From 351abfb572cd12a8c380046ef3403bc9072d8ddc Mon Sep 17 00:00:00 2001 From: Sam Hirst Date: Tue, 22 Dec 2020 17:02:03 +0000 Subject: [PATCH 1/3] feat: added /discord/:id endpoint to allow for discord bot integration in the future --- src/controllers/DiscordController.ts | 17 ++++++++++++++++- src/routes/UserRoutes.ts | 2 ++ src/services/DiscordService.ts | 14 ++++++++++++++ 3 files changed, 32 insertions(+), 1 deletion(-) diff --git a/src/controllers/DiscordController.ts b/src/controllers/DiscordController.ts index 7d1b303..ce57d6a 100644 --- a/src/controllers/DiscordController.ts +++ b/src/controllers/DiscordController.ts @@ -2,7 +2,11 @@ import { NextFunction, Request } from 'express'; import { inject, injectable } from 'tsyringe'; import { AuthenticatedResponse } from '../routes/middleware/getUser'; import DiscordService from '../services/DiscordService'; -import { HttpCode } from '../util/errors'; +import { APIError, HttpCode } from '../util/errors'; + +enum GetUserError { + UserNotFound = 'User not found', +} @injectable() export class DiscordController { @@ -12,6 +16,17 @@ export class DiscordController { this.discordService = discordService; } + public async getDiscordUser(req: Request & { params: { id: string } }, res: AuthenticatedResponse, next: NextFunction): Promise { + try { + if (!req.params.id) throw new APIError(HttpCode.NotFound, GetUserError.UserNotFound); + const link = await this.discordService.fetch(req.params.id); + if (!link) throw new APIError(HttpCode.NotFound, GetUserError.UserNotFound); + res.json(link); + } catch(error) { + next(error); + } + } + public async getOAuth2AuthorizeURL(req: Request, res: AuthenticatedResponse, next: NextFunction): Promise { try { const url = await this.discordService.generateAuthorizeURL(res.locals.user.id); diff --git a/src/routes/UserRoutes.ts b/src/routes/UserRoutes.ts index 195a4fd..683a819 100644 --- a/src/routes/UserRoutes.ts +++ b/src/routes/UserRoutes.ts @@ -29,6 +29,8 @@ export class UserRoutes { router.post('/reset_password', getUser(TokenType.PasswordReset), this.userController.resetPassword.bind(this.userController)); + router.get('/discord/:id', this.discordController.getDiscordUser.bind(this.discordController)); + router.get('/users', getUser(TokenType.Auth), isVerified, this.userController.getPublicUsers.bind(this.userController)); router.get('/users/:id', getUser(TokenType.Auth), isVerified, this.userController.getUser.bind(this.userController)); diff --git a/src/services/DiscordService.ts b/src/services/DiscordService.ts index 90b9f65..8ec86ea 100644 --- a/src/services/DiscordService.ts +++ b/src/services/DiscordService.ts @@ -41,6 +41,20 @@ export default class DiscordService { }); } + public async fetch(discordID: string) { + return getConnection().transaction(async entityManager => { + const link = await entityManager.findOne(DiscordLink, { + where: [ + { discordID } + ], + relations: [ + 'user' + ] + }); + return link; + }); + } + public generateOAuth2State(userID: string) { const hmac = createHmac('sha256', getConfig().discord.oauth2Secret) .update(userID) From 6e0709c6a6985d3f703b9119de3e5bc911e4265a Mon Sep 17 00:00:00 2001 From: Sam Hirst Date: Tue, 22 Dec 2020 17:11:20 +0000 Subject: [PATCH 2/3] style: missing whitespace --- src/controllers/DiscordController.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/controllers/DiscordController.ts b/src/controllers/DiscordController.ts index ce57d6a..712a13d 100644 --- a/src/controllers/DiscordController.ts +++ b/src/controllers/DiscordController.ts @@ -22,7 +22,7 @@ export class DiscordController { const link = await this.discordService.fetch(req.params.id); if (!link) throw new APIError(HttpCode.NotFound, GetUserError.UserNotFound); res.json(link); - } catch(error) { + } catch (error) { next(error); } } From f04f7a4b72a0050bb068ca90b6d64c03d42547fd Mon Sep 17 00:00:00 2001 From: Sam Hirst Date: Wed, 30 Dec 2020 12:55:06 +0000 Subject: [PATCH 3/3] fix: added security middleware to discord id endpoint --- src/routes/UserRoutes.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/routes/UserRoutes.ts b/src/routes/UserRoutes.ts index 683a819..bb788d7 100644 --- a/src/routes/UserRoutes.ts +++ b/src/routes/UserRoutes.ts @@ -1,7 +1,7 @@ import { Router } from 'express'; import { UserController } from '../controllers/UserController'; import { inject, injectable } from 'tsyringe'; -import { getUser, isVerified, uploadImg } from './middleware'; +import { getUser, isAdmin, isVerified, uploadImg } from './middleware'; import { TokenType } from '../util/auth'; import { DiscordController } from '../controllers/DiscordController'; import { getRatelimiter, RateLimiter } from '../util/ratelimits'; @@ -29,12 +29,12 @@ export class UserRoutes { router.post('/reset_password', getUser(TokenType.PasswordReset), this.userController.resetPassword.bind(this.userController)); - router.get('/discord/:id', this.discordController.getDiscordUser.bind(this.discordController)); - router.get('/users', getUser(TokenType.Auth), isVerified, this.userController.getPublicUsers.bind(this.userController)); router.get('/users/:id', getUser(TokenType.Auth), isVerified, this.userController.getUser.bind(this.userController)); + router.get('/users/discord/:id', getUser(TokenType.Auth), isAdmin, this.discordController.getDiscordUser.bind(this.discordController)); + router.get('/users/@me/notes', getUser(TokenType.Auth), isVerified, this.userController.getNotes.bind(this.userController)); router.put('/users/@me/notes/:id', getUser(TokenType.Auth), isVerified, this.userController.createNote.bind(this.userController));