Files
standardnotes-server/packages/auth/src/Controller/SettingsController.ts
T
Karol SójkoandGitHub dc71e6777f feat: home-server package initial setup with Api Gateway and Auth services (#605)
* fix(api-gateway): reduce exports

* wip controllers

* fix: imports of controllers

* fix(api-gateway): rename http service interface to proxy interface

* wip: self-registering services and controllers

* wip: add registering controller method bindings and services in container

* feat: merge two services together

* wip: resolving endpoints to direct code calls

* wip: bind controller container to a singleton

* fix: controller binding to instantiate and self-register on controller container

* fix: move signout endpoint to auth controller

* wip: define inversify controllers in the controller container

* fix(auth): bind inversify controllers to controller container

* fix(auth): linter issues

* fix(auth): specs

* fix(auth): inversify controllers bindings

* wip: endpoint resolving

* wip: add endpoint for more auth controllers

* wip: add sessions controller endpoint resolvings

* wip: add subscription invites endpoint resolvings

* wip: add subscription tokens endpoint resolvings

* wip: add all binding for auth server controllers

* wip: fix migrations path

* fix: configure default env vars and ci setup
2023-05-16 11:38:56 +02:00

166 lines
4.8 KiB
TypeScript

import { ErrorTag } from '@standardnotes/responses'
import { Request, Response } from 'express'
import { inject } from 'inversify'
import {
BaseHttpController,
controller,
httpDelete,
httpGet,
httpPut,
// eslint-disable-next-line @typescript-eslint/no-unused-vars
results,
} from 'inversify-express-utils'
import TYPES from '../Bootstrap/Types'
import { EncryptionVersion } from '../Domain/Encryption/EncryptionVersion'
import { DeleteSetting } from '../Domain/UseCase/DeleteSetting/DeleteSetting'
import { GetSetting } from '../Domain/UseCase/GetSetting/GetSetting'
import { GetSettings } from '../Domain/UseCase/GetSettings/GetSettings'
import { UpdateSetting } from '../Domain/UseCase/UpdateSetting/UpdateSetting'
import { ControllerContainerInterface } from '@standardnotes/domain-core'
@controller('/users/:userUuid')
export class SettingsController extends BaseHttpController {
constructor(
@inject(TYPES.Auth_GetSettings) private doGetSettings: GetSettings,
@inject(TYPES.Auth_GetSetting) private doGetSetting: GetSetting,
@inject(TYPES.Auth_UpdateSetting) private doUpdateSetting: UpdateSetting,
@inject(TYPES.Auth_DeleteSetting) private doDeleteSetting: DeleteSetting,
@inject(TYPES.Auth_ControllerContainer) private controllerContainer: ControllerContainerInterface,
) {
super()
this.controllerContainer.register('auth.users.getSettings', this.getSettings.bind(this))
this.controllerContainer.register('auth.users.getSetting', this.getSetting.bind(this))
this.controllerContainer.register('auth.users.updateSetting', this.updateSetting.bind(this))
this.controllerContainer.register('auth.users.deleteSetting', this.deleteSetting.bind(this))
}
@httpGet('/settings', TYPES.Auth_ApiGatewayAuthMiddleware)
async getSettings(request: Request, response: Response): Promise<results.JsonResult> {
if (request.params.userUuid !== response.locals.user.uuid) {
return this.json(
{
error: {
message: 'Operation not allowed.',
},
},
401,
)
}
const { userUuid } = request.params
const result = await this.doGetSettings.execute({ userUuid })
return this.json(result)
}
@httpGet('/settings/:settingName', TYPES.Auth_ApiGatewayAuthMiddleware)
async getSetting(request: Request, response: Response): Promise<results.JsonResult> {
if (request.params.userUuid !== response.locals.user.uuid) {
return this.json(
{
error: {
message: 'Operation not allowed.',
},
},
401,
)
}
const { userUuid, settingName } = request.params
const result = await this.doGetSetting.execute({ userUuid, settingName: settingName.toUpperCase() })
if (result.success) {
return this.json(result)
}
return this.json(result, 400)
}
@httpPut('/settings', TYPES.Auth_ApiGatewayAuthMiddleware)
async updateSetting(request: Request, response: Response): Promise<results.JsonResult | results.StatusCodeResult> {
if (response.locals.readOnlyAccess) {
return this.json(
{
error: {
tag: ErrorTag.ReadOnlyAccess,
message: 'Session has read-only access.',
},
},
401,
)
}
if (request.params.userUuid !== response.locals.user.uuid) {
return this.json(
{
error: {
message: 'Operation not allowed.',
},
},
401,
)
}
const { name, value, serverEncryptionVersion = EncryptionVersion.Default, sensitive = false } = request.body
const props = {
name,
unencryptedValue: value,
serverEncryptionVersion,
sensitive,
}
const { userUuid } = request.params
const result = await this.doUpdateSetting.execute({
userUuid,
props,
})
if (result.success) {
return this.json({ setting: result.setting }, result.statusCode)
}
return this.json(result, result.statusCode)
}
@httpDelete('/settings/:settingName', TYPES.Auth_ApiGatewayAuthMiddleware)
async deleteSetting(request: Request, response: Response): Promise<results.JsonResult> {
if (response.locals.readOnlyAccess) {
return this.json(
{
error: {
tag: ErrorTag.ReadOnlyAccess,
message: 'Session has read-only access.',
},
},
401,
)
}
if (request.params.userUuid !== response.locals.user.uuid) {
return this.json(
{
error: {
message: 'Operation not allowed.',
},
},
401,
)
}
const { userUuid, settingName } = request.params
const result = await this.doDeleteSetting.execute({
userUuid,
settingName,
})
if (result.success) {
return this.json(result)
}
return this.json(result, 400)
}
}