server/api/index.js

const express = require('express')
const multer = require('multer')
const cors = require('cors')()

const { isAuth, isAdmin, hasPerm } = require('./auth')
const eventController = require('./controller/event')
const exportController = require('./controller/export')
const userController = require('./controller/user')
const settingsController = require('./controller/settings')
const instanceController = require('./controller/instance')
const apUserController = require('./controller/ap_user')
const resourceController = require('./controller/resource')
const oauthController = require('./controller/oauth')

const storage = require('./storage')
const upload = multer({ storage })

const debug = require('debug')('api')

const api = express.Router()
api.use(express.urlencoded({ extended: false }))
api.use(express.json())

api.get('/user', isAuth, (req, res) => res.json(res.locals.oauth.token.user))
// api.post('/user/login', userController.login)
// api.get('/user/logout', userController.logout)
api.post('/user/recover', userController.forgotPassword)
api.post('/user/check_recover_code', userController.checkRecoverCode)
api.post('/user/recover_password', userController.updatePasswordWithRecoverCode)

// register and add users
api.post('/user/register', userController.register)
api.post('/user', isAdmin, userController.create)

// update user
api.put('/user', hasPerm('user:update'), userController.update)

// delete user
api.delete('/user/:id', isAdmin, userController.remove)
api.delete('/user', hasPerm('user:remove'), userController.remove)

// get all users
api.get('/users', isAdmin, userController.getAll)

// update a place (modify address..)
api.put('/place', isAdmin, eventController.updatePlace)

// add event
api.post('/user/event', upload.single('image'), userController.addEvent)

// update event
api.put('/user/event', hasPerm('event:write'), upload.single('image'), userController.updateEvent)

// remove event
api.delete('/user/event/:id', hasPerm('event:remove'), userController.delEvent)

// get tags/places
api.get('/event/meta', eventController.getMeta)

// get unconfirmed events
api.get('/event/unconfirmed', isAdmin, eventController.getUnconfirmed)

// add event notification TODO
api.post('/event/notification', eventController.addNotification)
api.delete('/event/notification/:code', eventController.delNotification)

api.get('/settings', settingsController.getAllRequest)
api.post('/settings', isAdmin, settingsController.setRequest)
api.post('/settings/favicon', isAdmin, multer({ dest: 'thumb/' }).single('favicon'), settingsController.setFavicon)

// confirm event
api.get('/event/confirm/:event_id', hasPerm('event:write'), eventController.confirm)
api.get('/event/unconfirm/:event_id', hasPerm('event:write'), eventController.unconfirm)

// get event
api.get('/event/:event_id.:format?', cors, eventController.get)

// export events (rss/ics)
api.get('/export/:type', cors, exportController.export)

// get events in this range
// api.get('/event/:month/:year', cors, eventController.getAll)
api.get('/event', cors, eventController.select)

api.get('/instances', isAdmin, instanceController.getAll)
api.get('/instances/:instance_domain', isAdmin, instanceController.get)
api.post('/instances/toggle_block', isAdmin, instanceController.toggleBlock)
api.post('/instances/toggle_user_block', isAdmin, apUserController.toggleBlock)
api.put('/resources/:resource_id', isAdmin, resourceController.hide)
api.delete('/resources/:resource_id', isAdmin, resourceController.remove)
api.get('/resources', isAdmin, resourceController.getAll)

api.get('/clients', hasPerm('oauth:read'), oauthController.getClients)
api.get('/client/:client_id', hasPerm('oauth:read'), oauthController.getClient)
api.post('/client', oauthController.createClient)

api.use((req, res) => res.sendStatus(404))

