Change insufficient permissions to be an error class
Signed-off-by: trivernis <trivernis@protonmail.com>pull/28/head
parent
123d8159da
commit
eaf484596b
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,167 @@
|
||||
/*
|
||||
Copyright (C) 2020 Leon Löchner
|
||||
|
||||
This file is part of fLotte-API-Server.
|
||||
|
||||
fLotte-API-Server is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
fLotte-API-Server is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with fLotte-API-Server. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
import { ApolloServer } from 'apollo-server-express';
|
||||
import bikeResolver from './resolvers/cargoBikeResolver';
|
||||
import { CargoBikeAPI } from './datasources/db/cargobikeAPI';
|
||||
import typeDefs from './schema/type-defs';
|
||||
import 'reflect-metadata';
|
||||
import { ConnectionOptions, createConnection } from 'typeorm';
|
||||
import { UserServerAPI } from './datasources/userserver/userserviceAPI';
|
||||
import express from 'express';
|
||||
import { requiredPermissions } from './datasources/userserver/permission';
|
||||
import { CargoBike } from './model/CargoBike';
|
||||
import { BikeEvent } from './model/BikeEvent';
|
||||
import { ContactInformation } from './model/ContactInformation';
|
||||
import { Equipment } from './model/Equipment';
|
||||
import { LendingStation } from './model/LendingStation';
|
||||
import { TimeFrame } from './model/TimeFrame';
|
||||
import { Participant } from './model/Participant';
|
||||
import { Organisation } from './model/Organisation';
|
||||
import { Provider } from './model/Provider';
|
||||
import { Engagement } from './model/Engagement';
|
||||
import { Workshop } from './model/Workshop';
|
||||
import { LendingStationAPI } from './datasources/db/lendingstationAPI';
|
||||
import lendingStationResolvers from './resolvers/lendingStationResolvers';
|
||||
import { ParticipantAPI } from './datasources/db/participantAPI';
|
||||
import participantResolvers from './resolvers/participantResolvers';
|
||||
import { ContactInformationAPI } from './datasources/db/contactinformationAPI';
|
||||
import providerResolvers from './resolvers/providerResolvers';
|
||||
import { ProviderAPI } from './datasources/db/providerAPI';
|
||||
import contactInformationResolvers from './resolvers/contactInformationResolvers';
|
||||
import { Person } from './model/Person';
|
||||
import { WorkshopType } from './model/WorkshopType';
|
||||
import { EngagementType } from './model/EngagementType';
|
||||
import { EquipmentType } from './model/EquipmentType';
|
||||
import { BikeEventType } from './model/BikeEventType';
|
||||
import { WorkshopAPI } from './datasources/db/workshopAPI';
|
||||
import workshopResolvers from './resolvers/workshopResolvers';
|
||||
import { ActionLog } from './model/ActionLog';
|
||||
import actionLogResolvers from './resolvers/actionLogResolvers';
|
||||
import { ActionLogAPI } from './datasources/db/actionLogAPI';
|
||||
import bodyParser from 'body-parser';
|
||||
const cors = require('cors');
|
||||
require('dotenv').config();
|
||||
|
||||
export const userAPI = new UserServerAPI(process.env.RPC_HOST);
|
||||
|
||||
export function getConnectionOptions (): ConnectionOptions {
|
||||
return {
|
||||
// @ts-ignore
