Merge pull request particle-iot#37 from AntonPuko/dev

add userID check for getDevice and callFunction, add compileSources stub

.gitignore

@@ -31,7 +31,7 @@ node_modules
 core_keys
 users
 webhooks
-test/__test_data__/*
+__test_data__
 *.der
 *.pem
 *.pub.pem

package.json

@@ -35,6 +35,7 @@
     "test": "ava",
     "test:watch": "ava --watch"
   },
+  "pre-commit": "test",
   "ava": {
     "verbose": true,
     "babel": "inherit",
@@ -84,6 +85,7 @@
     "eslint-plugin-sorting": "^0.3.0",
     "flow-bin": "^0.36.0",
     "nodemon": "^1.11.0",
+    "pre-commit": "^1.2.2",
     "rimraf": "^2.5.4",
     "supertest": "^2.0.1",
     "supertest-as-promised": "^4.0.2"

src/lib/controllers/DevicesController.js

@@ -24,27 +24,29 @@ class DevicesController extends Controller {
   @route('/v1/devices')
   async claimDevice(postBody: { id: string }): Promise<*> {
     const deviceID = postBody.id;
-    const userID = this.user.id;
-    await this._deviceRepository.claimDevice(deviceID, userID);
+    await this._deviceRepository.claimDevice(deviceID, this.user.id);
 
     return this.ok({ ok: true });
   }
 
+  @httpVerb('post')
+  @route('/v1/binaries')
+  compileSources() {
+    throw new HttpError('not supported in the current server version');
+  }
+
   @httpVerb('delete')
   @route('/v1/devices/:deviceID')
   async unclaimDevice(deviceID: string): Promise<*> {
-    const userID = this.user.id;
-    await this._deviceRepository.unclaimDevice(deviceID, userID);
-
+    await this._deviceRepository.unclaimDevice(deviceID, this.user.id);
     return this.ok({ ok: true });
   }
 
   @httpVerb('get')
   @route('/v1/devices')
   async getDevices(): Promise<*> {
     try {
-      const userID = this.user.id;
-      const devices = await this._deviceRepository.getAll(userID);
+      const devices = await this._deviceRepository.getAll(this.user.id);
       return this.ok(devices.map((device: Device): DeviceAPIType =>
         deviceToAPI(device)),
       );
@@ -57,8 +59,10 @@ class DevicesController extends Controller {
   @httpVerb('get')
   @route('/v1/devices/:deviceID')
   async getDevice(deviceID: string): Promise<*> {
-    // TODO add userID checking
-    const device = await this._deviceRepository.getDetailsByID(deviceID);
+    const device = await this._deviceRepository.getDetailsByID(
+      deviceID,
+      this.user.id,
+    );
     return this.ok(deviceToAPI(device));
   }
 
@@ -69,12 +73,11 @@ class DevicesController extends Controller {
     deviceID: string,
     postBody: { app_id?: string, name?: string, file_type?: 'binary' },
   ): Promise<*> {
-    const userID = this.user.id;
     // 1 rename device
     if (postBody.name) {
       const updatedAttributes = await this._deviceRepository.renameDevice(
         deviceID,
-        userID,
+        this.user.id,
         postBody.name,
       );
 
@@ -114,18 +117,18 @@ class DevicesController extends Controller {
     try {
       const result = await this._deviceRepository.callFunction(
         deviceID,
+        this.user.id,
         functionName,
         postBody,
       );
 
-      // TODO add userID checking
       const device = await this._deviceRepository.getByID(
         deviceID,
         this.user.id,
       );
       return this.ok(deviceToAPI(device, result));
     } catch (error) {
-      if (error.indexOf('Unknown Function') >= 0) {
+      if (error.indexOf && error.indexOf('Unknown Function') >= 0) {
         throw new HttpError('Function not found', 404);
       }
       throw new HttpError(error.message);

src/lib/controllers/UsersController.js

@@ -26,7 +26,7 @@ class UsersController extends Controller {
   async createUser(userCredentials: UserCredentials): Promise<*> {
     try {
       const isUserNameInUse =
-        this._userRepository.isUserNameInUse(userCredentials.username);
+        await this._userRepository.isUserNameInUse(userCredentials.username);
 
       if (isUserNameInUse) {
         throw new HttpError('user with the username is already exist');

src/lib/repository/DeviceRepository.js

@@ -94,26 +94,32 @@ class DeviceRepository {
     };
   };
 
