Nice refactoring and verification of api endpoints

7 years ago · ab0756d01e
11 changed files with 164 additions and 66 deletions
--- a/server/Database.ts
+++ b/server/Database.ts
@ -39,7 +39,9 @@ export class Database {
    async createAll() {
        await this.conn.synchronize();
-        await this.insertData();
+        if (process.env.INSERT_TEST_DATA) {
            await this.insertData();
        }
    }
    async insertData() {
@ -62,10 +64,9 @@ export class Database {
            const name = "test" + i;
            let device = await this.sprinklersDevices.findByName(name);
            if (!device) {
-                device = await this.sprinklersDevices.create({
+                device = await this.sprinklersDevices.create();
                    name,
                });
            }
            Object.assign(device, { name, deviceId: "grinklers" + (i === 1 ? "" : i) });
            await this.sprinklersDevices.save(device);
            for (let j = 0; j < 5; j++) {
                const userIdx = (i + j * 10) % NUM;
--- a/server/entities/SprinklersDevice.ts
+++ b/server/entities/SprinklersDevice.ts
@ -7,7 +7,7 @@ export class SprinklersDevice {
    @PrimaryGeneratedColumn()
    id!: number;
-    @Column({ nullable: true, type: "uuid" })
+    @Column({ unique: true, nullable: true, type: "varchar" })
    deviceId: string | null = null;
    @Column()
--- a/server/express/api.ts
+++ b/server/express/api.ts
@ -1,52 +0,0 @@
 import PromiseRouter from "express-promise-router";
 import { serialize} from "serializr";
 import ApiError from "@common/ApiError";
 import { ErrorCode } from "@common/ErrorCode";
 import * as schema from "@common/sprinklersRpc/schema";
 import { ServerState } from "../state";
 import { authentication, verifyAuthorization } from "./authentication";
 export default function createApi(state: ServerState) {
    const router = PromiseRouter();
    router.get("/devices/:deviceId", verifyAuthorization(), (req, res) => {
        // TODO: authorize device
        const device = state.mqttClient.getDevice(req.params.deviceId);
        const j = serialize(schema.sprinklersDevice, device);
        res.send(j);
    });
    // router.post("/devices/register", verifyAuthorization({
    //     type: "device_reg",
    // }), (req, res) => {
    //     res.json({ data: "device registered" });
    // });
    router.get("/users", verifyAuthorization(), (req, res) => {
        state.database.users.find()
            .then((users) => {
                res.json({
                    data: users,
                });
            });
    });
    router.get("/api/users/:username", (req, res, next) => {
        const { username } = req.params;
        state.database.users.findByUsername(username)
            .then((user) => {
                if (!user) {
                    throw new ApiError(`user ${username} does not exist`, ErrorCode.NotFound);
                }
                res.json({
                    data: user,
                });
            })
            .catch(next);
    });
    router.use("/", authentication(state));
    return router;
 }
--- a/server/express/api/devices.ts
+++ b/server/express/api/devices.ts
@ -0,0 +1,35 @@
 import PromiseRouter from "express-promise-router";
 import { serialize} from "serializr";
 import ApiError from "@common/ApiError";
 import { ErrorCode } from "@common/ErrorCode";
 import * as schema from "@common/sprinklersRpc/schema";
 import { AccessOrRefreshToken } from "@common/TokenClaims";
 import { verifyAuthorization } from "@server/express/authentication";
 import { ServerState } from "@server/state";
 export function devices(state: ServerState) {
    const router = PromiseRouter();
    router.get("/:deviceId", verifyAuthorization(), async (req, res) => {
        const token = req.token! as AccessOrRefreshToken;
        const userId = token.aud;
        const deviceId = req.params.deviceId;
        const userDevice = await state.database.sprinklersDevices
            .findUserDevice(userId, deviceId);
        if (!userDevice)  {
            throw new ApiError("User does not have access to the specified device", ErrorCode.NoPermission);
        }
        const device = state.mqttClient.getDevice(req.params.deviceId);
        const j = serialize(schema.sprinklersDevice, device);
        res.send(j);
    });
    router.post("/register", verifyAuthorization({
        type: "device_reg",
    }), async (req, res) => {
    });
    return router;
 }
--- a/server/express/api/index.ts
+++ b/server/express/api/index.ts
@ -0,0 +1,22 @@
 import PromiseRouter from "express-promise-router";
 import ApiError from "@common/ApiError";
 import { ErrorCode } from "@common/ErrorCode";
 import { authentication } from "@server/express/authentication";
 import { ServerState } from "@server/state";
 import { devices } from "./devices";
 import { users } from "./users";
 export default function createApi(state: ServerState) {
    const router = PromiseRouter();
    router.use("/devices", devices(state));
    router.use("/users", users(state));
    router.use("/token", authentication(state));
    router.use("*", (req, res) => {
        throw new ApiError("API endpoint not found", ErrorCode.NotFound);
    });
    return router;
 }
--- a/server/express/api/users.ts
+++ b/server/express/api/users.ts
@ -0,0 +1,48 @@
 import PromiseRouter from "express-promise-router";
 import ApiError from "@common/ApiError";
 import { ErrorCode } from "@common/ErrorCode";
 import { User } from "@server/entities";
 import { verifyAuthorization } from "@server/express/authentication";
