This commit is contained in:
parent
02f7424b56
commit
95983021ed
|
@ -11,7 +11,7 @@ dotenv.config();
|
||||||
export const checkAdminPrivileges = async (sessionId: string, sessionKey: string, ip: string) => {
|
export const checkAdminPrivileges = async (sessionId: string, sessionKey: string, ip: string) => {
|
||||||
if(sessionId) {
|
if(sessionId) {
|
||||||
let user = await UserService.checkSession(sessionId, sessionKey, ip);
|
let user = await UserService.checkSession(sessionId, sessionKey, ip);
|
||||||
return user.is_active;
|
return user.isActive;
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
@ -23,7 +23,7 @@ export const checkAdminPrivileges = async (sessionId: string, sessionKey: string
|
||||||
export const checkMemberPrivileges = async (sessionId: string, sessionKey: string, password: string, ip: string) => {
|
export const checkMemberPrivileges = async (sessionId: string, sessionKey: string, password: string, ip: string) => {
|
||||||
if(sessionId) {
|
if(sessionId) {
|
||||||
let user = await UserService.checkSession(sessionId, sessionKey, ip);
|
let user = await UserService.checkSession(sessionId, sessionKey, ip);
|
||||||
return user.is_active;
|
return user.isActive;
|
||||||
}
|
}
|
||||||
|
|
||||||
return password == process.env.MEMBER_CREDENTIAL;
|
return password == process.env.MEMBER_CREDENTIAL;
|
||||||
|
@ -36,7 +36,7 @@ export const checkMemberPrivileges = async (sessionId: string, sessionKey: strin
|
||||||
export const checkManagementPrivileges = async (sessionId: string, sessionKey: string, password: string, ip: string) => {
|
export const checkManagementPrivileges = async (sessionId: string, sessionKey: string, password: string, ip: string) => {
|
||||||
if(sessionId) {
|
if(sessionId) {
|
||||||
let user = await UserService.checkSession(sessionId, sessionKey, ip);
|
let user = await UserService.checkSession(sessionId, sessionKey, ip);
|
||||||
return user.is_active;
|
return user.isActive;
|
||||||
}
|
}
|
||||||
|
|
||||||
return password == process.env.MANAGEMENT_CREDENTIAL;
|
return password == process.env.MANAGEMENT_CREDENTIAL;
|
||||||
|
|
|
@ -125,7 +125,7 @@ eventsRouter.post('/', async (req: Request, res: Response) => {
|
||||||
|
|
||||||
let user = await UserService.checkSession(sessionId, sessionKey, ip);
|
let user = await UserService.checkSession(sessionId, sessionKey, ip);
|
||||||
|
|
||||||
if (!user.is_active) {
|
if (!user.isActive) {
|
||||||
res.status(403).send({'message': 'You do not have access to the specified calendar.'});
|
res.status(403).send({'message': 'You do not have access to the specified calendar.'});
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -150,7 +150,7 @@ eventsRouter.post('/', async (req: Request, res: Response) => {
|
||||||
endDateTime: new Date(req.body.endDateTime),
|
endDateTime: new Date(req.body.endDateTime),
|
||||||
createdDate: new Date(),
|
createdDate: new Date(),
|
||||||
location: req.body.location ?? '',
|
location: req.body.location ?? '',
|
||||||
createdById: user.user_id ?? -1,
|
createdById: user.userId ?? -1,
|
||||||
url: req.body.url ?? '',
|
url: req.body.url ?? '',
|
||||||
wholeDay: req.body.wholeDay ?? false
|
wholeDay: req.body.wholeDay ?? false
|
||||||
};
|
};
|
||||||
|
@ -181,7 +181,7 @@ eventsRouter.put('/:eventId', async (req: Request, res: Response) => {
|
||||||
|
|
||||||
let user = await UserService.checkSession(sessionId, sessionKey, ip);
|
let user = await UserService.checkSession(sessionId, sessionKey, ip);
|
||||||
|
|
||||||
if (!user.is_active) {
|
if (!user.isActive) {
