2016-12-28 15:49:51 -07:00
|
|
|
import * as express from 'express';
|
|
|
|
|
2017-03-01 06:33:43 -07:00
|
|
|
import { Endpoint } from './endpoints';
|
2016-12-28 15:49:51 -07:00
|
|
|
import authenticate from './authenticate';
|
|
|
|
import { IAuthContext } from './authenticate';
|
|
|
|
import _reply from './reply';
|
|
|
|
import limitter from './limitter';
|
|
|
|
|
2017-03-01 06:33:43 -07:00
|
|
|
export default async (endpoint: Endpoint, req: express.Request, res: express.Response) => {
|
2016-12-28 15:49:51 -07:00
|
|
|
const reply = _reply.bind(null, res);
|
|
|
|
let ctx: IAuthContext;
|
|
|
|
|
2017-02-27 00:14:41 -07:00
|
|
|
// Authentication
|
2016-12-28 15:49:51 -07:00
|
|
|
try {
|
|
|
|
ctx = await authenticate(req);
|
|
|
|
} catch (e) {
|
|
|
|
return reply(403, 'AUTHENTICATION_FAILED');
|
|
|
|
}
|
|
|
|
|
|
|
|
if (endpoint.secure && !ctx.isSecure) {
|
|
|
|
return reply(403, 'ACCESS_DENIED');
|
|
|
|
}
|
|
|
|
|
2017-03-01 06:33:43 -07:00
|
|
|
if (endpoint.withCredential && ctx.user == null) {
|
2016-12-28 15:49:51 -07:00
|
|
|
return reply(401, 'PLZ_SIGNIN');
|
|
|
|
}
|
|
|
|
|
|
|
|
if (ctx.app && endpoint.kind) {
|
2017-04-23 00:55:37 -06:00
|
|
|
if (!ctx.app.permission.some(p => p === endpoint.kind)) {
|
2016-12-28 15:49:51 -07:00
|
|
|
return reply(403, 'ACCESS_DENIED');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-03-01 06:33:43 -07:00
|
|
|
if (endpoint.withCredential && endpoint.limit) {
|
2016-12-28 15:49:51 -07:00
|
|
|
try {
|
|
|
|
await limitter(endpoint, ctx); // Rate limit
|
|
|
|
} catch (e) {
|
2017-01-13 14:05:02 -07:00
|
|
|
// drop request if limit exceeded
|
2016-12-28 15:49:51 -07:00
|
|
|
return reply(429);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
let exec = require(`${__dirname}/endpoints/${endpoint.name}`);
|
|
|
|
|
|
|
|
if (endpoint.withFile) {
|
|
|
|
exec = exec.bind(null, req.file);
|
|
|
|
}
|
|
|
|
|
|
|
|
// API invoking
|
|
|
|
try {
|
|
|
|
const res = await exec(req.body, ctx.user, ctx.app, ctx.isSecure);
|
|
|
|
reply(res);
|
|
|
|
} catch (e) {
|
|
|
|
reply(400, e);
|
|
|
|
}
|
|
|
|
};
|