mizzkey/src/server/api/api-handler.ts

57 lines
1.3 KiB
TypeScript
Raw Normal View History

2016-12-28 23:49:51 +01:00
import * as express from 'express';
2017-03-01 14:33:43 +01:00
import { Endpoint } from './endpoints';
2016-12-28 23:49:51 +01:00
import authenticate from './authenticate';
import { IAuthContext } from './authenticate';
import _reply from './reply';
import limitter from './limitter';
2017-03-01 14:33:43 +01:00
export default async (endpoint: Endpoint, req: express.Request, res: express.Response) => {
2016-12-28 23:49:51 +01:00
const reply = _reply.bind(null, res);
let ctx: IAuthContext;
// Authentication
2016-12-28 23:49:51 +01:00
try {
ctx = await authenticate(req);
} catch (e) {
return reply(403, 'AUTHENTICATION_FAILED');
}
if (endpoint.secure && !ctx.isSecure) {
return reply(403, 'ACCESS_DENIED');
}
2017-03-01 14:33:43 +01:00
if (endpoint.withCredential && ctx.user == null) {
2016-12-28 23:49:51 +01:00
return reply(401, 'PLZ_SIGNIN');
}
if (ctx.app && endpoint.kind) {
2017-04-23 08:55:37 +02:00
if (!ctx.app.permission.some(p => p === endpoint.kind)) {
2016-12-28 23:49:51 +01:00
return reply(403, 'ACCESS_DENIED');
}
}
2017-03-01 14:33:43 +01:00
if (endpoint.withCredential && endpoint.limit) {
2016-12-28 23:49:51 +01:00
try {
await limitter(endpoint, ctx); // Rate limit
} catch (e) {
2017-01-13 22:05:02 +01:00
// drop request if limit exceeded
2016-12-28 23:49:51 +01:00
return reply(429);
}
}
let exec = require(`${__dirname}/endpoints/${endpoint.name}`);
if (endpoint.withFile) {
exec = exec.bind(null, req.file);
}
// API invoking
try {
const res = await exec(req.body, ctx.user, ctx.app, ctx.isSecure);
reply(res);
} catch (e) {
reply(400, e);
}
};