dashboard: auth fixes, guild listing, config editing

src/api/auth.ts

@@ -59,13 +59,12 @@ export function initAuth(app: express.Express) {
   passport.use(
     "api-token",
     new CustomStrategy(async (req, cb) => {
-      console.log("in api-token strategy");
       const apiKey = req.header("X-Api-Key");
       if (!apiKey) return cb();
 
       const userId = await dashboardLogins.getUserIdByApiKey(apiKey);
       if (userId) {
-        cb(null, { userId });
+        return cb(null, { userId });
       }
 
       cb();
@@ -111,9 +110,15 @@ export function initAuth(app: express.Express) {
 
     const userId = await dashboardLogins.getUserIdByApiKey(key);
     if (!userId) {
-      return res.status(403).json({ error: "Invalid key" });
+      return res.json({ valid: false });
     }
 
-    res.json({ status: "ok" });
+    res.json({ valid: true });
+  });
+}
+
+export function requireAPIToken(router: express.Router) {
+  router.use(passport.authenticate("api-token", { failWithError: true }), (err, req, res, next) => {
+    return res.json({ error: err.message });
   });
 }

src/api/guilds.ts

@@ -1,15 +1,43 @@
 import express from "express";
 import passport from "passport";
 import { AllowedGuilds } from "../data/AllowedGuilds";
+import { requireAPIToken } from "./auth";
+import { DashboardUsers } from "../data/DashboardUsers";
+import { clientError, ok, unauthorized } from "./responses";
+import { Configs } from "../data/Configs";
+import { DashboardRoles } from "../data/DashboardRoles";
 
 export function initGuildsAPI(app: express.Express) {
   const guildAPIRouter = express.Router();
-  guildAPIRouter.use(passport.authenticate("api-token"));
+  requireAPIToken(guildAPIRouter);
 
   const allowedGuilds = new AllowedGuilds();
+  const dashboardUsers = new DashboardUsers();
+  const configs = new Configs();
 
   guildAPIRouter.get("/guilds/available", async (req, res) => {
     const guilds = await allowedGuilds.getForDashboardUser(req.user.userId);
-    res.end(guilds);
+    res.json(guilds);
   });
+
+  guildAPIRouter.get("/guilds/:guildId/config", async (req, res) => {
+    const dbUser = await dashboardUsers.getByGuildAndUserId(req.params.guildId, req.user.userId);
+    if (!dbUser) return unauthorized(res);
+
+    const config = await configs.getActiveByKey(`guild-${req.params.guildId}`);
+    res.json({ config: config ? config.config : "" });
+  });
+
+  guildAPIRouter.post("/guilds/:guildId/config", async (req, res) => {
+    const dbUser = await dashboardUsers.getByGuildAndUserId(req.params.guildId, req.user.userId);
+    if (!dbUser || DashboardRoles[dbUser.role] < DashboardRoles.Editor) return unauthorized(res);
+
+    const config = req.body.config;
+    if (config == null) return clientError(res, "No config supplied");
+
+    await configs.saveNewRevision(`guild-${req.params.guildId}`, config, req.user.userId);
+    ok(res);
+  });
+
+  app.use(guildAPIRouter);
 }

src/api/index.ts

@@ -20,6 +20,11 @@ connect().then(() => {
   initAuth(app);
   initGuildsAPI(app);
 
+  app.use((err, req, res, next) => {
+    res.status(err.status || 500);
+    res.json({ error: err.message });
+  });
+
   app.get("/", (req, res) => {
     res.end({ status: "cookies" });
   });

src/api/responses.ts

@@ -0,0 +1,13 @@
+import { Response } from "express";
+
+export function unauthorized(res: Response) {
+  res.status(403).json({ error: "Unauthorized" });
+}
+
+export function clientError(res: Response, message: string) {
+  res.status(400).json({ error: message });
+}
+
+export function ok(res: Response) {
+  res.json({ result: "ok" });
+}

src/data/DashboardUsers.ts

@@ -9,4 +9,13 @@ export class DashboardUsers extends BaseRepository {
     super();
     this.dashboardUsers = getRepository(DashboardUser);
   }
+
+  getByGuildAndUserId(guildId, userId) {
+    return this.dashboardUsers.findOne({
+      where: {
+        guild_id: guildId,
+        user_id: userId,
+      },
+    });
+  }
 }