enstrayed/enstrayedapi
1
0
Fork 0
Code Issues Pull Requests Projects Wiki Activity

implement new token checking function and modify email.js to use it

Browse Source
This commit is contained in:
Enstrayed
2025-04-18 13:16:49 -07:00
parent 10be48e848
commit b917800eec
4 changed files with 23 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
liberals/auth.js
View File

@@ -28,7 +28,15 @@ async function checkToken(token,scope) {
*/
async function checkTokenNew(token,scope) {
return await db`select s.token, s.scopes, s.expires, u.username from sessions s join users u on s.owner = u.id where s.token = ${token}`.then(response => {
if (response.length === 0) {
return { result: false, owner: response[0]?.username}
} else if (response[0]?.scopes.split(",").includes(scope)) {
return { result: true, owner: response[0]?.username}
} else {
return { result: false, owner: response[0]?.username}
}
})
}
export {checkToken}
export {checkToken, checkTokenNew}

5
liberals/logging.js
View File

@@ -4,9 +4,10 @@
* @param {object} request Parent request object
* @param {number} code Status code to log, should be same as sent to client
* @param {string} extra Optional extra details to add to log, ideal for caught errors
* @param {object} authresponse Optionally include result of auth response to include owner information for a token
*/
function logRequest(response,request,code,extra) {
console.log(`${request.get("cf-connecting-ip") ?? request.ip} ${request.get("Authorization") ?? ""} ${request.method} ${request.path} returned ${code} ${extra ?? ""}`)
function logRequest(response,request,code,extra,authresponse) {
console.log(`${request.get("cf-connecting-ip") ?? request.ip} ${authresponse.owner ?? ""}/${request.get("Authorization") ?? ""} ${request.method} ${request.path} returned ${code} ${extra ?? ""}`)
}
export { logRequest }

14
routes/email.js
View File

@@ -1,5 +1,5 @@
import { app, globalConfig } from "../index.js" // Get globals from index
import { checkToken } from "../liberals/auth.js"
import { checkTokenNew } from "../liberals/auth.js"
import { logRequest } from "../liberals/logging.js"
import * as nodemailer from 'nodemailer'
@@ -14,10 +14,10 @@ const transporter = nodemailer.createTransport({
})
app.post("/api/sendemail", (rreq,rres) => {
checkToken(rreq.get("Authorization"),"email").then(authRes => {
if (authRes === false) {
checkTokenNew(rreq.get("Authorization"),"email").then(authRes => {
if (authRes.result === false) {
rres.sendStatus(401)
} else if (authRes === true) {
} else if (authRes.result === true) {
if (rreq.body == undefined || rreq.body.recipient == undefined) { // 2024-05-11: Turbo bodge check to make sure request JSON is valid, probably wont work but whatever
rres.sendStatus(400)
} else {
@@ -29,14 +29,14 @@ app.post("/api/sendemail", (rreq,rres) => {
text: rreq.body.message ?? "Message Not Set"
}).then(transportResponse => {
if (transportResponse.response.slice(0,1) === "2") {
logRequest(rres,rreq,200,transportResponse.response)
logRequest(rres,rreq,200,transportResponse.response,authRes)
rres.status(200).send(transportResponse.response)
} else {
logRequest(rres,rreq,400,transportResponse.response)
logRequest(rres,rreq,400,transportResponse.response,authRes)
rres.status(400).send(transportResponse.response)
}
}).catch(transportError => {
logRequest(rres,rreq,500,transportError)
logRequest(rres,rreq,500,transportError,authRes)
rres.sendStatus(500)
})

4
todo.md
View File

@@ -2,4 +2,6 @@
- [ ] GET /api/login - OIDC login redirect to ECLS
- [ ] GET /api/callback - Creates new token that is intended to be local to browser; e.g. can be used in turn to make longer lasting more specific tokens
- [ ] POST /api/token - Allows owner to create a new token with customized scopes, comments & expiration date
- [ ] DELETE /api/token - Invalidate a token
- [ ] DELETE /api/token - Invalidate a token
- [ ] liberals/libnowplaying - Implement queryCider()
- [ ] routes/nowplaying - Reimplement query order to Cider and then Jellyfin