Add middlewares

anshulk · anshulk · commit 1b3787103344 · 2020-09-20T00:15:28.000+05:30
diff --git a/server/controllers/InvitationController.js b/server/controllers/InvitationController.js
@@ -5,7 +5,7 @@ class InvitationController extends CrudController {
     invite = async (req, res, next) => {
         try {
             if (!("organisationId" in req.body && "emailList" in req.body)) {
-                throw "Missing parameters";
+                throw FliptaskError.missingParams();
             }
             req.body.createdBy = req.user.id;
             const data = await this.service.inviteMany(req.body);
@@ -18,7 +18,7 @@ class InvitationController extends CrudController {
     details = async (req, res, next) => {
         try {
             if (!("link" in req.query)) {
-                throw "Missing parameters";
+                throw FliptaskError.missingParams();
             }
             const data = await this.service.details(req.query.link);
             Response.success(res, data);
@@ -32,7 +32,7 @@ class InvitationController extends CrudController {
             const { user, body } = req;
             const { link, accept } = body;
             if (!(link && accept)) {
-                throw "Missing parameters";
+                throw FliptaskError.missingParams();
             }
             const data = await this.service.resolve({ user, link, accept });
             Response.success(res, data);
diff --git a/server/controllers/WorkspaceController.js b/server/controllers/WorkspaceController.js
@@ -1,3 +1,3 @@
 const CrudController = require("./base/CrudController");
 
-global.WorkspaceController = new CrudController(WorkspaceService);
+global.workspaceController = new CrudController(workspaceService);
diff --git a/server/controllers/base/Response.js b/server/controllers/base/Response.js
@@ -8,8 +8,8 @@ class Response {
 
         let messages = {};
         
-        if (typeof error === "string") {
-            messages["error"] = error;
+        if (error instanceof Error) {
+            messages["error"] = error.message;
         } else if ("errors" in error && error["errors"].length) {
             messages = error["errors"].reduce((acc, item) => {
                 if (item.path && item.message) {
diff --git a/server/errors/FliptaskError.js b/server/errors/FliptaskError.js
@@ -0,0 +1,11 @@
+class FliptaskError extends Error {
+    static permissionDenied(message = "Permission Denied") {
+        return new FliptaskError(message);
+    }
+
+    static missingParams(message = "Missing Parameters") {
+        return new FliptaskError(message);
+    }
+}
+
+global.FliptaskError = FliptaskError;
diff --git a/server/errors/index.js b/server/errors/index.js
@@ -0,0 +1 @@
+require("./FliptaskError");
diff --git a/server/index.js b/server/index.js
@@ -19,10 +19,10 @@ const configuration = {
     bootstrap: [
         "Multer",
         "Mailer",
-        "Logger",
+        // "Logger",
         // "DB",
         // "Model",
-        "Middleware",
+        // "Middleware",
         // "Controller",
         // "Route",
         "Express"
@@ -65,10 +65,12 @@ const loadApp = async () => {
 
 
     require("./database");
+    require("./errors");
     require("./models");
     require("./services");
     require("./controllers");
     require("./auth");
+    require("./middlewares");
     require("./routes");
 
     const { PORT } = process.env;
diff --git a/server/middlewares/Auth.js b/server/middlewares/Auth.js
diff --git a/server/middlewares/Modifier.js b/server/middlewares/Modifier.js
@@ -0,0 +1,13 @@
+class Modifier {
+    static paramIdIsOrgId(req, res, next) {
+        res.locals.orgId = req.params.id;
+        next();
+    }
+
+    static createdByUser(req, res, next) {
+        req.query.createdBy = req.user.id;
+        next();
+    }
+}
+
+global.Modifier = Modifier;
diff --git a/server/middlewares/Permission.js b/server/middlewares/Permission.js
@@ -0,0 +1,27 @@
+const Response = require("../controllers/base/Response");
+
+class Permission {
+    static async userIsOrgMember(req, res, next) {
+        try {
+            let orgId;
+            if ("orgId" in res.locals) {
+                orgId = res.locals.orgId;
+            } else if (req.query && "organisationId" in req.query) {
+                orgId = req.query.organisationId;
+            } else if (req.body && "organisationId" in req.body) {
+                orgId = req.body.organisationId;
+            }
+            const userOrgs = await req.user.getOrganisations();
+            const orgIds = userOrgs.map((org) => org.id);
+            if (orgIds.indexOf(parseInt(orgId, 10)) < 0) {
+                throw FliptaskError.permissionDenied();
+            }
+            next();
+        } catch (error) {
+            console.log(error instanceof Error);
+            Response.error(res, error);
+        }
+    }
+}
+
+global.Permission = Permission;
diff --git a/server/middlewares/index.js b/server/middlewares/index.js
@@ -0,0 +1,2 @@
+require("./Permission");
+require("./Modifier");
diff --git a/server/routes/InvitationRouter.js b/server/routes/InvitationRouter.js
@@ -3,6 +3,17 @@ const CrudRouter = require("./base/CrudRouter");
 const invitationRouter = new CrudRouter("/invitation", InvitationController);
 
 invitationRouter.mergeRoutes({
+    "/": {
+        get: [
+            bearerAuth,
+            Modifier.createdByUser,
+            InvitationController.list
+        ],
+        post: [
+            bearerAuth,
+            InvitationController.create
+        ]
+    },
     "/invite": {
         post: [
             bearerAuth,
diff --git a/server/routes/WorkspaceRouter.js b/server/routes/WorkspaceRouter.js
@@ -1,5 +1,23 @@
+const Permissions = require("../services/base/Permissions");
 const CrudRouter = require("./base/CrudRouter");
 
