Merge branch 'master' of https://git.corgi.wtf/Navy.gif/webserver-framework

testing nested permissions
no redirects
2022-11-23 00:38:11 +02:00 · 2022-11-23 00:38:07 +02:00 · 2022-11-23 00:37:51 +02:00 · 2022-11-23 00:37:26 +02:00
3 changed files with 42 additions and 3 deletions
--- a/src/server/endpoints/api/Users.js
+++ b/src/server/endpoints/api/Users.js
@ -8,7 +8,12 @@ class UsersEndpoint extends ApiEndpoint {
            path: '/users'
        });

-        this.methods.push([ 'get', this.getUsers.bind(this), [ server.auth.createAuthoriser('administrator', 10) ]]);
+        this.methods.push([ 'get', this.getUsers.bind(this) ]);
+        this.subpaths = [
+            [ '/:userid', 'get', this.user.bind(this) ],
+            [ '/:userid/applications', 'get', this.userApplications.bind(this) ]
+        ];
+        this.middleware = [ server.auth.createAuthoriser('administrator', 10) ];

    }

@ -20,6 +25,23 @@ class UsersEndpoint extends ApiEndpoint {
        res.json(users.map(user => user.json));
    }

+    async user (req, res) {
+        const { params } = req;
+        const { userid } = params;
+        const user = await this.server.users.fetchUser(userid);
+        if (!user) return res.status(404).end();
+        res.json(user);
+    }
+
+    async userApplications (req, res) {
+        const { params } = req;
+        const { userid } = params;
+        const user = await this.server.users.fetchUser(userid);
+        if (!user) return res.status(404).send('Could not find the user');
+        const applications = await user.fetchApplications();
+        res.json(Object.values(applications).map(app => app.json));
+    }
+
 }

 module.exports = UsersEndpoint;
--- a/src/server/middleware/Authenticator.js
+++ b/src/server/middleware/Authenticator.js
@ -87,7 +87,9 @@ class Authenticator {
        const bool = user?._2fa && !sess.verified && sess.loginMethod === 'password';
        const verifyPath = '/login/verify';
        // TODO: clean this up
-        if (bool && ![ verifyPath, '/api' + verifyPath ].includes(req.originalUrl)) return res.redirect(verifyPath);
+        if (bool && ![ verifyPath, '/api' + verifyPath ].includes(req.originalUrl)) {
+            return res.status(401).json({ twoFactor: true }); // res.redirect(verifyPath);
+        }
        next();
    }

--- a/src/server/structures/User.js
+++ b/src/server/structures/User.js
@ -5,7 +5,22 @@ const UserApplicataion = require('./UserApplication');

 class User {

-    static defaultPermissions = {};
+    static defaultPermissions = {
+        developer: {
+            default: 0
+        },
+        administrator: {
+            default: 0
+        },
+        test: {
+            default: 0,
+            dingus: {
+                bingus: {
+                    default: 10
+                }
+            }
+        }
+    };

    static validTypes = [];
Author	SHA1	Message	Date
Navy.gif	9fc6950664	Merge branch 'master' of https://git.corgi.wtf/Navy.gif/webserver-framework	2022-11-23 00:38:11 +02:00
Navy.gif	eb9aef8023	testing nested permissions	2022-11-23 00:38:07 +02:00
Navy.gif	1b0345374b	no redirects	2022-11-23 00:37:51 +02:00
Navy.gif	363614659d	user applications endpoint	2022-11-23 00:37:26 +02:00