Nachklang/API
2
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases Wiki Activity

Add credentials check and rework request structure

Browse Source
This commit is contained in:
Patrick Müller
2022-12-25 13:49:38 +01:00
parent ed9b7dafe0
commit 0348d89121
4 changed files with 82 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/models/calendar/events/credentials.service.ts
+29
View File
@@ -0,0 +1,29 @@
import * as dotenv from 'dotenv';
dotenv.config();
export const checkAdminPrivileges = (password: string) => {
return password == process.env.ADMIN_CREDENTIAL;
}
export const checkMemberPrivileges = (password: string) => {
return password == process.env.MEMBER_CREDENTIAL;
}
export const checkManagementPrivileges = (password: string) => {
return password == process.env.MANAGEMENT_CREDENTIAL;
}
export const hasAccess = (calendarName: string, password: string) => {
switch (calendarName) {
case 'public':
return true;
case 'members':
return checkMemberPrivileges(password);
case 'management':
return checkManagementPrivileges(password);
default:
return false;
}
}
src/models/calendar/events/events.router.ts
+48 -8
View File
@@ -5,6 +5,7 @@
import express, {Request, Response} from 'express';
import * as EventService from './events.service';
import * as iCalService from './icalgenerator.service';
import * as CredentialService from './credentials.service';
import {Guid} from 'guid-typescript';
import logger from '../../../middleware/logger';
@@ -18,17 +19,39 @@ export const eventsRouter = express.Router();
/**
* Constants
*/
const fileNames = ['Nachklang_calendar', 'Nachklang_internal_calendar', 'Nachklang_management_calendar'];
export const calendarNames = new Map<string, any> ([
['public', {id: 1, name: 'Nachklang_calendar'}],
['members', {id: 2, name: 'Nachklang_internal_calendar'}],
['management', {id: 3, name: 'Nachklang_management_calendar'}]
]);
/**
* Controller Definitions
*/
eventsRouter.get('/json', async (req: Request, res: Response) => {
eventsRouter.get('/:calendar/json', async (req: Request, res: Response) => {
try {
// Get request params
let calendarId: number = parseInt(req.query.calendar as string ?? '', 10);
let calendarName: string = req.params.calendar as string ?? '';
let password: string = req.query.password as string ?? '';
if (calendarName.length < 1) {
res.status(401).send({'message': 'Please state the name of the calendar you want events from.'});
return;
}
if(!Array.from(calendarNames.keys()).includes(calendarName)) {
res.status(401).send({'message': 'Unknown calendar.'});
return;
}
let calendarId: number = calendarNames.get(calendarName)!.id;
if (!CredentialService.hasAccess(calendarName, password)) {
res.status(401).send({'message': 'You do not have access to the specified calendar.'});
return;
}
// Get events
let events = await EventService.getAllEvents(calendarId);
@@ -37,20 +60,38 @@ eventsRouter.get('/json', async (req: Request, res: Response) => {
res.status(200).send(events);
} catch (e: any) {
console.log('Error handling a request: ' + e.message);
res.status(500).send(JSON.stringify({'message': 'Internal Server Error. Try again later.'}));
res.status(500).send({'message': 'Internal Server Error. Try again later.'});
}
});
eventsRouter.get('/ical', async (req: Request, res: Response) => {
eventsRouter.get('/:calendar/ical', async (req: Request, res: Response) => {
try {
// Get request params
let calendarId: number = parseInt(req.query.calendar as string ?? '', 10);
let calendarName: string = req.params.calendar as string ?? '';
let password: string = req.query.password as string ?? '';
if (calendarName.length < 1) {
res.status(401).send({'message': 'Please state the name of the calendar you want events from.'});
return;
}
if(!Array.from(calendarNames.keys()).includes(calendarName)) {
res.status(401).send({'message': 'Unknown calendar.'});
return;
}
let calendarId: number = calendarNames.get(calendarName)!.id;
if (!CredentialService.hasAccess(calendarName, password)) {
res.status(401).send({'message': 'You do not have access to the specified calendar.'});
return;
}
// Get events
let events = await EventService.getAllEvents(calendarId);
// generate file name
let fileName = fileNames[calendarId];
let fileName = calendarNames.get(calendarName)!.name;
let file = await iCalService.convertToIcal(events);
// Send the ical file back
@@ -59,7 +100,6 @@ eventsRouter.get('/ical', async (req: Request, res: Response) => {
} catch (e: any) {
let errorGuid = Guid.create().toString();
logger.error('Error handling a request: ' + e.message, {reference: errorGuid});
logger.error('Stacktrace: ' + e.stack, {reference: errorGuid});
res.status(500).send({
'status': 'PROCESSING_ERROR',
'message': 'Internal Server Error. Try again later.',
src/models/calendar/events/icalgenerator.service.ts
+1 -1
View File
@@ -49,7 +49,7 @@ const serializeIcalEvent = (icalevent: iCalEvent): string => {
const generateHeaderInfo = (ical: iCalFile) => {
ical.header = 'BEGIN:VCALENDAR\n' +
'VERSION:2.0\n' +
'PRODID:-//hacksw/handcal//NONSGML v1.0//EN\n' +
'PRODID:-//Nachklang e.V./Nachklang Calendar//NONSGML v1.0//EN\n' +
'CALSCALE:GREGORIAN\n' +
'BEGIN:VTIMEZONE\n' +
'TZID:Europe/Berlin\n' +