Skip to content
This repository was archived by the owner on May 1, 2021. It is now read-only.

Commit eda5dbf

Browse files
theS1LV3RtheS1LV3R
authored
Merge pull request #55 from CTFNote/feat/middleware-user-team-#50
Create middleware to attach users and teams to requests that need it. NOTE: HAS NOT BEEN TESTED - PRIORITY ON #44
2 parents 376bc61 + be9175a commit eda5dbf

File tree

12 files changed

+229
-622
lines changed

12 files changed

+229
-622
lines changed

package.json

+1-1
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
"scripts": {
1111
"start": "cross-env NODE_ENV=production node dist/app.js",
1212
"build": "tsc",
13-
"dev": "cross-env NODE_ENV=development nodemon",
13+
"dev": "cross-env NODE_ENV=development nodemon --exec 'ts-node --files' src/app.ts",
1414
"lint": "eslint src",
1515
"release": "standard-version && echo \"REMEMBER TO TAG THE MERGE COMMIT\""
1616
},

src/api/v1/ctf.ts

+22-57
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,12 @@ import { NextFunction, Request, Response, Router } from "express";
22
import Logger from "../../loaders/logger";
33

44
import CTFService from "../../services/CTF";
5-
import { UnauthorizedError } from "../../types/httperrors";
65
import { notImplemented } from "../../util";
6+
import attachUser from "../../util/middleware/user";
77

88
export default (): Router => {
99
const router = Router({ mergeParams: true });
10+
router.use(attachUser());
1011

1112
router.route("/").get(listCTFs).post(createCTF).all(notImplemented);
1213
router.route("/:ctfID").get(getCTF).all(notImplemented);
@@ -19,96 +20,60 @@ export default (): Router => {
1920
const _CTFService = new CTFService();
2021

2122
function createCTF(req: Request, res: Response, next: NextFunction) {
22-
if (!req.headers.authorization) {
23-
next(
24-
new UnauthorizedError({
25-
errorMessage: "Missing authorization",
26-
errorCode: "error_unauthorized",
27-
})
28-
);
29-
}
30-
31-
Logger.verbose(`Creating new CTF for team ${req.params.teamID}`);
23+
Logger.verbose(`Creating new CTF for team ${req.team._id}`);
3224
Logger.debug(JSON.stringify({ ...req.body }));
3325
_CTFService
34-
.createCTF(req.headers.authorization.slice(7), req.params.teamID, req.body)
26+
.createCTF(req.user, req.team, req.body)
3527
.then((ctfDetails) => {
3628
res.status(201).send(ctfDetails);
3729
})
3830
.catch((err) => next(err));
3931
}
4032

4133
function listCTFs(req: Request, res: Response, next: NextFunction) {
42-
if (!req.headers.authorization) {
43-
next(
44-
new UnauthorizedError({
45-
errorMessage: "Missing authorization",
46-
errorCode: "error_unauthorized",
47-
})
48-
);
49-
}
50-
51-
Logger.verbose(`Getting list of CTFs for team ${req.params.teamID}`);
34+
Logger.verbose(`Getting list of CTFs for team ${req.team._id}`);
5235
_CTFService
53-
.listCTFs(req.headers.authorization.slice(7), req.params.teamID, req.body.includeArchived ?? undefined)
36+
.listCTFs(
37+
req.user,
38+
req.team,
39+
req.body.includeArchived ?? undefined
40+
)
5441
.then((CTFs) => {
5542
res.status(200).send(CTFs);
5643
})
5744
.catch((err) => next(err));
5845
}
5946

6047
function getCTF(req: Request, res: Response, next: NextFunction) {
61-
if (!req.headers.authorization) {
62-
next(
63-
new UnauthorizedError({
64-
errorMessage: "Missing authorization",
65-
errorCode: "error_unauthorized",
66-
})
67-
);
68-
}
69-
70-
Logger.verbose(`Getting CTF with ID ${req.params.ctfID} from team ${req.params.teamID}`);
48+
Logger.verbose(
49+
`Getting CTF with ID ${req.params.ctfID} from team ${req.team._id}`
50+
);
7151
_CTFService
72-
.getCTF(req.headers.authorization.slice(7), req.params.teamID, req.params.ctfID)
52+
.getCTF(req.user, req.team, req.params.ctfID)
7353
.then((CTF) => {
7454
res.status(200).send(CTF);
7555
})
7656
.catch((err) => next(err));
7757
}
7858

