Altered API, read more

I moved /auth/account/privilege to /admin/privilege I also fixed PATCH and DELETE on /account
Added privilege modification to the API
2021-03-14 04:35:03 +11:00 · 2021-03-12 15:04:01 +11:00 · 2021-03-11 00:41:24 +11:00
9 changed files with 77 additions and 29 deletions
@@ -37,9 +37,13 @@ Content-Type: application/json
 	"refreshToken": "fghij"
 }

-//DOCS: Retreives the private account data, results vary
-GET /auth/account
-Authorization: Bearer accessToken
+//Replace an expired authToken pair with these values
+POST /auth/token
+Content-Type: application/json
+
+{
+	"token": "refreshToken"
+}

 //DOCS: After this is called, the refresh route will no longer work
 DELETE /auth/logout
@@ -49,13 +53,9 @@ Authorization: Bearer accessToken
 	"token": "refreshToken"
 }

-//Replace an expired authToken pair with these values
-POST /auth/token
-Content-Type: application/json
-
-{
-	"token": "refreshToken"
-}
+//DOCS: Retreives the private account data, results vary
+GET /auth/account
+Authorization: Bearer accessToken

 //Result
 {
@@ -64,12 +64,12 @@ Content-Type: application/json
 }

 //DOCS: Update account data, input varies, but is always JSON
-PATCH /auth/update
+PATCH /auth/account
 Content-Type: application/json
 Authorization: Bearer accessToken

 //DOCS: Sets the timer, account will be deleted after 2 days
-DELETE /auth/deletion
+DELETE /auth/account
 Authorization: Bearer accessToken
 Content-Type: application/json

@@ -77,4 +77,13 @@ Content-Type: application/json
 	"password": "helloworld"
 }

+//DOCS: Sets the privilege of the specified user; usable only by admins
+PATCH /auth/admin/privilege
+Authorization: Bearer accessToken
+Content-Type: application/json
+
+{
+	"username": "example",
+	"privilege: "administrator"
+}
 ```
@@ -0,0 +1,20 @@
+const { accounts } = require('../database/models');
+
+//auth/account/privilege
+const route = async (req, res) => {
+	const updated = await accounts.update({
+		privilege: req.body.privilege
+	}, {
+		where: {
+			username: req.body.username
+		}
+	});
+
+	if (updated < 1) {
+		return res.status(403).send(`Unknown account`);
+	}
+
+	return res.status(200).end();
+};
+
+module.exports = route;
@@ -1,3 +1,22 @@
-module.exports = {
-	defaultAccount: require('./default-account')
-};
+const express = require('express');
+const router = express.Router();
+
+//middleware
+const tokenAuth = require('../utilities/token-auth');
+
+router.use(tokenAuth);
+router.use((req, res, next) => {
+	//check the user's privilege
+	if (req.user.privilege != 'administrator') {
+		return res.status(401).send('Admins only');
+	}
+
+	next();
+});
+
+require('./default-account')(); //generate the default accouunt
+
+//basic route management
+router.patch('/privilege', require('./account-privilege'));
+
+module.exports = router;
@@ -9,12 +9,12 @@ const route = async (req, res) => {
 	});

 	if (!account) {
-		res.status(401).send('Unknown account');
+		return res.status(401).send('Unknown account');
 	}

 	//respond with the private-facing data
-	res.status(200).json({
-		contact: await account.contact
+	return res.status(200).json({
+		contact: account.contact
 	});
 };

@@ -2,7 +2,7 @@ const express = require('express');
 const router = express.Router();

 //middleware
-const authToken = require('../utilities/token-auth');
+const tokenAuth = require('../utilities/token-auth');

 //signup -> validate -> login all without a token
 router.post('/signup', require('./signup'));
@@ -13,12 +13,12 @@ router.post('/login', require('./login'));
 router.post('/token', require('./token'));

 //middleware
-router.use(authToken);
+router.use(tokenAuth);

 //basic account management (needs a token)
 router.delete('/logout', require('./logout'));
-router.get('/account', require('./account'));
-router.patch('/update', require('./update'));
-router.delete('/deletion', require('./deletion'));
+router.get('/account', require('./account-query'));
+router.patch('/account', require('./account-update'));
+router.delete('/account', require('./account-delete'));

 module.exports = router;
@@ -15,8 +15,8 @@ app.use(cors());
 //database connection
 const database = require('./database');

-const admin = require('./admin');
-admin.defaultAccount();
+//access the admin
+app.use('/admin', require('./admin'));

 //access the auth
 app.use('/auth', require('./auth'));
@@ -6,16 +6,16 @@ module.exports = (req, res, next) => {
 	const token = authHeader?.split (' ')[1]; //'Bearer token'

 	if (!token) {
-		return res.status(401).end();
+		return res.status(401).send('No token found');
 	}

-	jwt.verify(token, process.env.SECRET_ACCESS, (err, user) => {
+	return jwt.verify(token, process.env.SECRET_ACCESS, (err, user) => {
 		if (err) {
-			return res.status(403).end();
+			return res.status(403).send(err);
 		}

 		req.user = user;

-		next();
+		return next();
 	});
 };
Author	SHA1	Message	Date
Kayne Ruse	b2bf1aaf92	Altered API, read more I moved /auth/account/privilege to /admin/privilege I also fixed PATCH and DELETE on /account	2021-03-14 04:35:03 +11:00
Kayne Ruse	61ddd5b38f	Added privilege modification to the API	2021-03-12 15:04:01 +11:00
Kayne Ruse	cbd3ed9d3e	Found a mistyped header	2021-03-11 00:41:24 +11:00