dxs/learn-request-queue
1
0
Fork 0
Code Issues 12 Pull requests Projects Releases 11 Wiki Activity

Validate api token on authenticated requests

Browse source 
Also implements logic to refresh the token if a request fails.

Fixes #3
This commit is contained in:
Dessa Simpson 2020-08-14 11:37:24 -07:00
parent 33c31a13d7
commit 3c94c25458
2 changed files with 84 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

34
src/app.ts
View file

@ -9,6 +9,18 @@ import fetch, { Response as FetchResponse } from "node-fetch";
import db from "./db";
import errorHandler from "./errors";
// Ensure that any API token we have is valid - if not, destroy the session,
// logging out the user. Should be called before checking whether a user is
// logged in.
async function validateApiToken(session: Express.Session) {
if (session.tokenpair) {
console.log(session.tokenpair)
}
if (session.tokenpair && ! (await twitch.isApiTokenValid(session.tokenpair))) {
session.destroy(()=>{});
}
}
const app = express();
app.use(express.static('public'));
app.use(express.urlencoded({extended: false}));
@ -27,6 +39,7 @@ app.get("/api/getRequests", async (request, response) => {
throw new Error ("Missing request.session")
}
var requestCount = ( request.query.count ? parseInt(request.query.count as string, 10) : 5 );
await validateApiToken(request.session);
if (request.session.user) {
requests.getRequestsVoted(requestCount,request.session.user.id).then((val: Array<any>) => response.send(val))
.catch((e: any) => errorHandler(request,response,e));
@ -41,6 +54,7 @@ app.get("/api/getAllRequests", async (request, response) => {
throw new Error ("Missing request.session")
}
var requestCount = ( request.query.count ? parseInt(request.query.count as string, 10) : 5 );
await validateApiToken(request.session);
if (request.session.user) {
requests.getAllRequestsVoted(requestCount,request.session.user.id).then((val: Array<any>) => response.send(val))
.catch((e: any) => errorHandler(request,response,e));
@ -52,6 +66,7 @@ app.get("/api/getAllRequests", async (request, response) => {
app.post("/api/addRequest", async (request, response) => {
response.type('text/plain');
if (request.session) await validateApiToken(request.session);
if (!request.session || !request.session.user) {
response.status(401);
response.send("Must be logged in");
@ -71,7 +86,7 @@ app.post("/api/addRequest", async (request, response) => {
.catch((e: any) => errorHandler(request,response,e));
});
app.post("/api/updateRequestState", async (request, response) => {
app.post("/api/updateRequestState", async (request, response) => { // TODO: Streamer auth
response.type('text/plain');
if (!request.body.url) {
response.status(400);
@ -92,7 +107,7 @@ app.post("/api/updateRequestState", async (request, response) => {
.catch((e: any) => errorHandler(request,response,e));
});
app.post("/api/updateRequestScore", async (request, response) => {
app.post("/api/updateRequestScore", async (request, response) => { // TODO: Streamer auth
response.type('text/plain');
if (!request.body.url) {
response.status(400);
@ -113,7 +128,7 @@ app.post("/api/updateRequestScore", async (request, response) => {
.catch((e: any) => errorHandler(request,response,e));
});
app.post("/api/deleteRequest", async (request, response) => {
app.post("/api/deleteRequest", async (request, response) => { // TODO: Streamer auth
response.type('text/plain');
if (!request.body.url) {
response.status(400);
@ -130,6 +145,7 @@ app.post("/api/deleteRequest", async (request, response) => {
app.post("/api/addVote", async (request,response) => {
response.type('text/plain');
if (request.session) await validateApiToken(request.session);
if (!request.session || !request.session.user) {
response.status(401);
response.send("Must be logged in");
@ -151,6 +167,7 @@ app.post("/api/addVote", async (request,response) => {
app.post("/api/deleteVote", async (request,response) => {
response.type('text/plain');
if (request.session) await validateApiToken(request.session);
if (!request.session || !request.session.user) {
response.status(401);
response.send("Must be logged in");
@ -183,12 +200,12 @@ app.get("/callback", async (request, response) => {
code: authcode,
grant_type: "authorization_code",
redirect_uri: `${config.urlPrefix}/callback`
})}).then((res: FetchResponse) => res.json() as Promise<twitch.TokenResponse>)
})}).then((res: FetchResponse) => res.json() as Promise<twitch.TokenPair>)
.catch((e: any) => errorHandler(request,response,e));
if (typeof request.session == 'undefined') throw new Error('Session is undefined');
if (typeof tokenResponse == 'undefined') throw new Error('tokenResponse is undefined');
request.session.tokenpair = { access_token: tokenResponse.access_token, refresh_token: tokenResponse.refresh_token };
request.session.user = (await twitch.apiRequest(request.session.tokenpair,"GET","/users")).data[0];
request.session.user = (await twitch.apiRequest(request.session.tokenpair,"/users")).data[0];
const updateUserQuery = {
name: "updateUser",
@ -202,10 +219,8 @@ app.get("/callback", async (request, response) => {
// Frontend templates
app.get("/", async (request, response) => {
if (!request.session) {
throw new Error ("Missing request.session")
}
if (!request.session.user) {
if (request.session) await validateApiToken(request.session);
if (!request.session || !request.session.user) {
response.render('main.eta', {
loggedIn: false,
clientId: config.twitchClientId,
@ -223,7 +238,6 @@ app.get("/", async (request, response) => {
// Logout
app.get ("/logout", async (request, response) => request.session!.destroy(() => response.redirect(307, '/')));
app.listen(config.port, () => {
console.log(`Listening on port ${config.port}`);
});