ShinobiSystems
/
Shinobi
mirror of https://gitlab.com/Shinobi-Systems/Shinobi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Shinobi/libs/webPaths/apiKeys.js

161 lines
6.0 KiB
JavaScript
Raw Permalink Blame History

module.exports = function(s,config,lang,app){
const { getApiKey, getApiKeys, createApiKey, editApiKey, deleteApiKey } = require('../user/apiKeys.js')(s,config,lang)
/**
* API : Add/Edit API Key, binded to the user who created it
*/
app.post([
config.webPaths.adminApiPrefix+':auth/api/:ke/add',
config.webPaths.apiPrefix+':auth/api/:ke/add',
],function (req,res){
var endData = {ok:false}
s.auth(req.params,async function(user){
const {
isSubAccount,
isRestrictedApiKey,
apiKeyPermissions,
} = s.checkPermission(user)
const endData = {
ok : false
}
if(isRestrictedApiKey && apiKeyPermissions.create_api_keys_disallowed){
endData.msg = lang['Not Authorized']
}else{
const groupKey = req.params.ke;
var form = s.getPostData(req) || {}
try{
const targetUID = form.uid || req.body.uid;
const code = form.code;
const editResponse = await editApiKey({
code,
ke : groupKey,
uid : !isSubAccount && targetUID ? targetUID : user.uid,
ip : typeof form.ip === 'string' ? form.ip.trim() : '',
details : form.details ? s.stringJSON(form.details) : undefined
});
if(editResponse.ok){
s.tx({
f: 'api_key_added',
uid: user.uid,
form: editResponse.api
},'GRP_' + groupKey)
}
endData.ok = editResponse.ok
endData.api = editResponse.api
}catch(err){
console.error(err)
}
}
s.closeJsonResponse(res,endData)
},res,req)
})
/**
* API : Delete API Key
*/
app.post([
config.webPaths.adminApiPrefix+':auth/api/:ke/delete',
config.webPaths.apiPrefix+':auth/api/:ke/delete',
],function (req,res){
var endData = {ok:false}
s.auth(req.params, async function(user){
const {
isSubAccount,
isRestrictedApiKey,
apiKeyPermissions,
} = s.checkPermission(user)
const endData = {
ok : false
}
if(isRestrictedApiKey && apiKeyPermissions.create_api_keys_disallowed){
endData.msg = lang['Not Authorized']
}else{
var form = s.getPostData(req) || {}
const code = form.code || s.getPostData(req,'code',false)
if(!code){
endData.msg = lang.postDataBroken
}else{
const groupKey = req.params.ke;
const targetUID = req.query.uid;
endData.uid = !isSubAccount && targetUID ? targetUID : user.uid;
const { ok } = await deleteApiKey({ ke: groupKey, code, uid: endData.uid })
if(ok){
s.tx({
f: 'api_key_deleted',
uid: user.uid,
form: {
code: code
}
},'GRP_' + groupKey)
endData.ok = ok
delete(s.api[code])
}
}
}
s.closeJsonResponse(res,endData)
},res,req)
})
/**
* API : List API Keys for Authenticated user
*/
app.get([
config.webPaths.adminApiPrefix+':auth/api/:ke/list',
config.webPaths.apiPrefix+':auth/api/:ke/list',
],function (req,res){
var endData = {ok:false}
s.auth(req.params, async function(user){
const {
isSubAccount,
isRestrictedApiKey,
apiKeyPermissions,
} = s.checkPermission(user)
const endData = {
ok : false,
keys: []
}
if(isRestrictedApiKey && apiKeyPermissions.create_api_keys_disallowed){
endData.msg = lang['Not Authorized']
}else{
const groupKey = req.params.ke;
const targetUID = req.query.uid;
endData.uid = !isSubAccount && targetUID ? targetUID : user.uid;
const rows = await getApiKeys({ ke: groupKey, uid: endData.uid })
endData.ok = true
endData.keys = rows
endData.ke = user.ke
}
s.closeJsonResponse(res,endData)
},res,req)
})
/**
* API : Get API Key for Authenticated user
*/
app.get([
config.webPaths.adminApiPrefix+':auth/api/:ke/get/:code',
config.webPaths.apiPrefix+':auth/api/:ke/get/:code',
],function (req,res){
var endData = {ok:false}
s.auth(req.params, async function(user){
const {
isSubAccount,
isRestrictedApiKey,
apiKeyPermissions,
} = s.checkPermission(user)
const endData = {
ok : false,
keys: []
}
if(isRestrictedApiKey && apiKeyPermissions.create_api_keys_disallowed){
endData.msg = lang['Not Authorized']
}else{
const groupKey = req.params.ke;
const targetUID = req.query.uid;
const code = req.params.code;
const uid = !isSubAccount && targetUID ? targetUID : user.uid;
const row = await getApiKey({ ke: groupKey, uid, code })
endData.ok = true
endData.key = row
}
s.closeJsonResponse(res,endData)
},res,req)
})
}
Reference in New Issue View Git Blame Copy Permalink