Refactor queries and add auth on streamer endpoints
- Move prepared statement definitions to queries module - Add authentication to streamer-only endpoints
This commit is contained in:
parent
4555dd6b7f
commit
ccfcc57540
3 changed files with 152 additions and 103 deletions
80
src/app.ts
80
src/app.ts
|
|
@ -1,6 +1,7 @@
|
|||
import * as config from "./config";
|
||||
import * as requests from "./requests";
|
||||
import * as twitch from "./twitch";
|
||||
import * as queries from "./queries";
|
||||
import { URLSearchParams } from "url";
|
||||
import express from "express";
|
||||
import session from "express-session";
|
||||
|
|
@ -84,8 +85,19 @@ app.post("/api/addRequest", async (request, response) => {
|
|||
.catch((e: any) => errorHandler(request,response,e));
|
||||
});
|
||||
|
||||
app.post("/api/updateRequestState", async (request, response) => { // TODO: Streamer auth
|
||||
response.type('text/plain');
|
||||
app.post("/api/updateRequestState", async (request, response) => {
|
||||
if (request.session) await validateApiToken(request.session);
|
||||
if (!request.session || !request.session.user) {
|
||||
response.status(401);
|
||||
response.send("Must be logged in");
|
||||
return;
|
||||
}
|
||||
var streamerid = await db.query(queries.getStreamerId).then((result: pg.QueryResult) => result.rows[0]['userid']);
|
||||
if (request.session.user.id != streamerid) {
|
||||
response.status(401);
|
||||
response.send("You are not the streamer");
|
||||
return;
|
||||
}
|
||||
if (!request.body.url) {
|
||||
response.status(400);
|
||||
response.send("Missing url");
|
||||
|
|
@ -93,11 +105,12 @@ app.post("/api/updateRequestState", async (request, response) => { // TODO: Stre
|
|||
}
|
||||
if (!request.body.state) {
|
||||
response.status(400);
|
||||
response.send("Missing scoreDiff");
|
||||
response.send("Missing state");
|
||||
return;
|
||||
}
|
||||
var url = request.body.url as string;
|
||||
var state = request.body.state as string;
|
||||
response.type('text/plain');
|
||||
requests.updateRequestState(url,state).then((val: [number,string]) => {
|
||||
response.status(val[0]);
|
||||
response.send(val[1]);
|
||||
|
|
@ -105,8 +118,19 @@ app.post("/api/updateRequestState", async (request, response) => { // TODO: Stre
|
|||
.catch((e: any) => errorHandler(request,response,e));
|
||||
});
|
||||
|
||||
app.post("/api/updateRequestScore", async (request, response) => { // TODO: Streamer auth
|
||||
response.type('text/plain');
|
||||
app.post("/api/updateRequestScore", async (request, response) => {
|
||||
if (request.session) await validateApiToken(request.session);
|
||||
if (!request.session || !request.session.user) {
|
||||
response.status(401);
|
||||
response.send("Must be logged in");
|
||||
return;
|
||||
}
|
||||
var streamerid = await db.query(queries.getStreamerId).then((result: pg.QueryResult) => result.rows[0]['userid']);
|
||||
if (request.session.user.id != streamerid) {
|
||||
response.status(401);
|
||||
response.send("You are not the streamer");
|
||||
return;
|
||||
}
|
||||
if (!request.body.url) {
|
||||
response.status(400);
|
||||
response.send("Missing url");
|
||||
|
|
@ -119,6 +143,7 @@ app.post("/api/updateRequestScore", async (request, response) => { // TODO: Stre
|
|||
}
|
||||
var url = request.body.url as string;
|
||||
var scoreDiff = parseInt(request.body.scoreDiff as string, 10);
|
||||
response.type('text/plain');
|
||||
requests.updateRequestScore(url,scoreDiff).then((val: [number,string]) => {
|
||||
response.status(val[0]);
|
||||
response.send(val[1]);
|
||||
|
|
@ -126,14 +151,26 @@ app.post("/api/updateRequestScore", async (request, response) => { // TODO: Stre
|
|||
.catch((e: any) => errorHandler(request,response,e));
|
||||
});
|
||||
|
||||
app.post("/api/deleteRequest", async (request, response) => { // TODO: Streamer auth
|
||||
response.type('text/plain');
|
||||
app.post("/api/deleteRequest", async (request, response) => {
|
||||
