-
Notifications
You must be signed in to change notification settings - Fork 0
/
server.js
131 lines (114 loc) · 3.66 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
require('dotenv').config();
const express = require('express');
const bodyParser = require('body-parser');
const jwt = require('jsonwebtoken');
const log4js = require('log4js');
const config = require('./configurations/config');
const dbFunctions = require('./db');
const logger = log4js.getLogger();
logger.level = 'debug';
/* Initiate DB */
dbFunctions.init().then((db) => {
logger.info('DB initiated!')
global.DB = db
}).catch(err => console.log(`Error logging in DB ${JSON.stringify(err)}`));
/* Require Paths */
const authenticate = require('./core/authenticate');
const users = require('./core/users');
const admin = require('./core/admin');
const app = express();
const ProtectedRoutes = express.Router();
const AdminRoutes = express.Router();
const port = process.env.PORT || 6000;
app.use(bodyParser.json({
type: '*/*',
limit: '50mb',
}));
app.use((req, res, next) => {
logger.info('Incoming Request');
next();
});
app.use('/api', ProtectedRoutes);
app.use('/admin', AdminRoutes);
/* Check if user access token provided for protected routes */
ProtectedRoutes.use((req, res, next) =>{
// check header for the token
if (req.originalUrl === '/api/users' && req.method === 'POST') {
next();
} else {
const token = req.headers['access-token'];
// decode token
if (token) {
// verifies secret and checks if the token is expired
jwt.verify(token, config.secret, (err, decoded) => {
if (err) {
return res.json({ message: 'invalid token' });
} else {
// if everything is good, save to request for use in other routes
if (req.originalUrl === '/api/users/') {
if (req.headers.admin && req.headers.admin === process.env.ADMIN) {
req.decoded = decoded;
next();
} else {
res.json({ status: 'ERROR', msg: 'Non Admins could not get all users data'});
}
} else {
req.decoded = decoded;
console.log('req decoded', req.decoded);
next();
}
}
});
} else {
// if there is no token
res.send({
message: 'No token provided.'
});
}
}
});
/* Check if admin access token is provided for admin routes */
AdminRoutes.use((req, res, next) => {
const token = req.headers['admin-access-token'];
if (token) {
// verifies secret and checks if the token is expired
jwt.verify(token, config.adminSecret, (err, decoded) => {
if (err) {
return res.json({ message: 'invalid token' });
} else {
// if everything is good, save to request for use in other routes
const { password, username } = decoded;
if (password && username) {
if (password === config.adminPassword && username === config.adminUsername) {
/* User is admin */
next();
} else {
res.json({ status: 'FAILED', message: 'Username & password provided in token creation does not belong to an admin' });
}
} else {
res.json({ status: 'FAILED', message: 'Unexpected Error occured' });
}
}
});
} else {
// if there is no token
res.send({
message: 'No token provided.'
});
}
})
/* Unprotected Routes */
app.use('/authenticate', authenticate);
/* Protected Routes */
app.use('/api/users', users);
/* Admin Protected Routes */
app.use('/admin', admin);
app.get('/health', (req, res) => {
res.json({ status: 'OK', message: 'Service is Up and Running!' }).status(200);
});
app.listen(port, () => {
logger.info(`API STARTS on port [${port}]`);
setInterval(() => {
logger.info('API is running');
}, 60000);
});