p5.js-web-editor/server/controllers/user.controller/apiKey.js
Andrew Nicolaou 37fcf46972 Public API: Create new project (fixes #1095) (#1106)
* Converts import script to use public API endpoints

The endpoints don't exist yet, but this is a good way to see how
the implementation of the data structures differ.

* Exposes public API endpoint to fetch user's sketches

* Implements public API delete endpoint

* Adds helper to create custom ApplicationError classes

* Adds create project endpoint that understand API's data structure

This transforms the nested tree of file data into a mongoose
Project model

* Returns '201 Created' to match API spec

* Removes 'CustomError' variable assignment as it shows up in test output

* transformFiles will return file validation errors

* Tests API project controller

* Tests toModel()

* Creates default files if no root-level .html file is provided

* Do not auto-generate a slug if it is provided

Fixes a bug where the slug was auto-generated using the sketch name,
even if a slug property had been provided.

* Validates uniqueness of slugs for projects created by the public API

* Adds tests for slug uniqueness

* Configures node's Promise implementation for mongoose (fixes warnings)

* Moves createProject tests to match controller location

* Adds support for code to ApplicationErrors

* deleteProject controller tests

* getProjectsForUser controller tests

- implements tests
- update apiKey tests to use new User mocks

* Ensure error objects have consistent property names

`message` is used as a high-level description of the errors
`detail` is optional and has an plain language explanation of the
individual errors
`errors` is an array of each individual problem from `detail` in a
machine-readable format

* Assert environment variables are provided at script start

* Version public API

* Expect "files" property to always be provided

* Fixes linting error

* Converts import script to use public API endpoints

The endpoints don't exist yet, but this is a good way to see how
the implementation of the data structures differ.

* Exposes public API endpoint to fetch user's sketches

* Implements public API delete endpoint

* Adds helper to create custom ApplicationError classes

* Adds create project endpoint that understand API's data structure

This transforms the nested tree of file data into a mongoose
Project model

* Returns '201 Created' to match API spec

* Removes 'CustomError' variable assignment as it shows up in test output

* transformFiles will return file validation errors

* Tests API project controller

* Tests toModel()

* Creates default files if no root-level .html file is provided

* Do not auto-generate a slug if it is provided

Fixes a bug where the slug was auto-generated using the sketch name,
even if a slug property had been provided.

* Validates uniqueness of slugs for projects created by the public API

* Adds tests for slug uniqueness

* Configures node's Promise implementation for mongoose (fixes warnings)

* Moves createProject tests to match controller location

* deleteProject controller tests

* Adds support for code to ApplicationErrors

* getProjectsForUser controller tests

- implements tests
- update apiKey tests to use new User mocks

* Ensure error objects have consistent property names

`message` is used as a high-level description of the errors
`detail` is optional and has an plain language explanation of the
individual errors
`errors` is an array of each individual problem from `detail` in a
machine-readable format

* Assert environment variables are provided at script start

* Version public API

* Expect "files" property to always be provided

* Fixes linting error

* Checks that authenticated user has permission to create under this namespace

Previously, the project was always created under the authenticated user's
namespace, but this not obvious behaviour.
2019-09-08 16:45:58 +02:00

103 lines
2.4 KiB
JavaScript

import crypto from 'crypto';
import User from '../../models/user';
/**
* Generates a unique token to be used as a Personal Access Token
* @returns Promise<String> A promise that resolves to the token, or an Error
*/
function generateApiKey() {
return new Promise((resolve, reject) => {
crypto.randomBytes(20, (err, buf) => {
if (err) {
reject(err);
}
const key = buf.toString('hex');
resolve(Buffer.from(key).toString('base64'));
});
});
}
export function createApiKey(req, res) {
return new Promise((resolve, reject) => {
function sendFailure(code, error) {
res.status(code).json({ error });
resolve();
}
User.findById(req.user.id, async (err, user) => {
if (!user) {
sendFailure(404, 'User not found');
return;
}
if (!req.body.label) {
sendFailure(400, 'Expected field \'label\' was not present in request body');
return;
}
const keyToBeHashed = await generateApiKey();
const addedApiKeyIndex = user.apiKeys.push({ label: req.body.label, hashedKey: keyToBeHashed });
user.save((saveErr) => {
if (saveErr) {
sendFailure(500, saveErr);
return;
}
const apiKeys = user.apiKeys
.map((apiKey, index) => {
const fields = apiKey.toObject();
const shouldIncludeToken = index === addedApiKeyIndex - 1;
return shouldIncludeToken ?
{ ...fields, token: keyToBeHashed } :
fields;
});
res.json({ apiKeys });
resolve();
});
});
});
}
export function removeApiKey(req, res) {
return new Promise((resolve, reject) => {
function sendFailure(code, error) {
res.status(code).json({ error });
resolve();
}
User.findById(req.user.id, (err, user) => {
if (err) {
sendFailure(500, err);
return;
}
if (!user) {
sendFailure(404, 'User not found');
return;
}
const keyToDelete = user.apiKeys.find(key => key.id === req.params.keyId);
if (!keyToDelete) {
sendFailure(404, 'Key does not exist for user');
return;
}
user.apiKeys.pull({ _id: req.params.keyId });
user.save((saveErr) => {
if (saveErr) {
sendFailure(500, saveErr);
return;
}
res.status(200).json({ apiKeys: user.apiKeys });
resolve();
});
});
});
}