summaryrefslogtreecommitdiffstats
path: root/server/api/backends.js
diff options
context:
space:
mode:
authorJannik Schönartz2019-03-10 17:42:59 +0100
committerJannik Schönartz2019-03-10 17:42:59 +0100
commit111555c32100b589caef08fb5a6a441a45f15dbf (patch)
tree8ac43b99b91a7408a929bf751b237d37e25b3d6e /server/api/backends.js
parent[documentation] Add documentation site (diff)
downloadbas-111555c32100b589caef08fb5a6a441a45f15dbf.tar.gz
bas-111555c32100b589caef08fb5a6a441a45f15dbf.tar.xz
bas-111555c32100b589caef08fb5a6a441a45f15dbf.zip
[external-backends] Passwords are not send to the frontend anymore
Change error responses to the new response scheme Add set password button in the frontend to deal with the no password policy
Diffstat (limited to 'server/api/backends.js')
-rw-r--r--server/api/backends.js85
1 files changed, 59 insertions, 26 deletions
diff --git a/server/api/backends.js b/server/api/backends.js
index 1f9535b..c21f7a8 100644
--- a/server/api/backends.js
+++ b/server/api/backends.js
@@ -3,20 +3,18 @@ const path = require('path')
const ExternalBackends = require(path.join(__appdir, 'lib', 'external-backends'))
var db = require(path.join(__appdir, 'lib', 'sequelize'))
var express = require('express')
-var router = express.Router()
-var noAuthRouter = express.Router()
+const { decorateApp } = require('@awaitjs/express')
+var router = decorateApp(express.Router())
+var noAuthRouter = decorateApp(express.Router())
// GET requests.
/*
* @return: Returns a list of all backends saved in the db.
*/
-router.get('/', (req, res) => {
- db.backend.findAll({
- attributes: ['id', 'name', 'type']
- }).then(function (backends) {
- res.status(200).send(backends)
- })
+router.getAsync('/', async (req, res) => {
+ const backends = await db.backend.findAll({ attributes: ['id', 'name', 'type'] })
+ res.status(200).send(backends)
})
/*
@@ -24,15 +22,35 @@ router.get('/', (req, res) => {
*
* @return: Returns the information of a backend.
*/
-router.get('/:id', (req, res) => {
+router.getAsync('/:id', async (req, res) => {
const id = req.params.id
- db.backend.findOne({ where: { id: id } }).then(backend => {
- res.status(200).send({
- id: id,
- name: backend.name,
- type: backend.type,
- credentials: backend.credentials
- })
+ const backend = await db.backend.findOne({ where: { id: id } })
+
+ // Remove password values from credentials.
+ const externalBackends = new ExternalBackends()
+ const instance = externalBackends.getInstance(backend.type)
+ let credentialTypes = instance.getCredentials()
+
+ // Get the ids of the 'password' fieldds
+ let censorIds = []
+ credentialTypes.forEach(function f (element) {
+ if (element.type === 'switch') {
+ element.elements.forEach(f)
+ } else if (element.type === 'password') censorIds.push(element.id)
+ })
+
+ // Filter the password values. No need for the frontend to have those.
