Add auth and blacklist APIs

2017-11-11 12:18:13 -08:00
parent cc70428986
commit 0e1f26849b
35 changed files with 1166 additions and 339 deletions
--- a/server/actions/addToBlacklist.js
+++ b/server/actions/addToBlacklist.js
@ -0,0 +1,48 @@
+const validateNpmPackageName = require('validate-npm-package-name')
+const BlacklistAPI = require('../BlacklistAPI')
+
+function addToBlacklist(req, res) {
+  const packageName = req.body.packageName
+
+  if (!packageName) {
+    return res
+      .status(403)
+      .send({ error: 'Missing "packageName" body parameter' })
+  }
+
+  const nameErrors = validateNpmPackageName(packageName).errors
+
+  // Disallow invalid package names.
+  if (nameErrors) {
+    const reason = nameErrors.join(', ')
+    return res.status(403).send({
+      error: `Invalid package name "${packageName}" (${reason})`
+    })
+  }
+
+  BlacklistAPI.addPackage(packageName).then(
+    added => {
+      if (added) {
+        const userId = req.user.jti
+        console.log(
+          `Package "${packageName}" was added to the blacklist by ${userId}`
+        )
+      }
+
+      res.set({ 'Content-Location': `/_blacklist/${packageName}` }).send({
+        ok: true,
+        message: `Package "${packageName}" was ${added
+          ? 'added to'
+          : 'already in'} the blacklist`
+      })
+    },
+    error => {
+      console.error(error)
+      res.status(500).send({
+        error: `Unable to add "${packageName}" to the blacklist`
+      })
+    }
+  )
+}
+
+module.exports = addToBlacklist
--- a/server/actions/createAuth.js
+++ b/server/actions/createAuth.js
@ -0,0 +1,24 @@
+const AuthAPI = require('../AuthAPI')
+
+const DefaultScopes = {
+  blacklist: {
+    read: true
+  }
+}
+
+function createAuth(req, res) {
+  AuthAPI.createToken(DefaultScopes).then(
+    token => {
+      res.send({ token })
+    },
+    error => {
+      console.error(error)
+
+      res.status(500).send({
+        error: 'Unable to generate auth token'
+      })
+    }
+  )
+}
+
+module.exports = createAuth
--- a/server/actions/removeFromBlacklist.js
+++ b/server/actions/removeFromBlacklist.js
@ -0,0 +1,42 @@
+const validateNpmPackageName = require('validate-npm-package-name')
+const BlacklistAPI = require('../BlacklistAPI')
+
+function removeFromBlacklist(req, res) {
+  const packageName = req.params.packageName
+
+  const nameErrors = validateNpmPackageName(packageName).errors
+
+  // Disallow invalid package names.
+  if (nameErrors) {
+    const reason = nameErrors.join(', ')
+    return res.status(403).send({
+      error: `Invalid package name "${packageName}" (${reason})`
+    })
+  }
+
+  BlacklistAPI.removePackage(packageName).then(
+    removed => {
+      if (removed) {
+        const userId = req.user.jti
+        console.log(
+          `Package "${packageName}" was removed from the blacklist by ${userId}`
+        )
+      }
+
+      res.send({
+        ok: true,
+        message: `Package "${packageName}" was ${removed
+          ? 'removed from'
+          : 'not in'} the blacklist`
+      })
+    },
+    error => {
+      console.error(error)
+      res.status(500).send({
+        error: `Unable to remove "${packageName}" from the blacklist`
+      })
+    }
+  )
+}
+
+module.exports = removeFromBlacklist
--- a/server/actions/showAuth.js
+++ b/server/actions/showAuth.js
@ -0,0 +1,5 @@
+function showAuth(req, res) {
+  res.send({ auth: req.user })
+}
+
+module.exports = showAuth
--- a/server/actions/showBlacklist.js
+++ b/server/actions/showBlacklist.js
@ -0,0 +1,17 @@
+const BlacklistAPI = require('../BlacklistAPI')
+
+function showBlacklist(req, res) {
+  BlacklistAPI.getPackages().then(
+    blacklist => {
+      res.send({ blacklist })
+    },
+    error => {
+      console.error(error)
+      res.status(500).send({
+        error: 'Unable to fetch blacklist'
+      })
+    }
+  )
+}
+
+module.exports = showBlacklist
--- a/server/actions/showPublicKey.js
+++ b/server/actions/showPublicKey.js
@ -0,0 +1,7 @@
+const AuthAPI = require('../AuthAPI')
+
+function showPublicKey(req, res) {
+  res.type('text').send(AuthAPI.getPublicKey())
+}
+
+module.exports = showPublicKey
--- a/server/actions/showStats.js
+++ b/server/actions/showStats.js
@ -0,0 +1,62 @@
+const subDays = require('date-fns/sub_days')
+const startOfDay = require('date-fns/start_of_day')
+const startOfSecond = require('date-fns/start_of_second')
+const StatsAPI = require('../StatsAPI')
+
+function showStats(req, res) {
+  let since, until
+  switch (req.query.period) {
+    case 'last-day':
+      until = startOfDay(new Date())
+      since = subDays(until, 1)
+      break
+    case 'last-week':
+      until = startOfDay(new Date())
+      since = subDays(until, 7)
+      break
+    case 'last-month':
+      until = startOfDay(new Date())
+      since = subDays(until, 30)
+      break
+    default:
+      until = req.query.until
+        ? new Date(req.query.until)
+        : startOfSecond(new Date())
+      since = new Date(req.query.since)
+  }
+
+  if (isNaN(since.getTime())) {
+    return res.status(403).send({ error: '?since is not a valid date' })
+  }
+
+  if (isNaN(until.getTime())) {
+    return res.status(403).send({ error: '?until is not a valid date' })
+  }
+
+  if (until <= since) {
+    return res
+      .status(403)
+      .send({ error: '?until date must come after ?since date' })
+  }
+
+  if (until >= new Date()) {
+    return res.status(403).send({ error: '?until must be a date in the past' })
+  }
+
+  StatsAPI.getStats(since, until).then(
+    stats => {
+      res
+        .set({
+          'Cache-Control': 'public, max-age=60',
+          'Cache-Tag': 'stats'
+        })
+        .send(stats)
+    },
+    error => {
+      console.error(error)
+      res.status(500).send({ error: 'Unable to fetch stats' })
+    }
+  )
+}
+
+module.exports = showStats