From 751a876360af812a7177d20a1ff6920c78a52aa8 Mon Sep 17 00:00:00 2001 From: Pitu Date: Sun, 29 Jan 2017 22:17:49 -0300 Subject: [PATCH] Updated albumsController to use new auth --- controllers/albumsController.js | 139 +++++++++++++++++++------------- 1 file changed, 81 insertions(+), 58 deletions(-) diff --git a/controllers/albumsController.js b/controllers/albumsController.js index 8b5b5dd..f25f124 100644 --- a/controllers/albumsController.js +++ b/controllers/albumsController.js @@ -5,93 +5,116 @@ let albumsController = {} albumsController.list = function(req, res, next){ - if(req.headers.auth !== config.adminToken) - return res.status(401).json({ success: false, description: 'not-authorized'}) + let token = req.headers.token + if(token === undefined) return res.status(401).json({ success: false, description: 'No token provided' }) - let fields = ['id', 'name'] + db.table('users').where('token', token).then((user) => { + if(user.length === 0) return res.status(401).json({ success: false, description: 'Invalid token'}) - if(req.params.sidebar === undefined) - fields.push('timestamp') - - db.table('albums').select(fields).where('enabled', 1).then((albums) => { + let fields = ['id', 'name'] + + if(req.params.sidebar === undefined) + fields.push('timestamp') - if(req.params.sidebar !== undefined) - return res.json({ success: true, albums }) - - let ids = [] - for(let album of albums){ - album.date = new Date(album.timestamp * 1000) - album.date = album.date.getFullYear() + '-' + (album.date.getMonth() + 1) + '-' + album.date.getDate() + ' ' + (album.date.getHours() < 10 ? '0' : '') + album.date.getHours() + ':' + (album.date.getMinutes() < 10 ? '0' : '') + album.date.getMinutes() + ':' + (album.date.getSeconds() < 10 ? '0' : '') + album.date.getSeconds() - - ids.push(album.id) - } - - db.table('files').whereIn('albumid', ids).select('albumid').then((files) => { - - let albumsCount = {} + db.table('albums').select(fields).where({enabled: 1, userid: user.id}).then((albums) => { - for(let id of ids) albumsCount[id] = 0 - for(let file of files) albumsCount[file.albumid] += 1 - for(let album of albums) album.files = albumsCount[album.id] + if(req.params.sidebar !== undefined) + return res.json({ success: true, albums }) - return res.json({ success: true, albums }) + let ids = [] + for(let album of albums){ + album.date = new Date(album.timestamp * 1000) + album.date = album.date.getFullYear() + '-' + (album.date.getMonth() + 1) + '-' + album.date.getDate() + ' ' + (album.date.getHours() < 10 ? '0' : '') + album.date.getHours() + ':' + (album.date.getMinutes() < 10 ? '0' : '') + album.date.getMinutes() + ':' + (album.date.getSeconds() < 10 ? '0' : '') + album.date.getSeconds() + + ids.push(album.id) + } + + db.table('files').whereIn('albumid', ids).select('albumid').then((files) => { + + let albumsCount = {} + + for(let id of ids) albumsCount[id] = 0 + for(let file of files) albumsCount[file.albumid] += 1 + for(let album of albums) album.files = albumsCount[album.id] + + return res.json({ success: true, albums }) + }).catch(function(error) { console.log(error); res.json({success: false, description: 'error'}) }) }).catch(function(error) { console.log(error); res.json({success: false, description: 'error'}) }) }).catch(function(error) { console.log(error); res.json({success: false, description: 'error'}) }) + } albumsController.create = function(req, res, next){ - if(req.headers.auth !== config.adminToken) - return res.status(401).json({ success: false, description: 'not-authorized'}) + let token = req.headers.token + if(token === undefined) return res.status(401).json({ success: false, description: 'No token provided' }) - let name = req.body.name - if(name === undefined || name === '') - return res.json({ success: false, description: 'No album name specified' }) + db.table('users').where('token', token).then((user) => { + if(user.length === 0) return res.status(401).json({ success: false, description: 'Invalid token'}) - db.table('albums').where('name', name).where('enabled', 1).then((album) => { - if(album.length !