 	if (!token) {
-		return res.status(401).end();
+		return res.status(401).send('No token found');
 	}
-	jwt.verify(token, process.env.SECRET_ACCESS, (err, user) => {
+	return jwt.verify(token, process.env.SECRET_ACCESS, (err, user) => {
 		if (err) {
-			return res.status(403).end();
+			return res.status(403).send(err);
 		}
 		req.user = user;
-		next();
+		return next();
 	});
 };
Author	SHA1	Message	Date
Kayne Ruse	b2bf1aaf92	Altered API, read more I moved /auth/account/privilege to /admin/privilege I also fixed PATCH and DELETE on /account	2021-03-14 04:35:03 +11:00
Kayne Ruse	61ddd5b38f	Added privilege modification to the API	2021-03-12 15:04:01 +11:00
Kayne Ruse	cbd3ed9d3e	Found a mistyped header	2021-03-11 00:41:24 +11:00
Kayne Ruse	7bbd6bbcf1	Wait, that's better	2021-03-11 00:01:19 +11:00
Kayne Ruse	7ddef6ed1b	Added DB_QUIET as an option	2021-03-10 23:57:27 +11:00
Kayne Ruse	4581f0376a	Fixed crash when no password provided on account deletion	2021-03-10 23:43:57 +11:00
Kayne Ruse	da8bba93eb	Finally playing nice together	2021-03-07 15:34:04 +11:00
Kayne Ruse	ddc07e4605	Irritating	2021-03-07 14:45:05 +11:00
Kayne Ruse	29ca934b93	Oh, come on	2021-03-07 14:21:12 +11:00
Kayne Ruse	0dd1717ff6	Minor name tweak	2021-03-07 14:14:13 +11:00
Kayne Ruse	a23fb81570	Quick config fix	2021-03-07 14:07:48 +11:00
Kayne Ruse	83af2b1395	Tweaked docker-compose	2021-03-07 13:52:51 +11:00
Kayne Ruse	b08e099b1e	Whoops, forgot dockerfile for docker hub	2021-03-07 09:06:53 +11:00