if (request.session) await validateApiToken(request.session);
|
||||
if (!request.session || !request.session.user) {
|
||||
response.status(401);
|
||||
response.send("Must be logged in");
|
||||
return;
|
||||
}
|
||||
var streamerid = await db.query(queries.getStreamerId).then((result: pg.QueryResult) => result.rows[0]['userid']);
|
||||
if (request.session.user.id != streamerid) {
|
||||
response.status(401);
|
||||
response.send("You are not the streamer");
|
||||
return;
|
||||
}
|
||||
if (!request.body.url) {
|
||||
response.status(400);
|
||||
response.send("Missing url");
|
||||
return;
|
||||
}
|
||||
var url = request.body.url as string;
|
||||
response.type('text/plain');
|
||||
requests.deleteRequest(url).then((val: [number,string]) => {
|
||||
response.status(val[0]);
|
||||
response.send(val[1]);
|
||||
|
|
@ -204,28 +241,17 @@ app.get("/callback", async (request, response) => {
|
|||
if (typeof tokenResponse == 'undefined') throw new Error('tokenResponse is undefined');
|
||||
request.session.tokenpair = { access_token: tokenResponse.access_token, refresh_token: tokenResponse.refresh_token };
|
||||
request.session.user = (await twitch.apiRequest(request.session.tokenpair,"/users")).data[0];
|
||||
const updateUserQuery = {
|
||||
name: "updateUser",
|
||||
text: "INSERT INTO users (userid,displayName,imageUrl) VALUES ($1,$2,$3)\
|
||||
ON CONFLICT (userid) DO UPDATE SET displayName = $2, imageUrl = $3"
|
||||
}
|
||||
var query = Object.assign(updateUserQuery,{ values: [request.session.user.id,request.session.user.display_name,request.session.user.profile_image_url] });
|
||||
var query = Object.assign(queries.updateUser,{ values: [request.session.user.id,request.session.user.display_name,request.session.user.profile_image_url] });
|
||||
db.query(query);
|
||||
var streamerid = await db.query(queries.getStreamerId).then((result: pg.QueryResult) => result.rows[0]['userid']);
|
||||
if (typeof (tokenResponse as any).scope != 'undefined') { // Scopes requested - update streamer info
|
||||
const getStreamerIdQuery = {
|
||||
name: "getStreamerId",
|
||||
text: "SELECT userid FROM streamer"
|
||||
}
|
||||
var streamerid = await db.query(getStreamerIdQuery).then((result: pg.QueryResult) => result.rows[0]['userid']);
|
||||
if (request.session.user.id == streamerid) {
|
||||
const updateStreamerQuery = {
|
||||
name: "updateStreamer",
|
||||
text: "INSERT INTO streamer (userid,tokenPair) VALUES ($1,$2)\
|
||||
ON CONFLICT (userid) DO UPDATE SET tokenPair = $2"
|
||||
}
|
||||
var query = Object.assign(updateStreamerQuery,{ values: [request.session.user.id,JSON.stringify(request.session.tokenpair)] });
|
||||
var query = Object.assign(queries.updateStreamer,{ values: [request.session.user.id,JSON.stringify(request.session.tokenpair)] });
|
||||
db.query(query);
|
||||
}
|
||||
} else if (request.session.user.id == streamerid) {
|
||||
response.redirect(307, `https://id.twitch.tv/oauth2/authorize?client_id=${config.twitchClientId}&redirect_uri=${config.urlPrefix}/callback&response_type=code&scope=channel:read:subscriptions moderation:read`);
|
||||
return;
|
||||
}
|
||||
response.redirect(307, '/');
|
||||
});
|
||||
|
|
@ -233,11 +259,7 @@ app.get("/callback", async (request, response) => {
|
|||
// Frontend templates
|
||||
app.get("/", async (request, response) => {
|
||||
if (request.session) await validateApiToken(request.session);
|
||||
const getStreamerInfoQuery = {
|
||||
name: "getStreamerInfo",
|
||||
text: "SELECT displayname,imageurl FROM streamer_user_vw"
|
||||
}
|
||||
var streamerInfo = await db.query(getStreamerInfoQuery).then((result: pg.QueryResult) => result.rows[0]);;
|
||||
var streamerInfo = await db.query(queries.getStreamerInfo).then((result: pg.QueryResult) => result.rows[0]);
|
||||
if (!request.session || !request.session.user) {
|
||||
response.render('main.eta', {
|
||||
loggedIn: false,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue