From 2e16c45b2dd55e3ae4b18f26c628fb6aae3b2257 Mon Sep 17 00:00:00 2001 From: bergi Date: Tue, 19 May 2020 01:34:08 +0200 Subject: [PATCH 1/2] added auth for operator and admins --- backend/docs/api.md | 8 + backend/docs/data-model.md | 9 + backend/{test => examples}/all.sh | 0 backend/{test => examples}/baseUrl.txt | 0 backend/{test => examples}/delete.sh | 0 backend/{test => examples}/shop-get.sh | 0 backend/{test => examples}/shop-put.json | 0 backend/{test => examples}/shop-put.sh | 0 .../{test => examples}/ticket-available.sh | 0 backend/{test => examples}/ticket-image.sh | 0 backend/{test => examples}/ticket-post.sh | 0 backend/{test => examples}/ticket-put.json | 0 backend/{test => examples}/ticket-put.sh | 0 backend/{test => examples}/ticket1-post.json | 0 backend/{test => examples}/ticket2-post.json | 0 backend/{test => examples}/ticket3-post.json | 0 backend/{test => examples}/timeslot-get.sh | 0 backend/{test => examples}/timeslot-post.sh | 0 .../{test => examples}/timeslot1-post.json | 0 .../{test => examples}/timeslot2-post.json | 0 backend/examples/user-get.sh | 5 + backend/examples/user-post.json | 5 + backend/examples/user-post.sh | 6 + backend/lib/Database.js | 30 + backend/lib/defaults.js | 11 + backend/lib/middleware/authn.js | 44 + backend/lib/middleware/authz.js | 13 + backend/lib/middleware/shop.js | 23 +- backend/lib/middleware/user.js | 60 ++ backend/lib/tables.js | 10 + backend/package-lock.json | 781 ++++++++++++++++++ backend/package.json | 16 +- backend/server.js | 25 +- backend/test/support/Client.js | 49 ++ backend/test/tickets-available.sh | 5 - backend/test/user.test.js | 83 ++ 36 files changed, 1174 insertions(+), 9 deletions(-) rename backend/{test => examples}/all.sh (100%) rename backend/{test => examples}/baseUrl.txt (100%) rename backend/{test => examples}/delete.sh (100%) rename backend/{test => examples}/shop-get.sh (100%) rename backend/{test => examples}/shop-put.json (100%) rename backend/{test => examples}/shop-put.sh (100%) rename backend/{test => examples}/ticket-available.sh (100%) rename backend/{test => examples}/ticket-image.sh (100%) rename backend/{test => examples}/ticket-post.sh (100%) rename backend/{test => examples}/ticket-put.json (100%) rename backend/{test => examples}/ticket-put.sh (100%) rename backend/{test => examples}/ticket1-post.json (100%) rename backend/{test => examples}/ticket2-post.json (100%) rename backend/{test => examples}/ticket3-post.json (100%) rename backend/{test => examples}/timeslot-get.sh (100%) rename backend/{test => examples}/timeslot-post.sh (100%) rename backend/{test => examples}/timeslot1-post.json (100%) rename backend/{test => examples}/timeslot2-post.json (100%) create mode 100755 backend/examples/user-get.sh create mode 100644 backend/examples/user-post.json create mode 100755 backend/examples/user-post.sh create mode 100644 backend/lib/middleware/authn.js create mode 100644 backend/lib/middleware/authz.js create mode 100644 backend/lib/middleware/user.js create mode 100644 backend/test/support/Client.js delete mode 100755 backend/test/tickets-available.sh create mode 100644 backend/test/user.test.js diff --git a/backend/docs/api.md b/backend/docs/api.md index 47e1edd..01a2222 100644 --- a/backend/docs/api.md +++ b/backend/docs/api.md @@ -152,3 +152,11 @@ Example request: "customers": 3 } ``` + +## Users + +### GET /shop/:shop/user/:id + +### POST /shop/:shop/user/ + +### PUT /shop/:shop/user/:id diff --git a/backend/docs/data-model.md b/backend/docs/data-model.md index aa3bab5..6f5865d 100644 --- a/backend/docs/data-model.md +++ b/backend/docs/data-model.md @@ -47,3 +47,12 @@ See the create script for more details about the data types and keys. - `start`: Start of the time slot as a date object. - `end`: End of the time slot as a date object. - `customers`: Maximum number of customers for this time slot. + +### users + +`users` contains all registered users. + +- `id`: Id of the user as an integer. +- `label`: Name of the user as string. +- `token`: Bearer token for login using `access_token` query parameter. +- `admin`: Flag if the user has admin right as boolean. diff --git a/backend/test/all.sh b/backend/examples/all.sh similarity index 100% rename from backend/test/all.sh rename to backend/examples/all.sh diff --git a/backend/test/baseUrl.txt b/backend/examples/baseUrl.txt similarity index 100% rename from backend/test/baseUrl.txt rename to backend/examples/baseUrl.txt diff --git a/backend/test/delete.sh b/backend/examples/delete.sh similarity index 100% rename from backend/test/delete.sh rename to backend/examples/delete.sh diff --git a/backend/test/shop-get.sh b/backend/examples/shop-get.sh similarity index 100% rename from backend/test/shop-get.sh rename to backend/examples/shop-get.sh diff --git a/backend/test/shop-put.json b/backend/examples/shop-put.json similarity index 100% rename from backend/test/shop-put.json rename to backend/examples/shop-put.json diff --git a/backend/test/shop-put.sh b/backend/examples/shop-put.sh similarity index 100% rename from backend/test/shop-put.sh rename to backend/examples/shop-put.sh diff --git a/backend/test/ticket-available.sh b/backend/examples/ticket-available.sh similarity index 100% rename from backend/test/ticket-available.sh rename to backend/examples/ticket-available.sh diff --git a/backend/test/ticket-image.sh b/backend/examples/ticket-image.sh similarity index 100% rename from backend/test/ticket-image.sh rename to backend/examples/ticket-image.sh diff --git a/backend/test/ticket-post.sh b/backend/examples/ticket-post.sh similarity index 100% rename from backend/test/ticket-post.sh rename to backend/examples/ticket-post.sh diff --git a/backend/test/ticket-put.json b/backend/examples/ticket-put.json similarity index 100% rename from backend/test/ticket-put.json rename to backend/examples/ticket-put.json diff --git a/backend/test/ticket-put.sh b/backend/examples/ticket-put.sh similarity index 100% rename from backend/test/ticket-put.sh rename to backend/examples/ticket-put.sh diff --git a/backend/test/ticket1-post.json b/backend/examples/ticket1-post.json similarity index 100% rename from backend/test/ticket1-post.json rename to backend/examples/ticket1-post.json diff --git a/backend/test/ticket2-post.json b/backend/examples/ticket2-post.json similarity index 100% rename from backend/test/ticket2-post.json rename to