|
||||||
res.status(403).send({'message': 'You do not have access to the specified calendar.'});
|
res.status(403).send({'message': 'You do not have access to the specified calendar.'});
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -208,7 +208,7 @@ eventsRouter.put('/:eventId', async (req: Request, res: Response) => {
|
||||||
createdDate: new Date(),
|
createdDate: new Date(),
|
||||||
location: req.body.location ?? '',
|
location: req.body.location ?? '',
|
||||||
createdBy: req.body.createdBy ?? '',
|
createdBy: req.body.createdBy ?? '',
|
||||||
createdById: user.user_id ?? -1,
|
createdById: user.userId ?? -1,
|
||||||
url: req.body.url ?? '',
|
url: req.body.url ?? '',
|
||||||
wholeDay: req.body.wholeDay ?? false
|
wholeDay: req.body.wholeDay ?? false
|
||||||
};
|
};
|
||||||
|
@ -242,7 +242,7 @@ eventsRouter.delete('/:eventId', async (req: Request, res: Response) => {
|
||||||
|
|
||||||
let user = await UserService.checkSession(sessionId, sessionKey, ip);
|
let user = await UserService.checkSession(sessionId, sessionKey, ip);
|
||||||
|
|
||||||
if (!user.is_active) {
|
if (!user.isActive) {
|
||||||
res.status(403).send({'message': 'You do not have access to the specified calendar.'});
|
res.status(403).send({'message': 'You do not have access to the specified calendar.'});
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
export interface Session {
|
export interface Session {
|
||||||
session_id: number;
|
sessionId: number;
|
||||||
user_id: number;
|
userId: number;
|
||||||
session_key: string;
|
sessionKey: string;
|
||||||
session_key_hash: string;
|
sessionKeyHash: string;
|
||||||
created_date?: Date;
|
createdDate?: Date;
|
||||||
valid_until?: Date;
|
validUntil?: Date;
|
||||||
last_ip: string;
|
lastIP: string;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
export interface User {
|
export interface User {
|
||||||
user_id: number;
|
userId: number;
|
||||||
full_name: string;
|
fullName: string;
|
||||||
password_hash: string;
|
passwordHash: string;
|
||||||
email: string;
|
email: string;
|
||||||
is_active: boolean;
|
isActive: boolean;
|
||||||
}
|
}
|
||||||
|
|
|
@ -39,8 +39,8 @@ usersRouter.post('/register', async (req: Request, res: Response) => {
|
||||||
|
|
||||||
// Send the session details back to the user
|
// Send the session details back to the user
|
||||||
res.status(201).send({
|
res.status(201).send({
|
||||||
session_id: session.session_id,
|
sessionId: session.sessionId,
|
||||||
session_key: session.session_key
|
sessionKey: session.sessionKey
|
||||||
});
|
});
|
||||||
} catch (e: any) {
|
} catch (e: any) {
|
||||||
let errorGuid = Guid.create().toString();
|
let errorGuid = Guid.create().toString();
|
||||||
|
@ -69,16 +69,16 @@ usersRouter.post('/login', async (req: Request, res: Response) => {
|
||||||
// Create a session
|
// Create a session
|
||||||
const session: Session = await UserService.login(email, password, ip);
|
const session: Session = await UserService.login(email, password, ip);
|
||||||
|
|
||||||
if (!session.session_id) {
|
if (!session.sessionId) {
|
||||||
// Error logging in, probably wrong username / password
|
// Error logging in, probably wrong username / password
|
||||||
res.status(401).send(JSON.stringify({messages: ['Wrong username and / or password']}));
|
res.status(401).send(JSON.stringify({message: 'Wrong username and / or password', sessionId: -1, sessionKey: ''}));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Send the session details back to the user
|
