/* global __appdir */ var path = require('path') var db = require(path.join(__appdir, 'lib', 'sequelize')) var express = require('express') const { decorateApp } = require('@awaitjs/express') var router = decorateApp(express.Router()) const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse')) const iphelper = require(path.join(__appdir, 'lib', 'iphelper')) const log = require(path.join(__appdir, 'lib', 'log')) // Permission check middleware router.all(['', '/:x'], async (req, res, next) => { switch (req.method) { case 'GET': if (!await req.user.hasPermission('ipranges.view')) return res.status(403).send({ error: 'Missing permission', permission: 'ipranges.view' }) break case 'POST': case 'DELETE': if (!await req.user.hasPermission('ipranges.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'ipranges.edit' }) break default: return res.status(400).send() } next() }) // ############################################################################ // ########################### GET requests ################################# router.getAsync('', async (req, res) => { const ipranges = await db.iprange.findAll({ order: [['group', 'name', 'ASC']], include: ['group'] }) ipranges.forEach(iprange => { iprange.startIp = iphelper.toIPv4(iprange.startIp) iprange.endIp = iphelper.toIPv4(iprange.endIp) }) res.send(ipranges) }) router.getAsync('/:id', async (req, res) => { if (!(req.params.id > 0)) return HttpResponse.invalidId().send(res) const iprange = await db.iprange.findOne({ where: { id: req.params.id }, include: ['group'] }) if (iprange) { iprange.startIp = iphelper.toIPv4(iprange.startIp) iprange.endIp = iphelper.toIPv4(iprange.endIp) res.status(200).send(iprange) } else HttpResponse.notFound(req.params.id).send(res) }) // ############################################################################ // ########################## POST requests ################################# router.postAsync(['', '/:id'], async (req, res) => { if (req.query.delete !== undefined && req.query.delete !== 'false') { if (!Array.isArray(req.body.ids)) return HttpResponse.invalidBodyValue('ids', 'an array').send(res) const user = await db.user.findOne({ where: { id: req.user.id } }) // Only need to log batch request if there is more than one client to delete. if (req.body.ids.length > 1) { await log({ category: 'IPRANGE_BATCH_DELETE', description: 'IP range batch deletion of ' + req.body.ids.length + ' ip ranges initiated by user.', user, userId: req.user.id }) } let deletionCounter = 0 // Delete every iprange on its own, to get a better log for (let index in req.body.ids) { const iprange = await db.iprange.findOne({ where: { id: req.body.ids[index] } }) const count = await db.iprange.destroy({ where: { id: req.body.ids[index] } }) if (count !== 1) { await log({ category: 'ERROR_IPRANGE_DELETE', description: '[' + iprange.id + '] IP range from ' + iphelper.toIPv4(iprange.startIp) + ' to ' + iphelper.toIPv4(iprange.endIp) + ' could not be deleted.', user, userId: req.user.id }) } else { await log({ category: 'IPRANGE_DELETE', description: '[' + iprange.id + '] IP range from ' + iphelper.toIPv4(iprange.startIp) + ' to ' + iphelper.toIPv4(iprange.endIp) + ' successfully deleted.', user, userId: req.user.id }) deletionCounter++ } } if (req.body.ids.length > 1) { log({ category: 'IPRANGE_BATCH_DELETE', description: deletionCounter + '/' + req.body.ids.length + ' ip ranges successfully deleted.', user, userId: req.user.id }) } return HttpResponse.successBatch('deleted', 'client', deletionCounter).send(res) } let iprange let action = 'updated' req.body.startIp = iphelper.toDecimal(req.body.startIp) req.body.endIp = iphelper.toDecimal(req.body.endIp) if (req.params.id === undefined) { iprange = await db.iprange.create(req.body) await log({ category: 'IPRANGE_CREATE', description: 'IP range from ' + iphelper.toIPv4(req.body.startIp) + ' to ' + iphelper.toIPv4(req.body.endIp) + ' successfully created', userId: req.user.id, groupId: iprange.groupId }) action = 'created' } else if (req.params.id > 0) { iprange = await db.iprange.findOne({ where: { id: req.params.id } }) if (!iprange) return HttpResponse.notFound(req.params.id).send(res) else { await iprange.update(req.body) await log({ category: 'IPRANGE_EDIT', description: '[' + iprange.id + '] IP range successfully edited from ' + iphelper.toIPv4(req.body.startIp) + ' to ' + iphelper.toIPv4(req.body.endIp), userId: req.user.id, groupId: iprange.groupId }) } } else { return HttpResponse.invalidId().send(res) } HttpResponse.success(action, 'iprange', iprange.id).send(res) }) // ############################################################################ // ########################## DELETE requests ############################### router.delete('/:id', async (req, res) => { if (!(req.params.id > 0)) return HttpResponse.invalidId().send(res) const count = await db.iprange.destroy({ where: { id: req.params.id } }) if (count) HttpResponse.success('deleted', 'iprange', req.params.id).send(res) else HttpResponse.notFound(req.params.id).send(res) }) // ############################################################################ // ############################################################################ module.exports.router = router