app.post('/facilities/:uuid', function(req, res) { var uuid = req.param('uuid') var authP = C.http.authorize_req(req, true) var inventoryP = authP.then(function(auth) { // This verifies that the inventory exists and // is owned by the same account return C.request('inventory', 'GET', 200, '/inventory/'+uuid, undefined, { sudo_account: auth.account }) }) Q.spread([C.getBlueprints(), authP, inventoryP], function(blueprints, auth, inventory) { var blueprint = blueprints[req.body.blueprint] if (blueprint && inventory.blueprint == blueprint.uuid) { return updateFacility(uuid, blueprint, auth.account).then(function() { res.status(201).send({ facility: { uuid: uuid } }) }) } else { res.status(400).send("no such blueprint") } }).fail(C.http.errHandler(req, res, error)).done() })
app.get('/account', function(req, res) { C.http.authorize_req(req).then(function(auth) { return dao.accounts.get(auth.account) }).then(function(data) { res.send(data) }).fail(C.http.errHandler(req, res, console.log)).done() })
app.get('/jobs/:uuid', function(req, res) { C.http.authorize_req(req).then(function(auth) { return dao.jobs.get(req.param('uuid'), auth.account). then(function(data) { res.send(data) }) }).fail(C.http.errHandler(req, res, error)).done() })
app.post('/jobs', function(req, res) { debug(req.body) var job = req.body var duration = -1 job.uuid = uuidGen.v1() Q.spread([C.getBlueprints(), C.http.authorize_req(req), dao.facilities.get(job.facility)], function(blueprints, auth, facility) { if (facility === undefined) { return res.status(404).send("no such facility: " + job.facility) } // Must wait until we have the auth response to check authorization // TODO come up with a better means of authorization if (facility.account != auth.account) { return res.status(401).send("not authorized to access that facility") } var facilityType = blueprints[facility.blueprint] var canList = facilityType.production[job.action] var blueprint = blueprints[job.blueprint] if (canList === undefined || !canList.some(function(e) { return e.item == blueprint.uuid })) { debug(canList) debug(job.blueprint) return res.status(400).send("facility is unable to produce that") } if (job.action == "refine") { job.outputs = blueprint.refine.outputs job.duration = blueprint.refine.time } else { job.duration = blueprint.build.time if (job.action == "construct") { job.quantity = 1 } } job.account = auth.account return dao.jobs.queue(job).then(function() { res.status(201).send({ job: { uuid: job.uuid } }) }) }).fail(C.http.errHandler(req, res, error)).done() })
app.get('/facilities', function(req, res) { C.http.authorize_req(req).then(function(auth) { if (auth.privileged && req.param('all') == 'true') { return dao.facilities.all() } else { return dao.facilities.all(auth.account) } }).then(function(list) { res.send(list) }).fail(C.http.errHandler(req, res, error)).done() })
app.get('/auth', function(req, res) { Q.fcall(function () { var basic_auth = getBasicAuth(req) if (basic_auth.user === undefined) { return res.status(401).send("requires basic auth") } else if (basic_auth.user === 'google') { return authenticateGoogleToken(basic_auth.password) } else { return dao.accounts.get(basic_auth.user). tap(function(account_data) { if (account_data === undefined || account_data.secret != basic_auth.password) { throw new C.http.Error(401, 'invalid_credentials') } }) } }).then(function(account_data) { res.send(jwt.sign({ account: account_data.id, agent_id: account_data.id, // later I'll make this different privileged: (account_data.privileged === true) }, process.env.JWT_SIG_KEY, { expiresInSeconds: parseInt(process.env.TOKEN_TTL || 3600) // default 1hr ttl })) }).fail(C.http.errHandler(req, res, console.log)).done() })
app.get('/jobs', function(req, res) { C.http.authorize_req(req).then(function(auth) { return dao.jobs. all(auth.privileged && req.param('all') == 'true' ? undefined : auth.account). then(function(data) { res.send(data) }) }) })
verifyClient: function (info, callback) { var parts = uriUtils.parse(info.req.url, true) var token = parts.query.token C.http.authorize_token(token).then(function(auth) { info.req.authentication = auth callback(true) }, function(e) { callback(false) }) }
app.use(function(req, res, next) { //console.log(req.swagger) // We ignore the specifics atm about what security // is required. We also authenticate anything not // specified by swagger. Secure by default. if (req.swagger && req.swagger.security && req.swagger.security.length === 0) return next() C.http.authorize_req(req). then(function(auth) { req.auth = auth next() }, function(err) { req.ctx.error({ err: err }, 'authentication failed') next(err) }).done() })
app.delete('/facilities/:uuid', function(req, res) { destroyFacility(req.param('uuid')).then(function() { res.sendStatus(204) }).fail(C.http.errHandler(req, res, error)).done() })
var app = express() var port = process.env.PORT || 5000 var bunyanRequest = require('bunyan-request'); app.use(bunyanRequest({ logger: config.ctx, headerName: 'x-request-id' })); app.use(function(req, res, next) { req.ctx = req.log next() }) C.http.cors_policy(app) app.use(bodyParser.json()) app.use(bodyParser.urlencoded({ extended: false })) app.use(cookieParser()) var dao = { tokens: { get: function(uuid) { return db. query("select * from tokens where id=$1", [ uuid ]). then(function(data) { return data[0] }) },