+ let credentials = JSON.parse(backend.credentials)
+ credentials.forEach(function x (e) {
+ if (e.elements) e.elements.forEach(x)
+ else if (censorIds.includes(e.id)) e.value = ''
+ })
+
+ res.status(200).send({
+ id: id,
+ name: backend.name,
+ type: backend.type,
+ credentials: credentials
})
})
@@ -50,7 +68,7 @@ router.get('/:id/objects', (req, res) => {
instance.getObjects(backend.credentials).then(result => {
res.status(200).send(result)
})
- } else res.status(500).send({ status: 'INVALID_BACKEND_ID', error: 'The provided backend id is invalid.' })
+ } else res.status(500).send({ error: 'INVALID_BACKEND_ID', message: 'The provided backend id is invalid.' })
})
})
@@ -70,7 +88,7 @@ router.get('/:id/objects/:oid', (req, res) => {
instance.getObject(backend.credentials, oid).then(result => {
res.status(200).send(result)
})
- } else res.status(500).send({ status: 'INVALID_BACKEND_ID', error: 'The provided backend id is invalid.' })
+ } else res.status(500).send({ error: 'INVALID_BACKEND_ID', message: 'The provided backend id is invalid.' })
})
})
@@ -175,7 +193,7 @@ router.get('/:id/import', (req, res) => {
objectPromise.then(result => {
// Check for the not implemented exception
- if (result.status === 'NOT_IMPLEMENTED_EXCEPTION') res.status(501).send(result)
+ if (result.error === 'NOT_IMPLEMENTED_EXCEPTION') res.status(501).send(result)
// Filter those objects in groups / clients
var groupObjects = []
@@ -227,7 +245,7 @@ router.get('/:id/import', (req, res) => {
promise.then(data => {
// Check for the not implemented exception
- if (data.status) res.status(501).send(data)
+ if (data.error) res.status(501).send(data)
data.forEach(obj => {
var groupChildsToAdd = []
@@ -275,7 +293,7 @@ router.get('/:id/import', (req, res) => {
res.status(200).send({ status: 'SUCCESS' })
})
})
- } else res.status(500).send({ status: 'INVALID_BACKEND_ID', error: 'The provided backend id is invalid.' })
+ } else res.status(500).send({ error: 'INVALID_BACKEND_ID', message: 'The provided backend id is invalid.' })
})
})
@@ -295,7 +313,7 @@ noAuthRouter.get('/:id/:uuid/files', (req, res) => {
res.send({ success: true, data: { backendId: id, clientUUID: uuid, externalId: externalId, fileList: fileList } })
})
} else {
- res.send({ success: false, status: 'CLIENT_NOT_FOUND', error: 'Couldn\'t find the client' })
+ res.send({ success: false, error: 'CLIENT_NOT_FOUND', message: 'Couldn\'t find the client' })
}
})
})
@@ -315,7 +333,7 @@ noAuthRouter.get('/:id/:uuid/files/:filename', (req, res) => {
res.send(file)
})
} else {
- res.send({ success: false, status: 'CLIENT_NOT_FOUND', error: 'Couldn\'t find the client' })
+ res.send({ success: false, error: 'CLIENT_NOT_FOUND', message: 'Couldn\'t find the client' })
}
})
})
@@ -359,19 +377,34 @@ router.post('/:id/connection', (req, res) => {
*
* Creates or updates the backend.
*/
-router.put('/:id', (req, res) => {
+router.putAsync('/:id', async (req, res) => {
const id = req.params.id
// Save credentials in the db.
const backend = req.body
- const credentialString = JSON.stringify(backend.credentials)
if (id === '0') {
// Insert new backend in the db.
+ const credentialString = JSON.stringify(backend.credentials)
db.backend.create({ name: backend.name, type: backend.type, credentials: credentialString })
} else {
+ const backendDb = await db.backend.findOne({ where: { id: id } })
+ if (!backendDb) return res.status(404).send({ error: 'BACKEND_NOT_FOUND', message: 'No backend was found with the provided backend id.' })
+
+ // Merge the old and the new credential values (passwords are only send if they changed)
+ let credentials = JSON.parse(backendDb.credentials)
+ let newAttributes = {}
+ backend.credentials.forEach(function x (e) {
+ if (e.elements) e.elements.forEach(x)
+ newAttributes[e.id] = e.value
+ })
+ credentials.forEach(function f (element) {
+ if (element.elements) element.elements.forEach(f)
+ else if (newAttributes[element.id]) element.value = newAttributes[element.id]
+ })
+
// Update an existing backend in the db.
- db.backend.update({ name: backend.name, type: backend.type, credentials: credentialString }, { where: { id: id } })
+ db.backend.update({ name: backend.name, type: backend.type, credentials: JSON.stringify(credentials) }, { where: { id: id } })
}
res.status(200).send('success')