|
||||
type: process.env.DATABASE_TYPE,
|
||||
url: process.env.DATABASE_URL,
|
||||
database: process.env.DATABASE_NAME,
|
||||
entities: [
|
||||
CargoBike,
|
||||
BikeEvent,
|
||||
BikeEventType,
|
||||
ContactInformation,
|
||||
Equipment,
|
||||
EquipmentType,
|
||||
LendingStation,
|
||||
TimeFrame,
|
||||
Organisation,
|
||||
Participant,
|
||||
Provider,
|
||||
Engagement,
|
||||
EngagementType,
|
||||
Workshop,
|
||||
Person,
|
||||
WorkshopType,
|
||||
ActionLog
|
||||
],
|
||||
synchronize: true,
|
||||
logging: false
|
||||
};
|
||||
}
|
||||
|
||||
export async function getApp (connOptions: ConnectionOptions) {
|
||||
/**
|
||||
* Function that is called to authenticate a user by using the user rpc server
|
||||
* @param req
|
||||
* @param res
|
||||
* @param next
|
||||
*/
|
||||
async function authenticate (req: any, res: any, next: any) {
|
||||
if (req.body.operationName === 'IntrospectionQuery') {
|
||||
next();
|
||||
} else if (process.env.NODE_ENV === 'develop') {
|
||||
req.permissions = requiredPermissions.map((e) => e.name);
|
||||
req.userId = await userAPI.getUserId(req.headers.authorization?.replace('Bearer ', ''));
|
||||
next();
|
||||
} else {
|
||||
const token = req.headers.authorization?.replace('Bearer ', '');
|
||||
if (token) {
|
||||
if (await userAPI.validateToken(token)) {
|
||||
req.permissions = await userAPI.getUserPermissions(token);
|
||||
req.userId = await userAPI.getUserId(req.headers.authorization?.replace('Bearer ', ''));
|
||||
next();
|
||||
} else {
|
||||
res.status(401);
|
||||
res.send('Unauthorized');
|
||||
}
|
||||
} else {
|
||||
res.status(401);
|
||||
res.send('Unauthorized');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
await createConnection(connOptions);
|
||||
} catch (err) {
|
||||
console.error(err);
|
||||
}
|
||||
|
||||
const server = new ApolloServer({
|
||||
resolvers: [
|
||||
bikeResolver,
|
||||
lendingStationResolvers,
|
||||
participantResolvers,
|
||||
providerResolvers,
|
||||
contactInformationResolvers,
|
||||
workshopResolvers,
|
||||
actionLogResolvers
|
||||
],
|
||||
typeDefs,
|
||||
dataSources: () => ({
|
||||
cargoBikeAPI: new CargoBikeAPI(),
|
||||
lendingStationAPI: new LendingStationAPI(),
|
||||
participantAPI: new ParticipantAPI(),
|
||||
contactInformationAPI: new ContactInformationAPI(),
|
||||
providerAPI: new ProviderAPI(),
|
||||
workshopAPI: new WorkshopAPI(),
|
||||
actionLogAPI: new ActionLogAPI(),
|
||||
userAPI
|
||||
}),
|
||||
context: (req: any) => {
|
||||
return req;
|
||||
}
|
||||
});
|
||||
|
||||
const app = express();
|
||||
app.use(cors());
|
||||
app.use(bodyParser.json());
|
||||
app.post('/graphql', authenticate);
|
||||
app.get(/\/graphql?&.*query=/, authenticate);
|
||||
|
||||
server.applyMiddleware({ app });
|
||||
|
||||
return app;
|
||||
}
|
@ -0,0 +1,7 @@
|
||||
import { ApolloError } from 'apollo-server-express';
|
||||
|
||||
export class PermissionError extends ApolloError {
|
||||
constructor () {
|
||||
super('Insufficient permissions.', 'INSUFFICIENT_PERMISSION');
|
||||
}
|
||||
}
|
@ -0,0 +1,70 @@
|
||||
function gql (strings: TemplateStringsArray) {
|
||||
}
|
||||
|
||||
export const CREATE_CARGO_BIKE = gql`
|
||||
mutation {
|
||||
createCargoBike(
|
||||
cargoBike: {
|
||||
group: KL
