From 499dd1b3076a5ce171730f89f327eb2428921218 Mon Sep 17 00:00:00 2001
From: alex <alex@alexloehr.net>
Date: Tue, 03 Jun 2025 15:06:07 +0000
Subject: [PATCH] adding API Token Management
---
app.js | 94 +++++++++++++++++++++++++++++++++++++++++++++-
1 files changed, 91 insertions(+), 3 deletions(-)
diff --git a/app.js b/app.js
index c286d4b..7507ec0 100644
--- a/app.js
+++ b/app.js
@@ -1,3 +1,4 @@
+const path = require("path")
const fastify = require('fastify')({
logger: true
})
@@ -8,10 +9,17 @@
/////////////////////////////////////////////////////////////////////////
+fastify.register(require('@fastify/static'), {
+ root: path.join(__dirname, 'vue/dist'),
+ prefix: '/ui/', // optional: default '/'
+ // constraints: { host: 'example.com' } // optional: default {}
+})
+
// AUTH
fastify.addHook("onRequest", async (req, res) => {
+ console.log(req.url)
const token = req.query.token
- if (token !== settings.authtoken) {
+ if (token !== settings.authtoken && !req.url.startsWith("/ui/")) {
console.error("# AUTH ERROR #", token)
await promiseDelay(500) // delay response to avoid denial of service attacks
res.code(403)
@@ -21,6 +29,7 @@
})
fastify
+ /////// USER ////////////////////////////////////////////////////////////////
.get('/users', async function (req, res) {
const {offset, limit} = req.query
const users = await db.getUsers(offset, limit)
@@ -42,6 +51,9 @@
})
.get("/user/userid/:userid", async function (req, res) {
const {userid} = req.params
+ if(!userid || isNaN(Number(userid))) {
+ return res.code(500).send({status: "error", msg: "userid error"})
+ }
const user = await db.getUserByUserId(userid)
if (user) {
return res.send(user)
@@ -51,10 +63,86 @@
}
})
+ /////// ref_id / obj_id ////////////////////////////////////////////////////////////////
+
+ .get("/ref_id/:ref_id", async function (req, res) {
+ const {ref_id} = req.params
+ const data = await db.getObjIdFromRefId(ref_id)
+ if (data) {
+ return res.send(data)
+ }
+ else {
+ return res.code(404).send({status: "error", msg: "not found"})
+ }
+ })
+ .get("/obj_id/:obj_id", async function (req, res) {
+ const {obj_id} = req.params
+ let data = await db.getRefIdFromObjId(obj_id)
+ if (data) {
+ return res.send(data)
+ }
+ else {
+ return res.code(404).send({status: "error", msg: "not found"})
+ }
+ })
+
+ /////// Kurs ////////////////////////////////////////////////////////////////
+ .get("/kurs", async function (req, res) {
+ let data = await db.getKurse()
+ if (data) {
+ return res.send(data)
+ }
+ else {
+ return res.code(404).send({status: "error", msg: "not found"})
+ }
+ })
+ .get("/kurs/:refId", async function (req, res) {
+ const {refId} = req.params
+ let data = await db.getKurs(refId)
+ if (data) {
+ return res.send(data)
+ }
+ else {
+ return res.code(404).send({status: "error", msg: "not found"})
+ }
+ })
+ .get("/kurs/items/:refId", async function (req, res) {
+ const {refId} = req.params
+ let data = await db.getKursItems(refId)
+ if (data) {
+ return res.send(data)
+ }
+ else {
+ return res.code(404).send({status: "error", msg: "not found"})
+ }
+ })
+ .get("/kurs/teilnehmer/:refId", async function (req, res) {
+ const {refId} = req.params
+ let data = await db.getKursTeilnehmer(refId)
+ if (data) {
+ return res.send(data)
+ }
+ else {
+ return res.code(404).send({status: "error", msg: "not found"})
+ }
+ })
+ .get("/kurs/teilnehmer/:refId/count", async function (req, res) {
+ const {refId} = req.params
+ let data = await db.getKursTeilnehmerCount(refId)
+ if (data) {
+ return res.send(data)
+ }
+ else {
+ return res.code(404).send({status: "error", msg: "not found"})
+ }
+ })
+
+
/////////////////////////////////////////////////////////////////////////
fastify.listen({port: settings.port}, function (err, address) {
+ console.log("📡 -=> Listening on", address)
if (err) {
fastify.log.error(err)
process.exit(1)
@@ -64,6 +152,6 @@
/////////////////////////////////////////////////////////////////////////
-async function promiseDelay(ms) {
- return new Promise(resolve => setTimeout(resolve, ms))
+async function promiseDelay (ms) {
+ return new Promise(resolve => setTimeout(resolve, ms))
}
--
Gitblit v1.8.0