-
Notifications
You must be signed in to change notification settings - Fork 29
/
Copy pathapp.js
executable file
·159 lines (137 loc) · 4.75 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
/**
* The application entry point
*/
require('./src/bootstrap')
const config = require('config')
const express = require('express')
const errors = require('common-errors')
const cors = require('cors')
const bodyParser = require('body-parser')
const httpStatus = require('http-status')
const _ = require('lodash')
const logger = require('./src/common/logger')
const helper = require('./src/common/helper')
const errorMiddleware = require('./src/common/ErrorMiddleware')
const routes = require('./src/routes')
const swaggerUi = require('swagger-ui-express')
const YAML = require('yamljs')
const authenticator = require('tc-core-library-js').middleware.jwtAuthenticator
const fileUpload = require('express-fileupload')
const swaggerDocument = YAML.load('./docs/swagger.yaml')
const app = express()
const http = require('http').Server(app)
app.set('port', config.WEB_SERVER_PORT)
app.use(bodyParser.json({ limit: '50mb' }))
app.use(bodyParser.urlencoded({ limit: '50mb', extended: true }))
app.use(cors())
app.use(fileUpload({
limits: { fileSize: 150 * 1024 * 1024 }
}))
const apiRouter = express.Router()
/**
*
* @param {Array} source the array in which to search for the term
* @param {Array | String} term the term to search
*/
function checkIfExists (source, term) {
let terms
if (!_.isArray(source)) {
throw new Error('Source argument should be an array')
}
source = source.map(s => s.toLowerCase())
if (_.isString(term)) {
terms = term.split(' ')
} else if (_.isArray(term)) {
terms = term.map(t => t.toLowerCase())
} else {
throw new Error('Term argument should be either a string or an array')
}
for (let i = 0; i < terms.length; i++) {
if (source.includes(terms[i])) {
return true
}
}
return false
}
_.each(routes, (verbs, url) => {
_.each(verbs, (def, verb) => {
let actions = [
(req, res, next) => {
req.signature = `${def.controller}#${def.method}`
next()
}
]
const method = require(`./src/controllers/${def.controller}`)[def.method]
if (!method) {
throw new Error(`${def.method} is undefined, for controller ${def.controller}`)
}
if (def.middleware && def.middleware.length > 0) {
actions = actions.concat(def.middleware)
}
// add Authenticator check if route has auth
if (def.auth) {
actions.push((req, res, next) => {
authenticator(_.pick(config, ['AUTH_SECRET', 'VALID_ISSUERS']))(req, res, next)
})
actions.push((req, res, next) => {
if (!req.authUser) {
next(new errors.HttpStatusError(401, 'Authentication required!'))
}
if (req.authUser.roles) {
if (!checkIfExists(def.access, req.authUser.roles)) {
next(new errors.HttpStatusError(403, 'You are not allowed to perform this action!'))
} else {
next()
}
} else if (req.authUser.scopes) {
if (!checkIfExists(def.scopes, req.authUser.scopes)) {
next(new errors.HttpStatusError(403, 'You are not allowed to perform this action!'))
} else {
next()
}
} else if ((_.isArray(def.access) && def.access.length > 0) ||
(_.isArray(def.scopes) && def.scopes.length > 0)) {
next(new errors.HttpStatusError(401, 'You are not authorized to perform this action'))
} else {
next()
}
})
}
if (def.blockByIp) {
actions.push((req, res, next) => {
req.authUser.blockIP = _.find(req.authUser, (value, key) => {
return (key.indexOf('blockIP') !== -1)
})
if (req.authUser.blockIP) {
throw new errors.HttpStatusError(403, 'Access denied')
} else {
next()
}
})
}
actions.push(method)
logger.info(`API : ${verb.toLocaleUpperCase()} ${config.API_VERSION}${url}`)
apiRouter[verb](`${config.API_VERSION}${url}`, helper.autoWrapExpress(actions))
})
})
/* eslint-enable no-param-reassign */
app.use('/v5/submissions/docs', swaggerUi.serve, swaggerUi.setup(swaggerDocument))
app.use('/', apiRouter)
app.use(errorMiddleware())
// Serve Swagger Docs after setting host and base path
swaggerDocument.host = config.HOST
swaggerDocument.basePath = config.API_VERSION
// Check if the route is not found or HTTP method is not supported
app.use('*', (req, res) => {
const pathKey = req.baseUrl.substring(config.API_VERSION.length)
const route = routes[pathKey]
if (route) {
res.status(httpStatus.METHOD_NOT_ALLOWED).json({ message: 'The requested HTTP method is not supported.' })
} else {
res.status(httpStatus.NOT_FOUND).json({ message: 'The requested resource cannot be found.' })
}
})
http.listen(app.get('port'), () => {
logger.info(`Express server listening on port ${app.get('port')}`)
})
module.exports = app