Recv/lib/api/admin/index.js

const express = require('express');
const jwt = require('jsonwebtoken');


async function checkAuthorization(req, res, repository, onVerified)
{
  var token;

  if (req.headers.authorization)
  {
    if (req.headers.authorization.split(' ')[0] !== 'Bearer')
    {
      res.sendStatus(400);
      return;
    }

    token = req.headers.authorization.split(' ')[1];
  }
  else if (req.cookies && req.cookies.adminToken)
  {
    token = req.cookies.adminToken;
  }
  else
  {
    res.sendStatus(403);
    return;
  }


  jwt.verify(token, config.jwtSecret, async (err, decoded) =>
  {
    try
    {
      if (err)
      {
        res.sendStatus(403);
        return;
      }

      if (decoded.userId)
      {
        var user = await repository.users.get(decoded.userId);
        if (user === null || !user.active)
        {
          res.sendStatus(403);
          return;
        }
        else
          await onVerified(user);
      }
      else
        res.sendStatus(400);
    }
    catch (e)
    {
      console.log(e);
      res.sendStatus(500);
    }
  });
}


module.exports = (repository) =>
{
  var router = express.Router();

  // Redirects to make Vue-router URLs less quirky
  router.get('/', (req, res) => { res.redirect(301, '/#/admin/') });

  router.use(async (req, res, next) =>
  {
    try
    {
      await checkAuthorization(req, res, repository, (user) =>
      {
        req.user = user;
        next();
      });
    }
    catch (err)
    {
      console.log(err);
    }
  });

  require('./status')(repository, router);
  require('./codes')(repository, router);
  require('./uploads')(repository, router);
  require('./users')(repository, router);

  return router;
}
Implemented changing code ownership Refactored admin API 2018-05-13 07:33:10 +00:00			`const express = require('express');`
			`const jwt = require('jsonwebtoken');`


			`async function checkAuthorization(req, res, repository, onVerified)`
			`{`
			`var token;`

			`if (req.headers.authorization)`
			`{`
			`if (req.headers.authorization.split(' ')[0] !== 'Bearer')`
			`{`
			`res.sendStatus(400);`
			`return;`
			`}`

			`token = req.headers.authorization.split(' ')[1];`
			`}`
			`else if (req.cookies && req.cookies.adminToken)`
			`{`
			`token = req.cookies.adminToken;`
			`}`
			`else`
			`{`
			`res.sendStatus(403);`
			`return;`
			`}`


			`jwt.verify(token, config.jwtSecret, async (err, decoded) =>`
			`{`
			`try`
			`{`
			`if (err)`
			`{`
			`res.sendStatus(403);`
			`return;`
			`}`

			`if (decoded.userId)`
			`{`
			`var user = await repository.users.get(decoded.userId);`
			`if (user === null \|\| !user.active)`
			`{`
			`res.sendStatus(403);`
			`return;`
			`}`
			`else`
			`await onVerified(user);`
			`}`
			`else`
			`res.sendStatus(400);`
			`}`
			`catch (e)`
			`{`
			`console.log(e);`
			`res.sendStatus(500);`
			`}`
			`});`
			`}`


			`module.exports = (repository) =>`
			`{`
			`var router = express.Router();`
Fixed 'forbidden' on /admin Fixed logout menu item position in Firefox 2018-05-31 12:42:55 +00:00
			`// Redirects to make Vue-router URLs less quirky`
			`router.get('/', (req, res) => { res.redirect(301, '/#/admin/') });`

Implemented changing code ownership Refactored admin API 2018-05-13 07:33:10 +00:00			`router.use(async (req, res, next) =>`
			`{`
			`try`
			`{`
			`await checkAuthorization(req, res, repository, (user) =>`
			`{`
			`req.user = user;`
			`next();`
			`});`
			`}`
			`catch (err)`
			`{`
			`console.log(err);`
			`}`
			`});`

			`require('./status')(repository, router);`
			`require('./codes')(repository, router);`
			`require('./uploads')(repository, router);`
			`require('./users')(repository, router);`

			`return router;`
			`}`