backend/examples/ticket2-post.json diff --git a/backend/test/ticket3-post.json b/backend/examples/ticket3-post.json similarity index 100% rename from backend/test/ticket3-post.json rename to backend/examples/ticket3-post.json diff --git a/backend/test/timeslot-get.sh b/backend/examples/timeslot-get.sh similarity index 100% rename from backend/test/timeslot-get.sh rename to backend/examples/timeslot-get.sh diff --git a/backend/test/timeslot-post.sh b/backend/examples/timeslot-post.sh similarity index 100% rename from backend/test/timeslot-post.sh rename to backend/examples/timeslot-post.sh diff --git a/backend/test/timeslot1-post.json b/backend/examples/timeslot1-post.json similarity index 100% rename from backend/test/timeslot1-post.json rename to backend/examples/timeslot1-post.json diff --git a/backend/test/timeslot2-post.json b/backend/examples/timeslot2-post.json similarity index 100% rename from backend/test/timeslot2-post.json rename to backend/examples/timeslot2-post.json diff --git a/backend/examples/user-get.sh b/backend/examples/user-get.sh new file mode 100755 index 0000000..1b5dddc --- /dev/null +++ b/backend/examples/user-get.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +BASE_URL=$(cat baseUrl.txt) + +curl -v $BASE_URL/shop/default/user/owner -H "accept: application/json" diff --git a/backend/examples/user-post.json b/backend/examples/user-post.json new file mode 100644 index 0000000..bade1ff --- /dev/null +++ b/backend/examples/user-post.json @@ -0,0 +1,5 @@ +{ + "id": "owner", + "label": "Shop Owner", + "admin": true +} diff --git a/backend/examples/user-post.sh b/backend/examples/user-post.sh new file mode 100755 index 0000000..309a2b3 --- /dev/null +++ b/backend/examples/user-post.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +BASE_URL=$(cat baseUrl.txt) +DATA=$(cat user-post.json) + +curl -v $BASE_URL/shop/default/user/ -X POST -H "content-type: application/json" -H "accept: application/json" --data "$DATA" diff --git a/backend/lib/Database.js b/backend/lib/Database.js index aafa899..bb1e560 100644 --- a/backend/lib/Database.js +++ b/backend/lib/Database.js @@ -164,6 +164,36 @@ ORDER BY "range"."start" return result.rows[0] } + + async addUser ({ id, label, token, admin }) { + const query = 'INSERT INTO users("id", "label", "token", "admin") VALUES ($1, $2, $3, $4) RETURNING *' + const values = [id, label, token, admin] + const result = await this.client.query(query, values) + + return result.rows[0] + } + + async setUser ({ id, label, token, admin }) { + const query = 'UPDATE users SET "label"=$1, "token"=$2, "admin"=$3 WHERE "id"=$4' + const values = [label, token, admin, id] + await this.client.query(query, values) + } + + async getUser (id) { + const query = 'SELECT * FROM users WHERE "id"=$1' + const values = [id] + const result = await this.client.query(query, values) + + return result.rows[0] + } + + async getUserByToken (token) { + const query = 'SELECT * FROM users WHERE "token"=$1' + const values = [token] + const result = await this.client.query(query, values) + + return result.rows[0] + } } module.exports = Database diff --git a/backend/lib/defaults.js b/backend/lib/defaults.js index abe6bcd..a967ed3 100644 --- a/backend/lib/defaults.js +++ b/backend/lib/defaults.js @@ -8,6 +8,17 @@ const defaults = { database: 'postgres', password: null, port: null, + }, + express: { + session: { + key: 'random' + } + }, + auth: { + operator: { + user: 'operator', + password: 'operator' + } } } diff --git a/backend/lib/middleware/authn.js b/backend/lib/middleware/authn.js new file mode 100644 index 0000000..6cf0265 --- /dev/null +++ b/backend/lib/middleware/authn.js @@ -0,0 +1,44 @@ +const express = require('express') +const passport = require('passport') +const { BasicStrategy } = require('passport-http') +const BearerStrategy = require('passport-http-bearer') + +function auth ({ config, db }) { + const router = new express.Router() + + router.use(passport.initialize()) + router.use(passport.session()) + + passport.serializeUser((user, done) => done(null, user)) + passport.deserializeUser((user, done) => done(null, user)) + + passport.use(new BasicStrategy((user, password, done) => { + if (user !== config.operator.user) { + return done(null, false) + } + + if (password !== config.operator.password) { + return done(null, false) + } + + done(null, { user, admin: true, operator: true }) + })) + + passport.use(new BearerStrategy(async (token, done) => { + if (!token) { + return done(null, false) + } + + const user = await db.getUserByToken(token) + + if (!user) { + return done(null, false) + } + + done(null, user) + })) + + return router +} + +module.exports = auth diff --git a/backend/lib/middleware/authz.js b/backend/lib/middleware/authz.js new file mode 100644 index 0000000..d24f67d --- /dev/null +++ b/backend/lib/middleware/authz.js @@ -0,0 +1,13 @@ +const HttpError = require('http-errors') + +function requiresAdmin (req, res, next) { + if (req.user && req.user.admin) { + return next() + } + + next(new HttpError(401)) +} + +module.exports = { + requiresAdmin +} diff --git a/backend/lib/middleware/shop.js b/backend/lib/middleware/shop.js index 1a25b34..058133f 100644 --- a/backend/lib/middleware/shop.js +++ b/backend/lib/middleware/shop.js @@ -1,8 +1,10 @@ const absoluteUrl = require('absolute-url') -const express = require('express') const bodyParser = require('body-parser') +const express = require('express') +const passport = require('passport') const ticket = require('./ticket') const timeslot = require('./timeslot') +const user = require('./user') function shop ({ db }) { const router = new express.Router() @@ -10,6 +12,8 @@ function shop ({ db }) { router.use(absoluteUrl()) router.get('/', async (req, res, next) => { + console.log(req.user) + if (req.accepts('html')) { return next() } @@ -32,8 +36,25 @@ function shop ({ db }) { res.status(201).end() }) + router.get('/login', passport.authenticate('basic'), (req, res) => { + if (!req.user) { + return next(new Error('auth failed')) + } + + res.redirect('.') + }) + + router.get('/token', passport.authenticate('bearer'), (req, res, next) => { + if (!req.user) { + return next(new Error('auth failed')) + } + + res.redirect('.') + }) + router.use('/ticket', ticket({ db })) router.use('/timeslot', timeslot({ db })) + router.use('/user', user({ db })) return router } diff --git