|
||||
name: "Test"
|
||||
modelName: "cool"
|
||||
numberOfWheels: 1
|
||||
forCargo: true
|
||||
forChildren: false
|
||||
numberOfChildren: 2
|
||||
technicalEquipment: {
|
||||
bicycleShift: "shift"
|
||||
isEBike: false
|
||||
hasLightSystem:false
|
||||
}
|
||||
dimensionsAndLoad: {
|
||||
hasCoverBox: true
|
||||
lockable:false
|
||||
boxLength: 0.1
|
||||
boxWidth: 0.2
|
||||
boxHeight:0.3
|
||||
maxWeightBox: 1.1
|
||||
maxWeightLuggageRack: 1.2
|
||||
maxWeightTotal: 1.3
|
||||
bikeLength:2.1
|
||||
}
|
||||
security: {frameNumber: "bla"}
|
||||
insuranceData: {name:"in"
|
||||
benefactor: "ben"
|
||||
billing: "bill"
|
||||
noPnP: "noP"
|
||||
|
||||
maintenanceResponsible: "someone"
|
||||
maintenanceBenefactor: "mben"
|
||||
hasFixedRate: true}
|
||||
taxes: {costCenter:"cost"}
|
||||
}
|
||||
) {
|
||||
id
|
||||
insuranceData{
|
||||
maintenanceResponsible
|
||||
}
|
||||
equipmentType {
|
||||
id
|
||||
name
|
||||
}
|
||||
provider {
|
||||
id
|
||||
organisation{
|
||||
id
|
||||
}
|
||||
}
|
||||
lendingStation {
|
||||
id
|
||||
name
|
||||
cargoBikes {
|
||||
id
|
||||
}
|
||||
}
|
||||
}
|
||||
}`;
|
||||
export const GET_CARGO_BIKE = gql`{
|
||||
cargoBikes(offset: 0, limit: 1) {
|
||||
id
|
||||
}
|
||||
}`;
|
@ -0,0 +1,65 @@
|
||||
/* eslint no-unused-expressions: 0 */
|
||||
import * as chai from 'chai';
|
||||
import { expect } from 'chai';
|
||||
import { describe, it, before, after } from 'mocha';
|
||||
import { step } from 'mocha-steps';
|
||||
|
||||
import chaiHttp from 'chai-http';
|
||||
// @ts-ignore
|
||||
import * as queries from './testQueries';
|
||||
import { getApp, getConnectionOptions } from '../src/app';
|
||||
import { getConnection } from 'typeorm';
|
||||
|
||||
chai.use(chaiHttp);
|
||||
const chaiLib = <any>chai;
|
||||
const request = chaiLib.default.request;
|
||||
// @ts-ignore
|
||||
chai.request = request;
|
||||
|
||||
process.env.NODE_ENV = 'develop';
|
||||
|
||||
function getAppServer () {
|
||||
return getApp(getConnectionOptions());
|
||||
}
|
||||
|
||||
describe('cargo bike resolver', () => {
|
||||
let agent: any = null;
|
||||
|
||||
before(async () => {
|
||||
const app = await getAppServer();
|
||||
const connection = getConnection();
|
||||
await connection.dropDatabase();
|
||||
await connection.synchronize();
|
||||
agent = chai.request.agent(app).post('/graphql').type('json');
|
||||
});
|
||||
|
||||
step('creates cargo bikes', (done) => {
|
||||
agent.send({
|
||||
query: queries.CREATE_CARGO_BIKE
|
||||
}).end((err: any, res: any) => {
|
||||
debugger;
|
||||
expect(err).to.be.null;
|
||||
expect(res).to.have.status(200);
|
||||
expect(res).to.be.json;
|
||||
expect(res.body.errors).to.be.undefined;
|
||||
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
step('returns cargo bike data', (done) => {
|
||||
agent.send({
|
||||
query: queries.GET_CARGO_BIKE
|
||||
}).end((err: any, res: any) => {
|
||||
expect(err).to.be.null;
|
||||
expect(res).to.have.status(200);
|
||||
expect(res).to.be.json;
|
||||
expect(res.body.errors).to.be.undefined;
|
||||
expect(res.body.data.cargoBikes).not.to.be.empty;
|
||||
});
|
||||
});
|
||||
|
||||
after(async () => {
|
||||
await getConnection().dropDatabase();
|
||||
});
|
||||
});
|
Loading…
Reference in New Issue