// Send the session details back to the user
|
||||||
res.status(200).send({
|
res.status(200).send({
|
||||||
session_id: session.session_id,
|
sessionId: session.sessionId,
|
||||||
session_key: session.session_key
|
sessionKey: session.sessionKey
|
||||||
});
|
});
|
||||||
} catch (e: any) {
|
} catch (e: any) {
|
||||||
let errorGuid = Guid.create().toString();
|
let errorGuid = Guid.create().toString();
|
||||||
|
@ -95,8 +95,8 @@ usersRouter.post('/login', async (req: Request, res: Response) => {
|
||||||
usersRouter.post('/checkSessionValid', async (req: Request, res: Response) => {
|
usersRouter.post('/checkSessionValid', async (req: Request, res: Response) => {
|
||||||
try {
|
try {
|
||||||
const ip: string = req.socket.remoteAddress ?? '';
|
const ip: string = req.socket.remoteAddress ?? '';
|
||||||
const session_id = req.body.session_id;
|
const session_id = req.body.sessionId;
|
||||||
const session_key = req.body.session_key;
|
const session_key = req.body.sessionKey;
|
||||||
|
|
||||||
if (!session_id || !session_key) {
|
if (!session_id || !session_key) {
|
||||||
// Error logging in, probably wrong username / password
|
// Error logging in, probably wrong username / password
|
||||||
|
@ -106,7 +106,7 @@ usersRouter.post('/checkSessionValid', async (req: Request, res: Response) => {
|
||||||
|
|
||||||
const user: User = await UserService.checkSession(session_id, session_key, ip);
|
const user: User = await UserService.checkSession(session_id, session_key, ip);
|
||||||
|
|
||||||
if (!user.user_id) {
|
if (!user.userId) {
|
||||||
// Error logging in, probably wrong username / password
|
// Error logging in, probably wrong username / password
|
||||||
res.status(401).send(JSON.stringify({messages: ['Invalid session']}));
|
res.status(401).send(JSON.stringify({messages: ['Invalid session']}));
|
||||||
return;
|
return;
|
||||||
|
|
|
@ -49,11 +49,11 @@ export const createUser = async (email: string, password: string, fullName: stri
|
||||||
}
|
}
|
||||||
|
|
||||||
return {
|
return {
|
||||||
session_id: sessionId,
|
sessionId: sessionId,
|
||||||
user_id: userId,
|
userId: userId,
|
||||||
session_key: sessionKey,
|
sessionKey: sessionKey,
|
||||||
session_key_hash: 'HIDDEN',
|
sessionKeyHash: 'HIDDEN',
|
||||||
last_ip: ip
|
lastIP: ip
|
||||||
};
|
};
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
throw err;
|
throw err;
|
||||||
|
@ -102,11 +102,11 @@ export const login = async (email: string, password: string, ip: string): Promis
|
||||||
}
|
}
|
||||||
|
|
||||||
return {
|
return {
|
||||||
session_id: sessionId,
|
sessionId: sessionId,
|
||||||
user_id: userId,
|
userId: userId,
|
||||||
session_key: sessionKey,
|
sessionKey: sessionKey,
|
||||||
session_key_hash: 'HIDDEN',
|
sessionKeyHash: 'HIDDEN',
|
||||||
last_ip: ip
|
lastIP: ip
|
||||||
};
|
};
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
throw err;
|
throw err;
|
||||||
|
@ -167,11 +167,11 @@ export const checkSession = async (sessionId: string, sessionKey: string, ip: st
|
||||||
|
|
||||||
// Everything is fine, return user information
|
// Everything is fine, return user information
|
||||||
return {
|
return {
|
||||||
user_id: userId,
|
userId: userId,
|
||||||
email: email,
|
email: email,
|
||||||
password_hash: 'HIDDEN',
|
passwordHash: 'HIDDEN',
|
||||||
full_name: fullName,
|
fullName: fullName,
|
||||||
is_active: is_active
|
isActive: is_active
|
||||||
};
|
};
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
throw err;
|
throw err;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user