summaryrefslogtreecommitdiffstats
path: root/server/api/setup.js
diff options
context:
space:
mode:
authorJannik Schönartz2019-03-04 22:27:04 +0100
committerJannik Schönartz2019-03-04 22:27:04 +0100
commit59a1b083e02928593e3ab5a3f23d361c6303009b (patch)
tree0beeeb4e73ef79252186c4098a604297c1b240ca /server/api/setup.js
parenteslint fixes (diff)
downloadbas-59a1b083e02928593e3ab5a3f23d361c6303009b.tar.gz
bas-59a1b083e02928593e3ab5a3f23d361c6303009b.tar.xz
bas-59a1b083e02928593e3ab5a3f23d361c6303009b.zip
[server/setup] Move (initial) setup in it's own api file
Diffstat (limited to 'server/api/setup.js')
-rw-r--r--server/api/setup.js37
1 files changed, 37 insertions, 0 deletions
diff --git a/server/api/setup.js b/server/api/setup.js
new file mode 100644
index 0000000..daade25
--- /dev/null
+++ b/server/api/setup.js
@@ -0,0 +1,37 @@
+/* global __appdir */
+const path = require('path')
+var db = require(path.join(__appdir, 'lib', 'sequelize'))
+var express = require('express')
+const { decorateApp } = require('@awaitjs/express')
+var noAuthRouter = decorateApp(express.Router())
+var authentication = require(path.join(__appdir, 'lib', 'authentication'))
+
+// Setup method for checking if setup is possible.
+noAuthRouter.get('/status', (req, res) => {
+ db.user.findAll().then(users => {
+ if (users.length > 0) res.status(403).send({ error: 'USERTABLE_NOT_EMPTY', message: 'The user table is not empty, unauthorized creation is forbidden.' })
+ else res.send()
+ })
+})
+
+// Setup method for creating the initial root account.
+noAuthRouter.postAsync('/', async (req, res) => {
+ const body = req.body
+ const users = await db.user.findAll()
+ if (users.length > 0) res.status(403).send({ status: 'USERTABLE_NOT_EMPTY', error_message: 'The user table is not empty, unauthorized creation is forbidden.' })
+ else {
+ const result = await authentication.signup(body)
+ const code = result.code
+ delete result.code
+ if (result.error) return res.status(code).send(result)
+
+ const user = await db.user.findOne({ where: { id: result.id } })
+ const roleDb = await db.role.create({ name: user.username, descr: 'Superadmin' })
+ const permission = await db.permission.findOne({ where: { name: 'superadmin' } })
+ await roleDb.addPermissions(permission.id)
+ await user.addRoles(roleDb.id)
+ res.send()
+ }
+})
+
+module.exports.noAuthRouter = noAuthRouter