// Handle 500
api.use((error, req, res, next) => {
  debug(error.toString())
  res.status(500).send('500: Internal Server Error')
})

module.exports = api
start with nuxt 2019-04-03 00:25:12 +02:00			`const express = require('express')`
			`const multer = require('multer')`
[api] cors for public api 2019-12-10 22:29:36 +01:00			`const cors = require('cors')()`
. 2019-06-06 23:54:32 +02:00
use oauth2 password flow for webclient 2020-01-27 00:47:03 +01:00			`const { isAuth, isAdmin, hasPerm } = require('./auth')`
start with nuxt 2019-04-03 00:25:12 +02:00			`const eventController = require('./controller/event')`
			`const exportController = require('./controller/export')`
			`const userController = require('./controller/user')`
			`const settingsController = require('./controller/settings')`
[refactoring] s/comment/resource 2019-12-04 01:18:05 +01:00			`const instanceController = require('./controller/instance')`
			`const apUserController = require('./controller/ap_user')`
			`const resourceController = require('./controller/resource')`
[oauth] start oauth auth_code server implementation 2019-12-26 11:46:21 +01:00			`const oauthController = require('./controller/oauth')`
. 2019-05-30 12:04:14 +02:00
fix #10 choose upload path in config.js 2019-06-11 17:44:11 +02:00			`const storage = require('./storage')`
start with nuxt 2019-04-03 00:25:12 +02:00			`const upload = multer({ storage })`
major on recurrent events 2019-07-23 01:31:43 +02:00
linting 2019-09-11 19:12:24 +02:00			`const debug = require('debug')('api')`

cleaning 2019-08-25 14:34:26 +02:00			`const api = express.Router()`
[oauth] start oauth auth_code server implementation 2019-12-26 11:46:21 +01:00			`api.use(express.urlencoded({ extended: false }))`
			`api.use(express.json())`
. 2019-06-06 23:54:32 +02:00
use oauth2 password flow for webclient 2020-01-27 00:47:03 +01:00			`api.get('/user', isAuth, (req, res) => res.json(res.locals.oauth.token.user))`
			`// api.post('/user/login', userController.login)`
			`// api.get('/user/logout', userController.logout)`
start with nuxt 2019-04-03 00:25:12 +02:00			`api.post('/user/recover', userController.forgotPassword)`
			`api.post('/user/check_recover_code', userController.checkRecoverCode)`
			`api.post('/user/recover_password', userController.updatePasswordWithRecoverCode)`

admin could add user, fix #14 2019-06-18 14:45:04 +02:00			`// register and add users`
			`api.post('/user/register', userController.register)`
[refactoring] auth as middleware 2019-10-30 14:58:40 +01:00			`api.post('/user', isAdmin, userController.create)`
admin could add user, fix #14 2019-06-18 14:45:04 +02:00
settings for user - enable federation for users 2019-09-11 11:58:42 +02:00			`// update user`
use oauth2 password flow for webclient 2020-01-27 00:47:03 +01:00			`api.put('/user', hasPerm('user:update'), userController.update)`
start with nuxt 2019-04-03 00:25:12 +02:00
linting 2019-09-11 19:12:24 +02:00			`// delete user`
[refactoring] auth as middleware 2019-10-30 14:58:40 +01:00			`api.delete('/user/:id', isAdmin, userController.remove)`
use oauth2 password flow for webclient 2020-01-27 00:47:03 +01:00			`api.delete('/user', hasPerm('user:remove'), userController.remove)`
admin could remove user 2019-06-18 15:13:13 +02:00
start with nuxt 2019-04-03 00:25:12 +02:00			`// get all users`
[refactoring] auth as middleware 2019-10-30 14:58:40 +01:00			`api.get('/users', isAdmin, userController.getAll)`
start with nuxt 2019-04-03 00:25:12 +02:00
			`// update a place (modify address..)`
[refactoring] auth as middleware 2019-10-30 14:58:40 +01:00			`api.put('/place', isAdmin, eventController.updatePlace)`
start with nuxt 2019-04-03 00:25:12 +02:00
admin could add user, fix #14 2019-06-18 14:45:04 +02:00			`// add event`
[refactoring] auth as middleware 2019-10-30 14:58:40 +01:00			`api.post('/user/event', upload.single('image'), userController.addEvent)`
linting 2019-09-11 19:12:24 +02:00
admin could add user, fix #14 2019-06-18 14:45:04 +02:00			`// update event`
use oauth2 password flow for webclient 2020-01-27 00:47:03 +01:00			`api.put('/user/event', hasPerm('event:write'), upload.single('image'), userController.updateEvent)`
start with nuxt 2019-04-03 00:25:12 +02:00
			`// remove event`
use oauth2 password flow for webclient 2020-01-27 00:47:03 +01:00			`api.delete('/user/event/:id', hasPerm('event:remove'), userController.delEvent)`
start with nuxt 2019-04-03 00:25:12 +02:00
			`// get tags/places`
			`api.get('/event/meta', eventController.getMeta)`