== 0) return res.json({ success: false, description: 'There\'s already an album with that name' }) + let name = req.body.name + if(name === undefined || name === '') + return res.json({ success: false, description: 'No album name specified' }) - db.table('albums').insert({ - name: name, + db.table('albums').where({ + name: name, enabled: 1, - timestamp: Math.floor(Date.now() / 1000) - }).then(() => { - return res.json({ success: true }) - }) + userid: user.id + }).then((album) => { + if(album.length !== 0) return res.json({ success: false, description: 'There\'s already an album with that name' }) + + db.table('albums').insert({ + name: name, + enabled: 1, + userid: user.id, + timestamp: Math.floor(Date.now() / 1000) + }).then(() => { + return res.json({ success: true }) + }) + }).catch(function(error) { console.log(error); res.json({success: false, description: 'error'}) }) }).catch(function(error) { console.log(error); res.json({success: false, description: 'error'}) }) + + } albumsController.delete = function(req, res, next){ - if(req.headers.auth !== config.adminToken) - return res.status(401).json({ success: false, description: 'not-authorized'}) + let token = req.headers.token + if(token === undefined) return res.status(401).json({ success: false, description: 'No token provided' }) - let id = req.body.id - if(id === undefined || id === '') - return res.json({ success: false, description: 'No album specified' }) + db.table('users').where('token', token).then((user) => { + if(user.length === 0) return res.status(401).json({ success: false, description: 'Invalid token'}) - db.table('albums').where('id', id).update({ enabled: 0 }).then(() => { - return res.json({ success: true }) + let id = req.body.id + if(id === undefined || id === '') + return res.json({ success: false, description: 'No album specified' }) + + db.table('albums').where({id: id, userid: user.id}).update({ enabled: 0 }).then(() => { + return res.json({ success: true }) + }).catch(function(error) { console.log(error); res.json({success: false, description: 'error'}) }) }).catch(function(error) { console.log(error); res.json({success: false, description: 'error'}) }) } albumsController.rename = function(req, res, next){ - if(req.headers.auth !== config.adminToken) - return res.status(401).json({ success: false, description: 'not-authorized'}) + let token = req.headers.token + if(token === undefined) return res.status(401).json({ success: false, description: 'No token provided' }) - let id = req.body.id - if(id === undefined || id === '') - return res.json({ success: false, description: 'No album specified' }) + db.table('users').where('token', token).then((user) => { + if(user.length === 0) return res.status(401).json({ success: false, description: 'Invalid token'}) - let name = req.body.name - if(name === undefined || name === '') - return res.json({ success: false, description: 'No name specified' }) + let id = req.body.id + if(id === undefined || id === '') + return res.json({ success: false, description: 'No album specified' }) - db.table('albums').where('name', name).then((results) => { - if(results.length !== 0) - return res.json({ success: false, description: 'Name already in use' }) + let name = req.body.name + if(name === undefined || name === '') + return res.json({ success: false, description: 'No name specified' }) - db.table('albums').where('id', id).update({ name: name }).then(() => { - return res.json({ success: true }) + db.table('albums').where({name: name, userid: user.id}).then((results) => { + if(results.length !== 0) return res.json({ success: false, description: 'Name already in use' }) + + db.table('albums').where({id: id, userid: user.id}).update({ name: name }).then(() => { + return res.json({ success: true }) + }).catch(function(error) { console.log(error); res.json({success: false, description: 'error'}) }) }).catch(function(error) { console.log(error); res.json({success: false, description: 'error'}) }) }).catch(function(error) { console.log(error); res.json({success: false, description: 'error'}) })