app.post('/facilities/:uuid', function(req, res) {
var uuid = req.param('uuid')
var authP = C.http.authorize_req(req, true)
var inventoryP = authP.then(function(auth) {
// This verifies that the inventory exists and
// is owned by the same account
return C.request('inventory', 'GET', 200, '/inventory/'+uuid, undefined, {
sudo_account: auth.account
})
})
Q.spread([C.getBlueprints(), authP, inventoryP], function(blueprints, auth, inventory) {
var blueprint = blueprints[req.body.blueprint]
if (blueprint && inventory.blueprint == blueprint.uuid) {
return updateFacility(uuid, blueprint, auth.account).then(function() {
res.status(201).send({
facility: {
uuid: uuid
}
})
})
} else {
res.status(400).send("no such blueprint")
}
}).fail(C.http.errHandler(req, res, error)).done()
})
app.get('/account', function(req, res) {
C.http.authorize_req(req).then(function(auth) {
return dao.accounts.get(auth.account)
}).then(function(data) {
res.send(data)
}).fail(C.http.errHandler(req, res, console.log)).done()
})
app.get('/jobs/:uuid', function(req, res) {
C.http.authorize_req(req).then(function(auth) {
return dao.jobs.get(req.param('uuid'), auth.account).
then(function(data) {
res.send(data)
})
}).fail(C.http.errHandler(req, res, error)).done()
})
app.post('/jobs', function(req, res) {
debug(req.body)
var job = req.body
var duration = -1
job.uuid = uuidGen.v1()
Q.spread([C.getBlueprints(), C.http.authorize_req(req), dao.facilities.get(job.facility)], function(blueprints, auth, facility) {
if (facility === undefined) {
return res.status(404).send("no such facility: " + job.facility)
}
// Must wait until we have the auth response to check authorization
// TODO come up with a better means of authorization
if (facility.account != auth.account) {
return res.status(401).send("not authorized to access that facility")
}
var facilityType = blueprints[facility.blueprint]
var canList = facilityType.production[job.action]
var blueprint = blueprints[job.blueprint]
if (canList === undefined || !canList.some(function(e) {
return e.item == blueprint.uuid
})) {
debug(canList)
debug(job.blueprint)
return res.status(400).send("facility is unable to produce that")
}
if (job.action == "refine") {
job.outputs = blueprint.refine.outputs
job.duration = blueprint.refine.time
} else {
job.duration = blueprint.build.time
if (job.action == "construct") {
job.quantity = 1
}
}
job.account = auth.account
return dao.jobs.queue(job).then(function() {
res.status(201).send({
job: {
uuid: job.uuid
}
})
})
}).fail(C.http.errHandler(req, res, error)).done()
})
app.get('/facilities', function(req, res) {
C.http.authorize_req(req).then(function(auth) {
if (auth.privileged && req.param('all') == 'true') {
return dao.facilities.all()
} else {
return dao.facilities.all(auth.account)
}
}).then(function(list) {
res.send(list)
}).fail(C.http.errHandler(req, res, error)).done()
})
app.get('/auth', function(req, res) {
Q.fcall(function () {
var basic_auth = getBasicAuth(req)
if (basic_auth.user === undefined) {
return res.status(401).send("requires basic auth")
} else if (basic_auth.user === 'google') {
return authenticateGoogleToken(basic_auth.password)
} else {
return dao.accounts.get(basic_auth.user).
tap(function(account_data) {
if (account_data === undefined || account_data.secret != basic_auth.password) {
throw new C.http.Error(401, 'invalid_credentials')
}
})
}
}).then(function(account_data) {
res.send(jwt.sign({
account: account_data.id,
agent_id: account_data.id, // later I'll make this different
privileged: (account_data.privileged === true)
}, process.env.JWT_SIG_KEY, {
expiresInSeconds: parseInt(process.env.TOKEN_TTL || 3600) // default 1hr ttl
}))
}).fail(C.http.errHandler(req, res, console.log)).done()
})
app.get('/jobs', function(req, res) {
C.http.authorize_req(req).then(function(auth) {
return dao.jobs.
all(auth.privileged && req.param('all') == 'true' ? undefined : auth.account).
then(function(data) {
res.send(data)
})
})
})
verifyClient: function (info, callback) {
var parts = uriUtils.parse(info.req.url, true)
var token = parts.query.token
C.http.authorize_token(token).then(function(auth) {
info.req.authentication = auth
callback(true)
}, function(e) {
callback(false)
})
}
app.use(function(req, res, next) {
//console.log(req.swagger)
// We ignore the specifics atm about what security
// is required. We also authenticate anything not
// specified by swagger. Secure by default.
if (req.swagger && req.swagger.security && req.swagger.security.length === 0)
return next()
C.http.authorize_req(req).
then(function(auth) {
req.auth = auth
next()
}, function(err) {
req.ctx.error({ err: err }, 'authentication failed')
next(err)
}).done()
})
app.delete('/facilities/:uuid', function(req, res) {
destroyFacility(req.param('uuid')).then(function() {
res.sendStatus(204)
}).fail(C.http.errHandler(req, res, error)).done()
})
var app = express()
var port = process.env.PORT || 5000
var bunyanRequest = require('bunyan-request');
app.use(bunyanRequest({
logger: config.ctx,
headerName: 'x-request-id'
}));
app.use(function(req, res, next) {
req.ctx = req.log
next()
})
C.http.cors_policy(app)
app.use(bodyParser.json())
app.use(bodyParser.urlencoded({
extended: false
}))
app.use(cookieParser())
var dao = {
tokens: {
get: function(uuid) {
return db.
query("select * from tokens where id=$1", [ uuid ]).
then(function(data) {
return data[0]
})
},