			`// get unconfirmed events`
[refactoring] auth as middleware 2019-10-30 14:58:40 +01:00			`api.get('/event/unconfirmed', isAdmin, eventController.getUnconfirmed)`
start with nuxt 2019-04-03 00:25:12 +02:00
use oauth2 password flow for webclient 2020-01-27 00:47:03 +01:00			`// add event notification TODO`
start with nuxt 2019-04-03 00:25:12 +02:00			`api.post('/event/notification', eventController.addNotification)`
			`api.delete('/event/notification/:code', eventController.delNotification)`

better config / install from cli / allow_registration 2019-06-21 23:52:18 +02:00			`api.get('/settings', settingsController.getAllRequest)`
[refactoring] auth as middleware 2019-10-30 14:58:40 +01:00			`api.post('/settings', isAdmin, settingsController.setRequest)`
minors + set Favicon 2020-01-15 23:51:09 +01:00			`api.post('/settings/favicon', isAdmin, multer({ dest: 'thumb/' }).single('favicon'), settingsController.setFavicon)`
start with nuxt 2019-04-03 00:25:12 +02:00
use oauth2 password flow for webclient 2020-01-27 00:47:03 +01:00			`// confirm event`
			`api.get('/event/confirm/:event_id', hasPerm('event:write'), eventController.confirm)`
			`api.get('/event/unconfirm/:event_id', hasPerm('event:write'), eventController.unconfirm)`
start with nuxt 2019-04-03 00:25:12 +02:00
. 2019-07-04 01:20:32 +02:00			`// get event`
[api] cors for public api 2019-12-10 22:29:36 +01:00			`api.get('/event/:event_id.:format?', cors, eventController.get)`
. 2019-07-04 01:20:32 +02:00
start with nuxt 2019-04-03 00:25:12 +02:00			`// export events (rss/ics)`
[api] cors for public api 2019-12-10 22:29:36 +01:00			`api.get('/export/:type', cors, exportController.export)`
start with nuxt 2019-04-03 00:25:12 +02:00
			`// get events in this range`
big oauth improvements 2020-01-21 01:24:10 +01:00			`// api.get('/event/:month/:year', cors, eventController.getAll)`
minors + set Favicon 2020-01-15 23:51:09 +01:00			`api.get('/event', cors, eventController.select)`
start with nuxt 2019-04-03 00:25:12 +02:00
[refactoring] s/comment/resource 2019-12-04 01:18:05 +01:00			`api.get('/instances', isAdmin, instanceController.getAll)`
			`api.get('/instances/:instance_domain', isAdmin, instanceController.get)`
			`api.post('/instances/toggle_block', isAdmin, instanceController.toggleBlock)`
			`api.post('/instances/toggle_user_block', isAdmin, apUserController.toggleBlock)`
			`api.put('/resources/:resource_id', isAdmin, resourceController.hide)`
			`api.delete('/resources/:resource_id', isAdmin, resourceController.remove)`
			`api.get('/resources', isAdmin, resourceController.getAll)`
[fedi] instances moderation 2019-10-30 15:01:15 +01:00
use oauth2 password flow for webclient 2020-01-27 00:47:03 +01:00			`api.get('/clients', hasPerm('oauth:read'), oauthController.getClients)`
			`api.get('/client/:client_id', hasPerm('oauth:read'), oauthController.getClient)`
[oauth] start oauth auth_code server implementation 2019-12-26 11:46:21 +01:00			`api.post('/client', oauthController.createClient)`

use oauth2 password flow for webclient 2020-01-27 00:47:03 +01:00			`api.use((req, res) => res.sendStatus(404))`
linting 2019-09-11 19:12:24 +02:00
			`// Handle 500`
			`api.use((error, req, res, next) => {`
big oauth improvements 2020-01-21 01:24:10 +01:00			`debug(error.toString())`
linting 2019-09-11 19:12:24 +02:00			`res.status(500).send('500: Internal Server Error')`
			`})`

start with nuxt 2019-04-03 00:25:12 +02:00			`module.exports = api`