-  getDetailsByID = async (deviceID: string): Promise<Device> => {
+  getDetailsByID = async (deviceID: string, userID: string): Promise<Device> => {
     const core = this._deviceServer.getCore(deviceID);
     if (!core) {
-      throw new HttpError('Could not get device for ID', 404);
+      throw new HttpError('No device found', 404);
     }
 
-    return Promise.all([
-      this._deviceAttributeRepository.getById(deviceID),
+    const [ attributes, description ] = await Promise.all([
+      this._deviceAttributeRepository.getById(deviceID, userID),
       core.onApiMessage(
         deviceID,
         { cmd: 'Describe' },
       ),
-    ]).then(([attributes, description]): Device => ({
+    ]);
+
+    if (!attributes) {
+      throw new HttpError('No device found', 404);
+    }
+
+    return ({
       ...attributes,
       connected: true,
       functions: description.f,
       lastFlashedAppName: null,
       lastHeard: new Date(),
       variables: description.v,
-    }));
+    });
   };
 
   getAll = async (userID: string): Promise<Array<Device>> => {
@@ -143,11 +149,16 @@ class DeviceRepository {
     return Promise.all(devicePromises);
   };
 
-  callFunction= async (
+  callFunction = async (
     deviceID: string,
+    userID: string,
     functionName: string,
     functionArguments: Object,
   ): Promise<*> => {
+    if (!this._deviceAttributeRepository.doesUserHaveAccess(deviceID, userID)) {
+      throw new HttpError('No device found', 404);
+    }
+
     const core = this._deviceServer.getCore(deviceID);
     if (!core) {
       throw new HttpError('Could not get device for ID', 404);

src/lib/repository/WebhookFileRepository.js

@@ -12,25 +12,25 @@ class WebhookFileRepository {
     this._fileManager = new JSONFileManager(path);
   }
 
-  create = (model: Webhook): Promise<Webhook> => {
+  create = async (model: Webhook): Promise<Webhook> => {
     const modelToSave = {
       ...model,
       created_at: new Date(),
       id: uuid(),
     };
 
     this._fileManager.createFile(`${modelToSave.id}.json`, modelToSave);
-    return Promise.resolve(modelToSave);
+    return modelToSave;
   };
 
   deleteById = async (id: string): Promise<void> =>
     this._fileManager.deleteFile(`${id}.json`);
 
-  getAll = (): Promise<Array<Webhook>> =>
-    Promise.resolve(this._fileManager.getAllData());
+  getAll = async (): Promise<Array<Webhook>> =>
+    this._fileManager.getAllData();
 
-  getById = (id: string): Promise<?Webhook> =>
-    Promise.resolve(this._fileManager.getFile(`${id}.json`));
+  getById = async (id: string): Promise<?Webhook> =>
+    this._fileManager.getFile(`${id}.json`);
 
   update = (model: Webhook): Promise<Webhook> => {
     throw new HttpError('Not implemented');

src/types.js

@@ -123,6 +123,7 @@ export type Settings = {
 export type DeviceRepository = {
   callFunction(
     deviceID: string,
+    userID: string,
     functionName: string,
     functionArguments: Object,
   ): Promise<*>,
@@ -131,7 +132,7 @@ export type DeviceRepository = {
   flashKnownApp(deviceID: string, app: string): Promise<*>,
   getAll(userID: string): Promise<Array<Device>>,
   getByID(deviceID: string, userID: string): Promise<Device>,
-  getDetailsByID(deviceID: string): Promise<*>,
+  getDetailsByID(deviceID: string, userID: string): Promise<*>,
   provision(deviceID: string, userID: string, publicKey: string): Promise<*>,
   renameDevice(deviceID: string, userID: string, name: string): Promise<DeviceAttributes>,
   unclaimDevice(deviceID: string, userID: string): Promise<DeviceAttributes>,