a/backend/lib/middleware/user.js b/backend/lib/middleware/user.js new file mode 100644 index 0000000..9ff0133 --- /dev/null +++ b/backend/lib/middleware/user.js @@ -0,0 +1,60 @@ +const absoluteUrl = require('absolute-url') +const express = require('express') +const bodyParser = require('body-parser') +const uuid = require('uuid').v4 +const { requiresAdmin } = require('./authz') +const urlResolve = require('../urlResolve') + +function user ({ db }) { + const router = new express.Router() + + router.use(absoluteUrl()) + + router.post('/', requiresAdmin, bodyParser.json(), async (req, res, next) => { + if (req.accepts('html')) { + return next() + } + + const result = await db.addUser({ + id: req.body.id, + label: req.body.label, + token: uuid(), + admin: Boolean(req.body.admin) + }) + + res.status(201).set('location', urlResolve(req.absoluteUrl(), result.id)).end() + }) + + router.get('/:id', requiresAdmin, async (req, res, next) => { + if (req.accepts('html')) { + return next() + } + + const user = await db.getUser(req.params.id) + + if (!user) { + return next() + } + + res.json(user) + }) + + router.put('/:id', requiresAdmin, bodyParser.json(), async (req, res, next) => { + if (req.accepts('html')) { + return next() + } + + await db.setUser({ + id: req.body.id, + label: req.body.label, + token: req.body.token, + admin: Boolean(req.body.admin) + }) + + res.status(201).end() + }) + + return router +} + +module.exports = user diff --git a/backend/lib/tables.js b/backend/lib/tables.js index 33467d9..3bbba21 100644 --- a/backend/lib/tables.js +++ b/backend/lib/tables.js @@ -29,6 +29,16 @@ const tables = { "customers" integer );`, delete: 'DROP TABLE timeslots;', + }, + users: { + clear: 'TRUNCATE users;', + create: `CREATE TABLE users ( + "id" character varying(1024), + "label" character varying(1024), + "token" character varying(1024), + "admin" boolean DEFAULT false + );`, + delete: 'DROP TABLE users;', } } diff --git a/backend/package-lock.json b/backend/package-lock.json index d23633b..9607c0d 100644 --- a/backend/package-lock.json +++ b/backend/package-lock.json @@ -18,6 +18,12 @@ "negotiator": "0.6.2" } }, + "ansi-colors": { + "version": "3.2.3", + "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-3.2.3.tgz", + "integrity": "sha512-LEHHyuhlPY3TmuUYMh2oz89lTShfvgbmzaBcxve9t/9Wuy7Dwf4yoAKcND7KFT1HAQfqZ12qtc+DUrBMeKF9nw==", + "dev": true + }, "ansi-regex": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz", @@ -31,11 +37,36 @@ "color-convert": "^1.9.0" } }, + "anymatch": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.1.tgz", + "integrity": "sha512-mM8522psRCqzV+6LhomX5wgp25YVibjh8Wj23I5RPkPppSVSjyKD2A2mBJmWGa+KN7f2D6LNh9jkBCeyLktzjg==", + "dev": true, + "requires": { + "normalize-path": "^3.0.0", + "picomatch": "^2.0.4" + } + }, + "argparse": { + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==", + "dev": true, + "requires": { + "sprintf-js": "~1.0.2" + } + }, "array-flatten": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", "integrity": "sha1-ml9pkFGx5wczKPKgCJaLZOopVdI=" }, + "balanced-match": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz", + "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c=", + "dev": true + }, "base64-js": { "version": "1.3.1", "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.3.1.tgz", @@ -49,6 +80,12 @@ "safe-buffer": "5.1.2" } }, + "binary-extensions": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.0.0.tgz", + "integrity": "sha512-Phlt0plgpIIBOGTT/ehfFnbNlfsDEiqmzE2KRXoX1bLIlir4X/MR+zSyBEkL05ffWgnRSf/DXv+WrUAVr93/ow==", + "dev": true + }, "body-parser": { "version": "1.19.0", "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.19.0.tgz", @@ -98,6 +135,31 @@ } } }, + "brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "requires": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "braces": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", + "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "dev": true, + "requires": { + "fill-range": "^7.0.1" + } + }, + "browser-stdout": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz", + "integrity": "sha512-qhAVI1+Av2X7qelOfAIYwXONood6XlZE/fXaBSmW/T5SzLAmCgzi+eiWE7fUvbHaeNBQH13UftjpXxsfLkMpgw==", + "dev": true + }, "buffer": { "version": "5.6.0", "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.6.0.tgz", @@ -146,6 +208,44 @@ "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==" }, + "chalk": { + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", + "dev": true, + "requires": { + "ansi-styles": "^3.2.1", + "escape-string-regexp": "^1.0.5", + "supports-color": "^5.3.0" + }, + "dependencies": { + "supports-color": { + "version": "5.5.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", + "dev": true, + "requires": { + "has-flag": "^3.0.0" + } + } + } + }, + "chokidar": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.3.0.tgz", + "integrity": "sha512-dGmKLDdT3Gdl7fBUe8XK+gAtGmzy5Fn0XkkWQuYxGIgWVPPse2CxFA5mtrlD0TOHaHjEUqkWNyP1XdHoJES/4A==", + "dev": true, + "requires": { + "anymatch": "~3.1.1", + "braces": "~3.0.2", + "fsevents": "~2.1.1", + "glob-parent": "~5.1.0", + "is-binary-path": "~2.1.0", + "is-glob": "~4.0.1", + "normalize-path": "~3.0.0", + "readdirp": "~3.2.0" + } + }, "cliui": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/cliui/-/cliui-5.0.0.tgz", @@ -169,6 +269,12 @@ "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=" }, + "concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=", + "dev": true + }, "content-disposition": { "version": "0.5.3", "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.3.tgz", @@ -192,6 +298,16 @@ "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", "integrity": "sha1-4wOogrNCzD7oylE6eZmXNNqzriw=" }, + "cross-fetch": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.0.4.tgz", + "integrity": "sha512-MSHgpjQqgbT/94D4CyADeNoYh52zMkCX4pcJvPP5WqPsLFMKjr2TCMg381ox5qI0ii2dPwaLx/00477knXqXVw==", + "dev": true, + "requires": { + "node-fetch": "2.6.0", + "whatwg-fetch": "3.0.0" + } + }, "debug": { "version": "4.1.1", "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz", @@ -205,6 +321,15 @@ "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz", "integrity": "sha1-9lNNFRSCabIDUue+4m9QH5oZEpA=" }, + "define-properties": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.1.3.tgz", + "integrity": "sha512-3MqfYKj2lLzdMSf8ZIZE/V+Zuy+BgD6f164e8K2w7dgnpKArBDerGYpM46IYYcjnkdPNMjPk9A6VFB8+3SKlXQ==", + "dev": true, + "requires": { + "object-keys": "^1.0.12" + } + }, "depd": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz", @@ -215,6 +340,12 @@ "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz", "integrity": "sha1-l4hXRCxEdJ5CBmE+N5RiBYJqvYA=" }, + "diff": { + "version": "3.5.0", + "resolved": "https://registry.npmjs.org/diff/-/diff-3.5.0.tgz", + "integrity": "sha512-A46qtFgd+g7pDZinpnwiRJtxbC1hpgf0uzP3iG89scHk0AUC7A1TGxf5OiiOUv/JMZR8GOt8hL900hV0bOy5xA==", + "dev": true + }, "dijkstrajs": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/dijkstrajs/-/dijkstrajs-1.0.1.tgz", @@ -235,11 +366,53 @@ "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", "integrity": "sha1-rT/0yG7C0CkyL1oCw6mmBslbP1k=" }, + "es-abstract": { + "version": "1.17.5", + "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.17.5.tgz", + "integrity": "sha512-BR9auzDbySxOcfog0tLECW8l28eRGpDpU3Dm3Hp4q/N+VtLTmyj4EUN088XZWQDW/hzj6sYRDXeOFsaAODKvpg==", + "dev": true, + "requires": { + "es-to-primitive": "^1.2.1", + "function-bind": "^1.1.1", + "has": "^1.0.3", + "has-symbols": "^1.0.1", + "is-callable": "^1.1.5", + "is-regex": "^1.0.5", + "object-inspect": "^1.7.0", + "object-keys": "^1.1.1", + "object.assign": "^4.1.0", + "string.prototype.trimleft": "^2.1.1", + "string.prototype.trimright": "^2.1.1" + } + }, + "es-to-primitive": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/es-to-primitive/-/es-to-primitive-1.2.1.tgz", + "integrity": "sha512-QCOllgZJtaUo9miYBcLChTUaHNjJF3PYs1VidD7AwiEj1kYxKeQTctLAezAOH5ZKRH0g2IgPn6KwB4IT8iRpvA==", + "dev": true, + "requires": { + "is-callable": "^1.1.4", + "is-date-object": "^1.0.1", + "is-symbol": "^1.0.2" + } + }, "escape-html": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", "integrity": "sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg=" }, + "escape-string-regexp": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=", + "dev": true + }, + "esprima": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", + "dev": true + }, "etag": { "version": "1.8.1", "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", @@ -297,6 +470,55 @@ } } }, + "express-session": { + "version": "1.17.1", + "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.17.1.tgz", + "integrity": "sha512-UbHwgqjxQZJiWRTMyhvWGvjBQduGCSBDhhZXYenziMFjxst5rMV+aJZ6hKPHZnPyHGsrqRICxtX8jtEbm/z36Q==", + "requires": { + "cookie": "0.4.0", + "cookie-signature": "1.0.6", + "debug": "2.6.9", + "depd": "~2.0.0", + "on-headers": "~1.0.2", + "parseurl": "~1.3.3", + "safe-buffer": "5.2.0", + "uid-safe": "~2.1.5" + }, + "dependencies": { + "debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "requires": { + "ms": "2.0.0" + } + }, + "depd": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==" + }, + "ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=" + }, + "safe-buffer": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.0.tgz", + "integrity": "sha512-fZEwUGbVl7kouZs1jCdMLdt95hdIv0ZeHg6L7qPeciMZhZ+/gdesW4wgTARkrFWEpspjEATAzUGPG8N2jJiwbg==" + } + } + }, + "fill-range": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", + "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "dev": true, + "requires": { + "to-regex-range": "^5.0.1" + } + }, "finalhandler": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.2.tgz", @@ -334,6 +556,15 @@ "locate-path": "^3.0.0" } }, + "flat": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/flat/-/flat-4.1.0.tgz", + "integrity": "sha512-Px/TiLIznH7gEDlPXcUD4KnBusa6kR6ayRUVcnEAbreRIuhkqow/mun59BuRXwoYk7ZQOLW1ZM05ilIvK38hFw==", + "dev": true, + "requires": { + "is-buffer": "~2.0.3" + } + }, "forwarded": { "version": "0.1.2", "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.1.2.tgz", @@ -344,11 +575,86 @@ "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", "integrity": "sha1-PYyt2Q2XZWn6g1qx+OSyOhBWBac=" }, + "fs.realpath": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=", + "dev": true + }, + "fsevents": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.1.3.tgz", + "integrity": "sha512-Auw9a4AxqWpa9GUfj370BMPzzyncfBABW8Mab7BGWBYDj4Isgq+cDKtx0i6u9jcX9pQDnswsaaOTgTmA5pEjuQ==", + "dev": true, + "optional": true + }, + "function-bind": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", + "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==", + "dev": true + }, "get-caller-file": { "version": "2.0.5", "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==" }, + "glob": { + "version": "7.1.3", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.3.tgz", + "integrity": "sha512-vcfuiIxogLV4DlGBHIUOwI0IbrJ8HWPc4MU7HzviGeNho/UJDfi6B5p3sHeWIQ0KGIU0Jpxi5ZHxemQfLkkAwQ==", + "dev": true, + "requires": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.0.4", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + } + }, + "glob-parent": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.1.tgz", + "integrity": "sha512-FnI+VGOpnlGHWZxthPGR+QhR78fuiK0sNLkHQv+bL9fQi57lNNdquIbna/WrfROrolq8GK5Ek6BiMwqL/voRYQ==", + "dev": true, + "requires": { + "is-glob": "^4.0.1" + } + }, + "growl": { + "version": "1.10.5", + "resolved": "https://registry.npmjs.org/growl/-/growl-1.10.5.tgz", + "integrity": "sha512-qBr4OuELkhPenW6goKVXiv47US3clb3/IbuWF9KNKEijAy9oeHxU9IgzjvJhHkUzhaj7rOUD7+YGWqUjLp5oSA==", + "dev": true + }, + "has": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", + "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", + "dev": true, + "requires": { + "function-bind": "^1.1.1" + } + }, + "has-flag": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=", + "dev": true + }, + "has-symbols": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.1.tgz", + "integrity": "sha512-PLcsoqu++dmEIZB+6totNFKq/7Do+Z0u4oT0zKOJNl3lYK6vGwwu2hjHs+68OEZbTjiUE9bgOABXbP/GvrS0Kg==", + "dev": true + }, + "he": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", + "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==", + "dev": true + }, "http-errors": { "version": "1.7.3", "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.7.3.tgz", @@ -374,6 +680,16 @@ "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.13.tgz", "integrity": "sha512-4vf7I2LYV/HaWerSo3XmlMkp5eZ83i+/CDluXi/IGTs/O1sejBNhTtnxzmRZfvOUqj7lZjqHkeTvpgSFDlWZTg==" }, + "inflight": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=", + "dev": true, + "requires": { + "once": "^1.3.0", + "wrappy": "1" + } + }, "inherits": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", @@ -384,16 +700,98 @@ "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==" }, + "is-binary-path": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", + "dev": true, + "requires": { + "binary-extensions": "^2.0.0" + } + }, + "is-buffer": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-2.0.4.tgz", + "integrity": "sha512-Kq1rokWXOPXWuaMAqZiJW4XxsmD9zGx9q4aePabbn3qCRGedtH7Cm+zV8WETitMfu1wdh+Rvd6w5egwSngUX2A==", + "dev": true + }, + "is-callable": { + "version": "1.1.5", + "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.1.5.tgz", + "integrity": "sha512-ESKv5sMCJB2jnHTWZ3O5itG+O128Hsus4K4Qh1h2/cgn2vbgnLSVqfV46AeJA9D5EeeLa9w81KUXMtn34zhX+Q==", + "dev": true + }, + "is-date-object": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.2.tgz", + "integrity": "sha512-USlDT524woQ08aoZFzh3/Z6ch9Y/EWXEHQ/AaRN0SkKq4t2Jw2R2339tSXmwuVoY7LLlBCbOIlx2myP/L5zk0g==", + "dev": true + }, + "is-extglob": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=", + "dev": true + }, "is-fullwidth-code-point": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz", "integrity": "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8=" }, + "is-glob": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.1.tgz", + "integrity": "sha512-5G0tKtBTFImOqDnLB2hG6Bp2qcKEFduo4tZu9MT/H6NQv/ghhy30o55ufafxJ/LdH79LLs2Kfrn85TLKyA7BUg==", + "dev": true, + "requires": { + "is-extglob": "^2.1.1" + } + }, + "is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "dev": true + }, + "is-regex": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.0.5.tgz", + "integrity": "sha512-vlKW17SNq44owv5AQR3Cq0bQPEb8+kF3UKZ2fiZNOWtztYE5i0CzCZxFDwO58qAOWtxdBRVO/V5Qin1wjCqFYQ==", + "dev": true, + "requires": { + "has": "^1.0.3" + } + }, + "is-symbol": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/is-symbol/-/is-symbol-1.0.3.tgz", + "integrity": "sha512-OwijhaRSgqvhm/0ZdAcXNZt9lYdKFpcRDT5ULUuYXPoT794UNOdU+gpT6Rzo7b4V2HUl/op6GqY894AZwv9faQ==", + "dev": true, + "requires": { + "has-symbols": "^1.0.1" + } + }, "isarray": { "version": "2.0.5", "resolved": "https://registry.npmjs.org/isarray/-/isarray-2.0.5.tgz", "integrity": "sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==" }, + "isexe": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=", + "dev": true + }, + "js-yaml": { + "version": "3.13.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.13.1.tgz", + "integrity": "sha512-YfbcO7jXDdyj0DGxYVSlSeQNHbD7XPWvrVWeVUujrQEoZzWJIRrCPoyk6kL6IAjAG2IolMK4T0hNUe0HOUs5Jw==", + "dev": true, + "requires": { + "argparse": "^1.0.7", + "esprima": "^4.0.0" + } + }, "locate-path": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-3.0.0.tgz", @@ -403,6 +801,21 @@ "path-exists": "^3.0.0" } }, + "lodash": { + "version": "4.17.15", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz", + "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==", + "dev": true + }, + "log-symbols": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-3.0.0.tgz", + "integrity": "sha512-dSkNGuI7iG3mfvDzUuYZyvk5dD9ocYCYzNU6CYDE6+Xqd+gwme6Z00NS3dUh8mq/73HaEtT7m6W+yUPtU6BZnQ==", + "dev": true, + "requires": { + "chalk": "^2.4.2" + } + }, "media-typer": { "version": "0.3.0", "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", @@ -436,6 +849,79 @@ "mime-db": "1.44.0" } }, + "minimatch": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz", + "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==", + "dev": true, + "requires": { + "brace-expansion": "^1.1.7" + } + }, + "minimist": { + "version": "1.2.5", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz", + "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==", + "dev": true + }, + "mkdirp": { + "version": "0.5.5", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.5.tgz", + "integrity": "sha512-NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ==", + "dev": true, + "requires": { + "minimist": "^1.2.5" + } + }, + "mocha": { + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/mocha/-/mocha-7.1.2.tgz", + "integrity": "sha512-o96kdRKMKI3E8U0bjnfqW4QMk12MwZ4mhdBTf+B5a1q9+aq2HRnj+3ZdJu0B/ZhJeK78MgYuv6L8d/rA5AeBJA==", + "dev": true, + "requires": { + "ansi-colors": "3.2.3", + "browser-stdout": "1.3.1", + "chokidar": "3.3.0", + "debug": "3.2.6", + "diff": "3.5.0", + "escape-string-regexp": "1.0.5", + "find-up": "3.0.0", + "glob": "7.1.3", + "growl": "1.10.5", + "he": "1.2.0", + "js-yaml": "3.13.1", + "log-symbols": "3.0.0", + "minimatch": "3.0.4", + "mkdirp": "0.5.5", + "ms": "2.1.1", + "node-environment-flags": "1.0.6", + "object.assign": "4.1.0", + "strip-json-comments": "2.0.1", + "supports-color": "6.0.0", + "which": "1.3.1", + "wide-align": "1.1.3", + "yargs": "13.3.2", + "yargs-parser": "13.1.2", + "yargs-unparser": "1.6.0" + }, + "dependencies": { + "debug": { + "version": "3.2.6", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.6.tgz", + "integrity": "sha512-mel+jf7nrtEl5Pn1Qx46zARXKDpBbvzezse7p7LqINmdoIk8PYP5SySaxEmYv6TZ0JyEKA1hsCId6DIhgITtWQ==", + "dev": true, + "requires": { + "ms": "^2.1.1" + } + }, + "ms": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz", + "integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg==", + "dev": true + } + } + }, "morgan": { "version": "1.10.0", "resolved": "https://registry.npmjs.org/morgan/-/morgan-1.10.0.tgz", @@ -478,6 +964,70 @@ "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.2.tgz", "integrity": "sha512-hZXc7K2e+PgeI1eDBe/10Ard4ekbfrrqG8Ep+8Jmf4JID2bNg7NvCPOZN+kfF574pFQI7mum2AUqDidoKqcTOw==" }, + "node-environment-flags": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/node-environment-flags/-/node-environment-flags-1.0.6.tgz", + "integrity": "sha512-5Evy2epuL+6TM0lCQGpFIj6KwiEsGh1SrHUhTbNX+sLbBtjidPZFAnVK9y5yU1+h//RitLbRHTIMyxQPtxMdHw==", + "dev": true, + "requires": { + "object.getownpropertydescriptors": "^2.0.3", + "semver": "^5.7.0" + }, + "dependencies": { + "semver": { + "version": "5.7.