79-
8059
function archiveCTF(req: Request, res: Response, next: NextFunction) {
81-
if (!req.headers.authorization) {
82-
next(
83-
new UnauthorizedError({
84-
errorMessage: "Missing authorization",
85-
errorCode: "error_unauthorized",
86-
})
87-
);
88-
}
89-
90-
Logger.verbose(`Archiving CTF with ID ${req.params.ctfID} in team ${req.params.teamID}`);
60+
Logger.verbose(
61+
`Archiving CTF with ID ${req.params.ctfID} in team ${req.team._id}`
62+
);
9163
_CTFService
92-
.archiveCTF(req.headers.authorization.slice(7), req.params.teamID, req.params.ctfID)
64+
.archiveCTF(req.user, req.team, req.params.ctfID)
9365
.then((CTF) => {
9466
res.status(200).send(CTF);
9567
})
9668
.catch((err) => next(err));
9769
}
9870

9971
function unarchiveCTF(req: Request, res: Response, next: NextFunction) {
100-
if (!req.headers.authorization) {
101-
next(
102-
new UnauthorizedError({
103-
errorMessage: "Missing authorization",
104-
errorCode: "error_unauthorized",
105-
})
106-
);
107-
}
108-
109-
Logger.verbose(`Unarchiving CTF with ID ${req.params.ctfID} in team ${req.params.teamID}`);
72+
Logger.verbose(
73+
`Unarchiving CTF with ID ${req.params.ctfID} in team ${req.team._id}`
74+
);
11075
_CTFService
111-
.unarchiveCTF(req.headers.authorization.slice(7), req.params.teamID, req.params.ctfID)
76+
.unarchiveCTF(req.user, req.team, req.params.ctfID)
11277
.then((CTF) => {
11378
res.status(200).send(CTF);
11479
})

src/api/v1/invite.ts

+6-15
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,10 @@
11
import { celebrate, Segments, Joi } from "celebrate";
22
import { NextFunction, Request, Response, Router } from "express";
33

4-
import { UnauthorizedError } from "../../types/httperrors";
54
import TeamService from "../../services/Team";
6-
import { verifyAuthHeader } from "../../util/celebrate";
75
import { notImplemented } from "../../util";
86
import Logger from "../../loaders/logger";
7+
import attachUser from "../../util/middleware/user";
98

109
const verifyInvite = celebrate({
1110
[Segments.PARAMS]: Joi.object({
@@ -15,11 +14,12 @@ const verifyInvite = celebrate({
1514

1615
export default (): Router => {
1716
const router = Router();
17+
router.use(attachUser({ userOptional: true }));
1818

1919
router
2020
.route("/:inviteID")
21-
.get(verifyAuthHeader, verifyInvite, getInvite)
22-
.post(verifyAuthHeader, verifyInvite, useInvite)
21+
.get(verifyInvite, getInvite)
22+
.post(verifyInvite, useInvite)
2323
.all(notImplemented);
2424

2525
return router;
@@ -31,7 +31,7 @@ function getInvite(req: Request, res: Response, next: NextFunction) {
3131
Logger.verbose("Getting invite");
3232
Logger.debug({ inviteID: req.params.inviteID });
3333
teamService
34-
.getInvite(req.headers.authorization?.slice(7), req.params.inviteID)
34+
.getInvite(req.user, req.params.inviteID)
3535
.then((invite) => {
3636
Logger.silly("Sending invite data");
3737
res.send(invite);
@@ -40,18 +40,9 @@ function getInvite(req: Request, res: Response, next: NextFunction) {
4040
}
4141

4242
function useInvite(req: Request, res: Response, next: NextFunction) {
43-
if (!req.headers.authorization) {
44-
return next(
45-
new UnauthorizedError({
46-
errorMessage: "Missing authorization",
47-
errorCode: "error_unauthorized",
48-
})
49-
);
50-
}
51-
5243
Logger.verbose("Using invite and adding user to team");
5344
teamService
54-
.useInvite(req.headers.authorization.slice(7), req.params.inviteID)
45+
.useInvite(req.user, req.params.inviteID)
5546
.then((teamData) => {
5647
Logger.silly("Sending data about the team for the client");
5748
res.send(teamData);

0 commit comments

Comments
 (0)