44 lines
1.3 KiB
JavaScript
44 lines
1.3 KiB
JavaScript
const express = require('express');
|
|
const router = express.Router();
|
|
const cors = require('cors'); //route-by-route, because some routes are available without authentication
|
|
|
|
//middleware
|
|
const authToken = require('../utilities/token-auth');
|
|
|
|
//the routes
|
|
const query = require('./query');
|
|
const publish = require('./publish');
|
|
const edit = require('./edit');
|
|
const remove = require('./remove');
|
|
|
|
//basic route management (all query possibilities)
|
|
router.get('/{:id}', cors(), query(false, false));
|
|
router.get('/archive/{:id}', cors(), query(true, false));
|
|
router.get('/metadata/{:id}', cors(), query(false, true));
|
|
router.get('/archive/metadata/{:id}', cors(), query(true, true));
|
|
|
|
//use middleware to authenticate the rest of the routes
|
|
router.use(cors({
|
|
credentials: true,
|
|
origin: [`${process.env.WEB_ORIGIN}`], //because auth-server
|
|
allowedHeaders: ['Origin', 'X-Requested-With', 'Content-Type', 'Accept', 'Authorization', 'Set-Cookie'],
|
|
exposedHeaders: ['Origin', 'X-Requested-With', 'Content-Type', 'Accept', 'Authorization', 'Set-Cookie'],
|
|
}));
|
|
|
|
router.use(authToken);
|
|
|
|
router.use((req, res, next) => {
|
|
if (req.user.mod) {
|
|
next();
|
|
} else {
|
|
res.status(403).end();
|
|
}
|
|
});
|
|
|
|
//authenticated routes
|
|
router.post('/', publish);
|
|
router.patch('/{:id}', edit);
|
|
router.delete('/{:id}', remove);
|
|
|
|
module.exports = router;
|