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", + "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", + "dev": true + } + } + }, + "node-fetch": { + "version": "2.6.0", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.0.tgz", + "integrity": "sha512-8dG4H5ujfvFiqDmVu9fQ5bOHUC15JMjMY/Zumv26oOvvVJjM67KF8koCWIabKQ1GJIa9r2mMZscBq/TbdOcmNA==", + "dev": true + }, + "normalize-path": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", + "dev": true + }, + "object-inspect": { + "version": "1.7.0", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.7.0.tgz", + "integrity": "sha512-a7pEHdh1xKIAgTySUGgLMx/xwDZskN1Ud6egYYN3EdRW4ZMPNEDUTF+hwy2LUC+Bl+SyLXANnwz/jyh/qutKUw==", + "dev": true + }, + "object-keys": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.1.1.tgz", + "integrity": "sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==", + "dev": true + }, + "object.assign": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.0.tgz", + "integrity": "sha512-exHJeq6kBKj58mqGyTQ9DFvrZC/eR6OwxzoM9YRoGBqrXYonaFyGiFMuc9VZrXf7DarreEwMpurG3dd+CNyW5w==", + "dev": true, + "requires": { + "define-properties": "^1.1.2", + "function-bind": "^1.1.1", + "has-symbols": "^1.0.0", + "object-keys": "^1.0.11" + } + }, + "object.getownpropertydescriptors": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/object.getownpropertydescriptors/-/object.getownpropertydescriptors-2.1.0.tgz", + "integrity": "sha512-Z53Oah9A3TdLoblT7VKJaTDdXdT+lQO+cNpKVnya5JDe9uLvzu1YyY1yFDFrcxrlRgWrEFH0jJtD/IbuwjcEVg==", + "dev": true, + "requires": { + "define-properties": "^1.1.3", + "es-abstract": "^1.17.0-next.1" + } + }, "on-finished": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz", @@ -491,6 +1041,15 @@ "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.0.2.tgz", "integrity": "sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA==" }, + "once": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=", + "dev": true, + "requires": { + "wrappy": "1" + } + }, "p-limit": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", @@ -522,16 +1081,65 @@ "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==" }, + "passport": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/passport/-/passport-0.4.1.tgz", + "integrity": "sha512-IxXgZZs8d7uFSt3eqNjM9NQ3g3uQCW5avD8mRNoXV99Yig50vjuaez6dQK2qC0kVWPRTujxY0dWgGfT09adjYg==", + "requires": { + "passport-strategy": "1.x.x", + "pause": "0.0.1" + } + }, + "passport-http": { + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/passport-http/-/passport-http-0.3.0.tgz", + "integrity": "sha1-juU9Q4C+nGDfIVGSUCmCb3cRVgM=", + "requires": { + "passport-strategy": "1.x.x" + } + }, + "passport-http-bearer": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/passport-http-bearer/-/passport-http-bearer-1.0.1.tgz", + "integrity": "sha1-FHRp6jZp4qhMYWfvmdu3fh8AmKg=", + "requires": { + "passport-strategy": "1.x.x" + } + }, + "passport-local": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/passport-local/-/passport-local-1.0.0.tgz", + "integrity": "sha1-H+YyaMkudWBmJkN+O5BmYsFbpu4=", + "requires": { + "passport-strategy": "1.x.x" + } + }, + "passport-strategy": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/passport-strategy/-/passport-strategy-1.0.0.tgz", + "integrity": "sha1-tVOaqPwiWj0a0XlHbd8ja0QPUuQ=" + }, "path-exists": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-3.0.0.tgz", "integrity": "sha1-zg6+ql94yxiSXqfYENe1mwEP1RU=" }, + "path-is-absolute": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=", + "dev": true + }, "path-to-regexp": { "version": "0.1.7", "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", "integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w=" }, + "pause": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/pause/-/pause-0.0.1.tgz", + "integrity": "sha1-HUCLP9t2kjuVQ9lvtMnf1TXZy10=" + }, "pg": { "version": "8.0.3", "resolved": "https://registry.npmjs.org/pg/-/pg-8.0.3.tgz", @@ -587,6 +1195,12 @@ "split": "^1.0.0" } }, + "picomatch": { + "version": "2.2.2", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.2.2.tgz", + "integrity": "sha512-q0M/9eZHzmr0AulXyPwNfZjtwZ/RBZlbN3K3CErVrk50T2ASYI7Bye0EvekFY3IP1Nt2DHu0re+V2ZHIpMkuWg==", + "dev": true + }, "pngjs": { "version": "3.4.0", "resolved": "https://registry.npmjs.org/pngjs/-/pngjs-3.4.0.tgz", @@ -643,6 +1257,11 @@ "resolved": "https://registry.npmjs.org/qs/-/qs-6.7.0.tgz", "integrity": "sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ==" }, + "random-bytes": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/random-bytes/-/random-bytes-1.0.0.tgz", + "integrity": "sha1-T2ih3Arli9P7lYSMMDJNt11kNgs=" + }, "range-parser": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", @@ -678,6 +1297,15 @@ } } }, + "readdirp": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.2.0.tgz", + "integrity": "sha512-crk4Qu3pmXwgxdSgGhgA/eXiJAPQiX4GMOZZMXnqKxHX7TaoL+3gQVo/WeuAiogr07DpnfjIMpXXa+PAIvwPGQ==", + "dev": true, + "requires": { + "picomatch": "^2.0.4" + } + }, "require-directory": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", @@ -774,6 +1402,12 @@ "through": "2" } }, + "sprintf-js": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=", + "dev": true + }, "statuses": { "version": "1.5.0", "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz", @@ -789,6 +1423,48 @@ "strip-ansi": "^5.1.0" } }, + "string.prototype.trimend": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.1.tgz", + "integrity": "sha512-LRPxFUaTtpqYsTeNKaFOw3R4bxIzWOnbQ837QfBylo8jIxtcbK/A/sMV7Q+OAV/vWo+7s25pOE10KYSjaSO06g==", + "dev": true, + "requires": { + "define-properties": "^1.1.3", + "es-abstract": "^1.17.5" + } + }, + "string.prototype.trimleft": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/string.prototype.trimleft/-/string.prototype.trimleft-2.1.2.tgz", + "integrity": "sha512-gCA0tza1JBvqr3bfAIFJGqfdRTyPae82+KTnm3coDXkZN9wnuW3HjGgN386D7hfv5CHQYCI022/rJPVlqXyHSw==", + "dev": true, + "requires": { + "define-properties": "^1.1.3", + "es-abstract": "^1.17.5", + "string.prototype.trimstart": "^1.0.0" + } + }, + "string.prototype.trimright": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/string.prototype.trimright/-/string.prototype.trimright-2.1.2.tgz", + "integrity": "sha512-ZNRQ7sY3KroTaYjRS6EbNiiHrOkjihL9aQE/8gfQ4DtAC/aEBRHFJa44OmoWxGGqXuJlfKkZW4WcXErGr+9ZFg==", + "dev": true, + "requires": { + "define-properties": "^1.1.3", + "es-abstract": "^1.17.5", + "string.prototype.trimend": "^1.0.0" + } + }, + "string.prototype.trimstart": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.1.tgz", + "integrity": "sha512-XxZn+QpvrBI1FOcg6dIpxUPgWCPuNXvMD72aaRaUQv1eD4e/Qy8i/hFTe0BUmD60p/QA6bh1avmuPTfNjqVWRw==", + "dev": true, + "requires": { + "define-properties": "^1.1.3", + "es-abstract": "^1.17.5" + } + }, "strip-ansi": { "version": "5.2.0", "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz", @@ -797,11 +1473,35 @@ "ansi-regex": "^4.1.0" } }, + "strip-json-comments": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz", + "integrity": "sha1-PFMZQukIwml8DsNEhYwobHygpgo=", + "dev": true + }, + "supports-color": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-6.0.0.tgz", + "integrity": "sha512-on9Kwidc1IUQo+bQdhi8+Tijpo0e1SS6RoGo2guUwn5vdaxw8RXOF9Vb2ws+ihWOmh4JnCJOvaziZWP1VABaLg==", + "dev": true, + "requires": { + "has-flag": "^3.0.0" + } + }, "through": { "version": "2.3.8", "resolved": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", "integrity": "sha1-DdTJ/6q8NXlgsbckEV1+Doai4fU=" }, + "to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dev": true, + "requires": { + "is-number": "^7.0.0" + } + }, "toidentifier": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.0.tgz", @@ -816,6 +1516,14 @@ "mime-types": "~2.1.24" } }, + "uid-safe": { + "version": "2.1.5", + "resolved": "https://registry.npmjs.org/uid-safe/-/uid-safe-2.1.5.tgz", + "integrity": "sha512-KPHm4VL5dDXKz01UuEd88Df+KzynaohSL9fBh096KWAxSKZQDI2uBrVqtvRM4rwrIrRRKsdLNML/lnaaVSRioA==", + "requires": { + "random-bytes": "~1.0.0" + } + }, "unpipe": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", @@ -826,16 +1534,72 @@ "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", "integrity": "sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM=" }, + "uuid": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.0.0.tgz", + "integrity": "sha512-jOXGuXZAWdsTH7eZLtyXMqUb9EcWMGZNbL9YcGBJl4MH4nrxHmZJhEHvyLFrkxo+28uLb/NYRcStH48fnD0Vzw==" + }, "vary": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", "integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw=" }, + "whatwg-fetch": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/whatwg-fetch/-/whatwg-fetch-3.0.0.tgz", + "integrity": "sha512-9GSJUgz1D4MfyKU7KRqwOjXCXTqWdFNvEr7eUBYchQiVc744mqK/MzXPNR2WsPkmkOa4ywfg8C2n8h+13Bey1Q==", + "dev": true + }, + "which": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", + "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", + "dev": true, + "requires": { + "isexe": "^2.0.0" + } + }, "which-module": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/which-module/-/which-module-2.0.0.tgz", "integrity": "sha1-2e8H3Od7mQK4o6j6SzHD4/fm6Ho=" }, + "wide-align": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/wide-align/-/wide-align-1.1.3.tgz", + "integrity": "sha512-QGkOQc8XL6Bt5PwnsExKBPuMKBxnGxWWW3fU55Xt4feHozMUhdUMaBCk290qpm/wG5u/RSKzwdAC4i51YigihA==", + "dev": true, + "requires": { + "string-width": "^1.0.2 || 2" + }, + "dependencies": { + "ansi-regex": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz", + "integrity": "sha1-7QMXwyIGT3lGbAKWa922Bas32Zg=", + "dev": true + }, + "string-width": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz", + "integrity": "sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw==", + "dev": true, + "requires": { + "is-fullwidth-code-point": "^2.0.0", + "strip-ansi": "^4.0.0" + } + }, + "strip-ansi": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz", + "integrity": "sha1-qEeQIusaw2iocTibY1JixQXuNo8=", + "dev": true, + "requires": { + "ansi-regex": "^3.0.0" + } + } + } + }, "wrap-ansi": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-5.1.0.tgz", @@ -846,6 +1610,12 @@ "strip-ansi": "^5.0.0" } }, + "wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=", + "dev": true + }, "xtend": { "version": "4.0.2", "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz", @@ -881,6 +1651,17 @@ "camelcase": "^5.0.0", "decamelize": "^1.2.0" } + }, + "yargs-unparser": { + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-1.6.0.tgz", + "integrity": "sha512-W9tKgmSn0DpSatfri0nx52Joq5hVXgeLiqR/5G0sZNDoLZFOr/xjBUDcShCOGNsBnEMNo1KAMBkTej1Hm62HTw==", + "dev": true, + "requires": { + "flat": "^4.1.0", + "lodash": "^4.17.15", + "yargs": "^13.3.0" + } } } } diff --git a/backend/package.json b/backend/package.json index 275698f..4593c7d 100644 --- a/backend/package.json +++ b/backend/package.json @@ -3,7 +3,9 @@ "version": "0.0.0", "description": "", "main": "index.js", - "scripts": {}, + "scripts": { + "test": "mocha" + }, "author": "Thomas Bergwinkl (https://www.bergnet.org/people/bergi/card#me)", "license": "MIT", "dependencies": { @@ -11,9 +13,19 @@ "body-parser": "^1.19.0", "debug": "^4.1.1", "express": "^4.17.1", + "express-session": "^1.17.1", "http-errors": "^1.7.3", "morgan": "^1.10.0", + "passport": "^0.4.1", + "passport-http": "^0.3.0", + "passport-http-bearer": "^1.0.1", + "passport-local": "^1.0.0", "pg": "^8.0.3", - "qrcode": "^1.4.4" + "qrcode": "^1.4.4", + "uuid": "^8.0.0" + }, + "devDependencies": { + "cross-fetch": "^3.0.4", + "mocha": "^7.1.2" } } diff --git a/backend/server.js b/backend/server.js index 012bd03..6c2f26c 100644 --- a/backend/server.js +++ b/backend/server.js @@ -1,9 +1,11 @@ const debug = require('debug')('noqueue-server') const { resolve } = require('path') const express = require('express') +const expressSession = require('express-session') const morgan = require('morgan') const Database = require('./lib/Database') const defaults = require('./lib/defaults') +const authn = require('./lib/middleware/authn') const admin = require('./lib/middleware/admin') const shop = require('./lib/middleware/shop') @@ -16,7 +18,18 @@ const config = { password: process.env.DB_PASSWORD || defaults.db.password, port: process.env.DB_PORT || defaults.db.port, }, - path: process.env.SHOP_PATH || 'default' + path: process.env.SHOP_PATH || 'default', + express: { + session: { + key: process.env.SESSION_KEY || defaults.express.session.key + } + }, + auth: { + operator: { + user: process.env.OPERATOR_USER || defaults.auth.operator.user, + password: process.env.OPERATOR_PASSWORD || defaults.auth.operator.password + } + } } async function init () { @@ -28,6 +41,16 @@ async function init () { app.use(morgan('combined')) + debug('mount express session') + app.use(expressSession({ + secret: config.express.session.key, + resave: true, + saveUninitialized: true + })) + + debug('mount authn') + app.use(authn({ config: config.auth, db })) + debug('mount admin API at /admin') app.use('/admin', admin({ db })) diff --git a/backend/test/support/Client.js b/backend/test/support/Client.js new file mode 100644 index 0000000..48c2a66 --- /dev/null +++ b/backend/test/support/Client.js @@ -0,0 +1,49 @@ +const fetch = require('cross-fetch') +const urlResolve = require('../../lib/urlResolve') + +class Client { + constructor ({ baseUrl = 'http://localhost:8080/shop/default/' } = {}) { + this.baseUrl = baseUrl + this.cookie = null + } + + async fetch (url, options = {}) { + options.headers = new fetch.Headers(options.headers) + options.headers.set('accept', 'application/json') + + if (this.cookie) { + options.headers.set('cookie', this.cookie) + } + + if (options.body) { + options.headers.set('content-type', 'application/json') + } + + const [path, query] = url.split('?') + + return fetch(urlResolve(this.baseUrl, path) + (query ? `?