-const workspaceRouter = new CrudRouter("/workspace", WorkspaceController);
+const workspaceRouter = new CrudRouter("/workspace", workspaceController);
+
+workspaceRouter.mergeRoutes({
+    "/": {
+        get: [
+            bearerAuth,
+            Permission.userIsOrgMember,
+            workspaceController.list
+        ],
+        post: [
+            bearerAuth,
+            Permission.userIsOrgMember,
+            workspaceController.create
+        ]
+    }
+});
+
+
 
 workspaceRouter.register();
diff --git a/server/routes/base/CrudRouter.js b/server/routes/base/CrudRouter.js
@@ -33,14 +33,15 @@ class CrudRouter {
 
     mergeRoutes = async (routes) => {
         this.routes = {
-            ...routes,
-            ...this.routes
+            ...this.routes,
+            ...routes
         }
     }
 
     register = async () => {
         for (const endpoint in this.routes) {
             for (const method in this.routes[endpoint]) {
+                // console.log(method, this.basePath + endpoint, this.routes[endpoint][method]);
                 expressApp[method](this.basePath+endpoint, this.routes[endpoint][method]);
             }
         }
diff --git a/server/services/InvitationService.js b/server/services/InvitationService.js
@@ -61,7 +61,7 @@ class InvitationService extends CrudService {
         });
 
         if (!invitation) {
-            throw "Invalid invitation."
+            throw new FliptaskError("Invalid invitation.")
         }
 
         if (invitation.status != 'invited') {
@@ -119,7 +119,7 @@ class InvitationService extends CrudService {
         });
 
         if (!invitation) {
-            throw "Invalid link";
+            throw new FliptaskError("Invalid link");
         }
 
         if (invitation.resolvedAt) {
diff --git a/server/services/UserService.js b/server/services/UserService.js
@@ -67,12 +67,12 @@ class UserService extends CrudService {
         });
 
         if (!user) {
-            throw "No user exists with this email!"
+            throw new FliptaskError("No user exists with this email!")
         }
 
         const passwordMatch = await this._checkPassword(password, user.password);
         if (!passwordMatch) {
-            throw "Invalid credentials!"
+            throw new FliptaskError("Invalid credentials!")
         }
 
         return await this.token(user);
@@ -91,7 +91,7 @@ class UserService extends CrudService {
         const splitHeader = authHeader.split(" ")
 
         if (splitHeader.length != 2) {
-            throw "Failed to logout!";
+            throw new FliptaskError("Failed to logout!");
         }
 
         const token = splitHeader[1];
@@ -102,7 +102,7 @@ class UserService extends CrudService {
             }
         } catch (error) {
             console.log("Logout error", authHeader, error)
-            throw "Failed to logout!"
+            throw new FliptaskError("Failed to logout!")
         }
     }
 }
diff --git a/server/services/WorkspaceService.js b/server/services/WorkspaceService.js
@@ -6,4 +6,4 @@ class WorkspaceService extends CrudService {
     }
 }
 
-global.WorkspaceService = new WorkspaceService(Workspace);
+global.workspaceService = new WorkspaceService(Workspace);
diff --git a/server/services/base/CrudService.js b/server/services/base/CrudService.js
@@ -4,7 +4,7 @@ class CrudService extends Permissions {
     constructor(model) {
         super(model);
         this.model = model;
-        this.pageSize = 2;
+        this.pageSize = 10;
     }
 
     list = async (query) => {
@@ -61,6 +61,7 @@ class CrudService extends Permissions {
 
     get = async (id, query) => {
         let { include } = query;
+        console.log("get ", id, include);
         return await this.model.findByPk(id, { include });
     }
 
diff --git a/server/services/base/Permissions.js b/server/services/base/Permissions.js
@@ -2,7 +2,7 @@ class Permissions {
     _userIsOrgMember = async ({ createdBy, organisationId }) => {
         const organisation = await Organisation.findByPk(organisationId);
         if (!organisation) {
-            throw "Missing or incorrect params";
+            throw FliptaskError.missingParams("Missing or incorrect params");
         } else {
             const userOrganisationMap = await UserOrganisationMap.findOne({
                 where: {
@@ -12,7 +12,7 @@ class Permissions {
             });
 
             if (!userOrganisationMap) {
-                throw "Not authorised."
+                throw FliptaskError.permissionDenied();
             }
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`	`1`	`const CrudController = require("./base/CrudController");`
`2`	`2`
`3`		`-global.WorkspaceController = new CrudController(WorkspaceService);`
	`3`	`+global.workspaceController = new CrudController(workspaceService);`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+require("./Permission");`
	`2`	`+require("./Modifier");`