First version of OpenAuth remake

src/api/admin/client.ts

@@ -0,0 +1,88 @@
+import { Router, Request } from "express";
+import { GetUserMiddleware } from "../middlewares/user";
+import RequestError, { HttpStatusCode } from "../../helper/request_error";
+import promiseMiddleware from "../../helper/promiseMiddleware";
+import Client from "../../models/client";
+import User from "../../models/user";
+import verify, { Types } from "../middlewares/verify";
+import { randomBytes } from "crypto";
+
+
+const ClientRouter: Router = Router();
+ClientRouter.use(GetUserMiddleware(true, true), (req: Request, res, next) => {
+   if (!req.isAdmin) res.sendStatus(HttpStatusCode.FORBIDDEN)
+   else next()
+});
+ClientRouter.route("/")
+   .get(promiseMiddleware(async (req, res) => {
+      let clients = await Client.find({});
+      //ToDo check if user is required!
+      res.json(clients);
+   }))
+   .delete(promiseMiddleware(async (req, res) => {
+      let { id } = req.query;
+      await Client.delete(id);
+      res.json({ success: true });
+   }))
+   .post(verify({
+      internal: {
+         type: Types.BOOLEAN,
+         optional: true
+      },
+      name: {
+         type: Types.STRING
+      },
+      redirect_url: {
+         type: Types.STRING
+      },
+      website: {
+         type: Types.STRING
+      },
+      logo: {
+         type: Types.STRING,
+         optional: true
+      }
+   }, true), promiseMiddleware(async (req, res) => {
+      req.body.client_secret = randomBytes(32).toString("hex");
+      let client = Client.new(req.body);
+      client.maintainer = req.user._id;
+      await Client.save(client)
+      res.json(client);
+   }))
+   .put(verify({
+      id: {
+         type: Types.STRING,
+         query: true
+      },
+      internal: {
+         type: Types.BOOLEAN,
+         optional: true
+      },
+      name: {
+         type: Types.STRING,
+         optional: true
+      },
+      redirect_url: {
+         type: Types.STRING,
+         optional: true
+      },
+      website: {
+         type: Types.STRING,
+         optional: true
+      },
+      logo: {
+         type: Types.STRING,
+         optional: true
+      }
+   }, true), promiseMiddleware(async (req, res) => {
+      let { id } = req.query;
+      let client = await Client.findById(id);
+      if (!client) throw new RequestError(req.__("Client not found"), HttpStatusCode.BAD_REQUEST);
+      for (let key in req.body) {
+         client[key] = req.body[key];
+      }
+      await Client.save(client);
+      res.json(client);
+   }))
+
+export default ClientRouter;

src/api/admin/permission.ts

@@ -0,0 +1,45 @@
+import { Request, Router } from "express";
+import { GetUserMiddleware } from "../middlewares/user";
+import RequestError, { HttpStatusCode } from "../../helper/request_error";
+import promiseMiddleware from "../../helper/promiseMiddleware";
+import Permission from "../../models/permissions";
+import verify, { Types } from "../middlewares/verify";
+import Client from "../../models/client";
+
+const PermissionRoute: Router = Router();
+PermissionRoute.use(GetUserMiddleware(true, true), (req: Request, res, next) => {
+   if (!req.isAdmin) res.sendStatus(HttpStatusCode.FORBIDDEN)
+   else next()
+});
+
+
+PermissionRoute.route("/")
+   .get(promiseMiddleware(async (req, res) => {
+      let permission = await Permission.find({});
+      res.json(permission);
+   }))
+   .post(verify({
+      clientId: {
+         type: Types.NUMBER
+      },
+      name: {
+         type: Types.STRING
+      },
+      description: {
+         type: Types.STRING
+      }
+   }, true), promiseMiddleware(async (req, res) => {
+      let client = await Client.findById(req.body.clientId);
+      if (!client) {
+         throw new RequestError("Client not found", HttpStatusCode.BAD_REQUEST);
+      }
+      let permission = Permission.new({
+         description: req.body.description,
+         name: req.body.name,
+         client: client._id
+      });
+      await Permission.save(permission);
+      res.json(permission);
+   }))
+
+export default PermissionRoute;

src/api/admin/regcode.ts

@@ -0,0 +1,34 @@
+import { Request, Router } from "express";
+import promiseMiddleware from "../../helper/promiseMiddleware";
+import RegCode from "../../models/regcodes";
+import { randomBytes } from "crypto";
+import moment = require("moment");
+import { GetUserMiddleware } from "../middlewares/user";
+import { HttpStatusCode } from "../../helper/request_error";
+
+const RegCodeRoute: Router = Router();
+RegCodeRoute.use(GetUserMiddleware(true, true), (req: Request, res, next) => {
+   if (!req.isAdmin) res.sendStatus(HttpStatusCode.FORBIDDEN)
+   else next()
+});
+RegCodeRoute.route("/")
+   .get(promiseMiddleware(async (req, res) => {
+      let regcodes = await RegCode.find({});
+      res.json(regcodes);
+   }))
+   .delete(promiseMiddleware(async (req, res) => {
+      let { id } = req.query;
+      await RegCode.delete(id);
+      res.json({ success: true });
+   }))
+   .post(promiseMiddleware(async (req, res) => {
+      let regcode = RegCode.new({
+         token: randomBytes(10).toString("hex"),
+         valid: true,
+         validTill: moment().add("1", "month").toDate()
+      })
+      await RegCode.save(regcode);
+      res.json({ code: regcode.token });
+   }))
+
+export default RegCodeRoute;

src/api/admin/user.ts

@@ -0,0 +1,42 @@
+import { Request, Router } from "express";
+import { GetUserMiddleware } from "../middlewares/user";
+import { HttpStatusCode } from "../../helper/request_error";
+import promiseMiddleware from "../../helper/promiseMiddleware";
+import User from "../../models/user";
+import Mail from "../../models/mail";
+import RefreshToken from "../../models/refresh_token";
+import LoginToken from "../../models/login_token";
+
+const UserRoute: Router = Router();
+UserRoute.use(GetUserMiddleware(true, true), (req: Request, res, next) => {
+   if (!req.isAdmin) res.sendStatus(HttpStatusCode.FORBIDDEN)
+   else next()
+})
+
+UserRoute.route("/")
+   .get(promiseMiddleware(async (req, res) => {
+      let users = await User.find({});
+      res.json(users);
+   }))
+   .delete(promiseMiddleware(async (req, res) => {
+      let { id } = req.query;
+      let user = await User.findById(id);
+
+      await Promise.all([
+         user.mails.map(mail => Mail.delete(mail)),
+         [
+            RefreshToken.deleteFilter({ user: user._id }),
+            LoginToken.deleteFilter({ user: user._id })
+         ]
+      ])
+
+      await User.delete(user);
+      res.json({ success: true });
+   })).put(promiseMiddleware(async (req, res) => {
+      let { id } = req.query;
+      let user = await User.findById(id);
+      user.admin = !user.admin;
+      await User.save(user);
+      res.json({ success: true })
+   }))
+export default UserRoute;