${query}` : ''), options) + } + + async logout () { + this.cookie = null + } + + async basicLogin ({ user, password }) { + const result = await this.fetch('login', { + headers: { + authorization: 'Basic ' + Buffer.from(user + ':' + password).toString('base64') + }, + redirect: 'manual' + }) + + this.cookie = result.headers.get('set-cookie').split(';')[0] + } + + async tokenLogin ({ token }) { + const result = await this.fetch(`token?access_token=${token}`, { redirect: 'manual' }) + + this.cookie = result.headers.get('set-cookie').split(';')[0] + } +} + +module.exports = Client diff --git a/backend/test/tickets-available.sh b/backend/test/tickets-available.sh deleted file mode 100755 index 8d7491c..0000000 --- a/backend/test/tickets-available.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -BASE_URL=$(cat baseUrl.txt) - -curl -v $BASE_URL/shop/default/ticket/available -H "accept: application/json" diff --git a/backend/test/user.test.js b/backend/test/user.test.js new file mode 100644 index 0000000..b879760 --- /dev/null +++ b/backend/test/user.test.js @@ -0,0 +1,83 @@ +const { strictEqual } = require('assert') +const { describe, it } = require('mocha') +const Client = require('./support/Client') + +const operator = { + user: 'operator', + password: 'operator' +} + +describe('user', () => { + it('should allow the operator to create a user', async () => { + const expected = { + id: 'owner', + label: 'Shop Owner', + admin: true + } + + const client = new Client() + + await client.basicLogin(operator) + + const created = await client.fetch('user/', { + method: 'POST', + body: JSON.stringify(expected) + }) + + strictEqual(created.status, 201) + + const fetched = await client.fetch('user/owner') + const user = await fetched.json() + + strictEqual(fetched.status, 200) + strictEqual(user.id, expected.id) + strictEqual(user.label, expected.label) + strictEqual(user.admin, expected.admin) + }) + + it('should allow an admin user to create a user', async () => { + const owner = { + id: 'owner', + label: 'Shop Owner', + admin: true + } + + const expected = { + id: 'employee', + label: 'Shop Employee', + admin: true + } + + const client = new Client() + + await client.basicLogin(operator) + + const created = await client.fetch('user/', { + method: 'POST', + body: JSON.stringify(owner) + }) + + strictEqual(created.status, 201) + + const fetched = await client.fetch('user/owner') + const user = await fetched.json() + + await client.logout() + await client.tokenLogin(user) + + const createdByOwner = await client.fetch('user/', { + method: 'POST', + body: JSON.stringify(expected) + }) + + strictEqual(createdByOwner.status, 201) + + const fetchedByOwner = await client.fetch('user/employee') + const userByOwner = await fetchedByOwner.json() + + strictEqual(fetchedByOwner.status, 200) + strictEqual(userByOwner.id, expected.id) + strictEqual(userByOwner.label, expected.label) + strictEqual(userByOwner.admin, expected.admin) + }) +}) From 48161e1962628741b77ada3dc7d76fe1a2beb361 Mon Sep 17 00:00:00 2001 From: bergi Date: Thu, 21 May 2020 00:03:12 +0200 Subject: [PATCH 2/2] added authz to more routings --- backend/lib/middleware/shop.js | 3 ++- backend/lib/middleware/ticket.js | 3 ++- backend/lib/middleware/timeslot.js | 5 +++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/backend/lib/middleware/shop.js b/backend/lib/middleware/shop.js index 058133f..632fc2a 100644 --- a/backend/lib/middleware/shop.js +++ b/backend/lib/middleware/shop.js @@ -2,6 +2,7 @@ const absoluteUrl = require('absolute-url') const bodyParser = require('body-parser') const express = require('express') const passport = require('passport') +const { requiresAdmin } = require('./authz') const ticket = require('./ticket') const timeslot = require('./timeslot') const user = require('./user') @@ -26,7 +27,7 @@ function shop ({ db }) { }) }) - router.put('/', bodyParser.json(), async (req, res, next) => { + router.put('/', requiresAdmin, bodyParser.json(), async (req, res, next) => { if (req.accepts('html')) { return next() } diff --git a/backend/lib/middleware/ticket.js b/backend/lib/middleware/ticket.js index 3310508..b085100 100644 --- a/backend/lib/middleware/ticket.js +++ b/backend/lib/middleware/ticket.js @@ -1,6 +1,7 @@ const absoluteUrl = require('absolute-url') const express = require('express') const bodyParser = require('body-parser') +const { requiresAdmin } = require('./authz') const qrcode = require('./qrcode') const urlResolve = require('../urlResolve') @@ -56,7 +57,7 @@ function ticket ({ db }) { res.json(ticket) }) - router.put('/:id', bodyParser.json(), async (req, res, next) => { + router.put('/:id', requiresAdmin, bodyParser.json(), async (req, res, next) => { if (req.accepts('html')) { return next() } diff --git a/backend/lib/middleware/timeslot.js b/backend/lib/middleware/timeslot.js index ee103d2..adb7d62 100644 --- a/backend/lib/middleware/timeslot.js +++ b/backend/lib/middleware/timeslot.js @@ -2,6 +2,7 @@ const absoluteUrl = require('absolute-url') const bodyParser = require('body-parser') const express = require('express') const HttpError = require('http-errors') +const { requiresAdmin } = require('./authz') const urlResolve = require('../urlResolve') function timeslot ({ db }) { @@ -9,7 +10,7 @@ function timeslot ({ db }) { router.use(absoluteUrl()) - router.post('/', bodyParser.json(), async (req, res, next) => { + router.post('/', requiresAdmin, bodyParser.json(), async (req, res, next) => { if (req.accepts('html')) { return next() } @@ -41,7 +42,7 @@ function timeslot ({ db }) { res.json(timeslot) }) - router.put('/:id', bodyParser.json(), async (req, res, next) => { + router.put('/:id', requiresAdmin, bodyParser.json(), async (req, res, next) => { if (req.accepts('html')) { return next() }