 import { ServerState } from "@server/state";
 export function users(state: ServerState) {
    const router = PromiseRouter();
    router.use(verifyAuthorization());
    async function getUser(params: { username: string }): Promise<User> {
        const { username } = params;
        const user = await state.database.users
            .findByUsername(username, { devices: true });
        if (!user) {
            throw new ApiError(`user ${username} does not exist`, ErrorCode.NotFound);
        }
        return user;
    }
    router.get("/", (req, res) => {
        state.database.users.findAll()
            .then((users) => {
                res.json({
                    data: users,
                });
            });
    });
    router.get("/:username", async (req, res) => {
        const user = await getUser(req.params);
        res.json({
            data: user,
        });
    });
    router.get("/:username/devices", async (req, res) => {
        const user = await getUser(req.params);
        res.json({
            data: user.devices,
        });
    });
    return router;
 }
--- a/server/express/authentication.ts
+++ b/server/express/authentication.ts
@ -142,7 +142,7 @@ export function authentication(state: ServerState) {
        return user;
    }
-    router.post("/token/grant", async (req, res) => {
+    router.post("/grant", async (req, res) => {
        const body: TokenGrantRequest = req.body;
        let user: User;
        if (body.grant_type === "password") {
@ -161,12 +161,12 @@ export function authentication(state: ServerState) {
        res.json(response);
    });
-    router.post("/token/grant_device_reg", verifyAuthorization(), async (req, res) => {
+    router.post("/grant_device_reg", verifyAuthorization(), async (req, res) => {
        const token = await generateDeviceRegistrationToken(JWT_SECRET);
        res.json({ token });
    });
-    router.post("/token/verify", verifyAuthorization(), async (req, res) => {
+    router.post("/verify", verifyAuthorization(), async (req, res) => {
        res.json({
            ok: true,
            token: req.token,
--- a/server/repositories/SprinklersDeviceRepository.ts
+++ b/server/repositories/SprinklersDeviceRepository.ts
@ -1,10 +1,33 @@
 import { EntityRepository, Repository } from "typeorm";
-import { SprinklersDevice } from "../entities";
+import { SprinklersDevice, User } from "../entities";
@EntityRepository(SprinklersDevice)
 export class SprinklersDeviceRepository extends Repository<SprinklersDevice> {
    findByName(name: string) {
        return this.findOne({ name });
    }
    async userHasAccess(userId: number, deviceId: number): Promise<boolean> {
        const count = await this.manager
            .createQueryBuilder(User, "user")
            .innerJoinAndSelect("user.devices", "sprinklers_device",
                "user.id = :userId AND sprinklers_device.id = :deviceId",
            { userId, deviceId })
            .getCount();
        return count > 0;
    }
    async findUserDevice(userId: number, deviceId: number): Promise<SprinklersDevice | null> {
        const user = await this.manager
            .createQueryBuilder(User, "user")
            .innerJoinAndSelect("user.devices", "sprinklers_device",
                "user.id = :userId AND sprinklers_device.id = :deviceId",
            { userId, deviceId })
            .getOne();
        if (!user) {
            return null;
        }
        return user.devices![0];
    }
 }
--- a/server/repositories/UserRepository.ts
+++ b/server/repositories/UserRepository.ts
@ -2,9 +2,27 @@ import { EntityRepository, Repository } from "typeorm";
 import { User } from "../entities";
 export interface FindUserOptions {
    devices: boolean;
 }
 function applyDefaultOptions(options?: Partial<FindUserOptions>): FindUserOptions {
    return { devices: false, ...options };
 }
@EntityRepository(User)
 export class UserRepository extends Repository<User> {
-    findByUsername(username: string) {
+    findAll(options?: Partial<FindUserOptions>) {
-        return this.findOne({ username }, { relations: ["devices"] });
+        const opts = applyDefaultOptions(options);
        const relations = [ opts.devices && "devices" ]
            .filter(Boolean) as string[];
        return super.find({ relations });
    }
    findByUsername(username: string, options?: Partial<FindUserOptions>) {
        const opts = applyDefaultOptions(options);
        const relations = [ opts.devices && "devices" ]
            .filter(Boolean) as string[];
        return this.findOne({ username }, { relations });
    }
 }
--- a/server/sprinklersRpc/websocketServer.ts
+++ b/server/sprinklersRpc/websocketServer.ts
@ -82,8 +82,11 @@ export class WebSocketClient {
        },
        deviceSubscribe: async (data: ws.IDeviceSubscribeRequest) => {
            this.checkAuthorization();
            const userId = this.userId!;
            const deviceId = data.deviceId;
-            if (deviceId !== "grinklers") { // TODO: somehow validate this device id?
+            const userDevice = await this.state.database.sprinklersDevices
                .findUserDevice(userId, deviceId as any); // TODO: should be number device id
            if (userDevice !== "grinklers") {
                return {
                    result: "error", error: {
                        code: ErrorCode.NoPermission,
--- a/server/tsconfig.json
+++ b/server/tsconfig.json
@ -21,8 +21,8 @@
      "@common/*": [
        "./common/*"
      ],
-      "@client/*": [
+      "@server/*": [
-        "./client/*"
+        "./server/*"
      ]
    }
  },