From bf27f46986dce46a6b1e30a314c45ddde9263d81 Mon Sep 17 00:00:00 2001
From: alex <alex@alexloehr.net>
Date: Mon, 26 May 2025 14:39:48 +0000
Subject: [PATCH] update doc

---
 app.js |   35 ++++++++++++++++++++++++++++-------
 1 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/app.js b/app.js
index e0d7ec2..c286d4b 100644
--- a/app.js
+++ b/app.js
@@ -1,21 +1,36 @@
 const fastify = require('fastify')({
    logger: true
 })
+const _ = require("lodash")
 const db = require("./lib/db")
+
+const settings = require("./settings")
 
 /////////////////////////////////////////////////////////////////////////
 
+// AUTH
+fastify.addHook("onRequest", async (req, res) => {
+   const token = req.query.token
+   if (token !== settings.authtoken) {
+      console.error("# AUTH ERROR #", token)
+      await promiseDelay(500) // delay response to avoid denial of service attacks
+      res.code(403)
+      return res.send({status: "error", error: "access denied"})
+   }
+   else {}
+})
+
 fastify
-   .get('/api/users', async function (req, res) {
+   .get('/users', async function (req, res) {
       const {offset, limit} = req.query
       const users = await db.getUsers(offset, limit)
       return res.send(users)
    })
-   .get("/api/users/count", async function (req, res) {
+   .get("/users/count", async function (req, res) {
       const count = await db.getUserCount()
       return res.send(count)
    })
-   .get("/api/user/login/:login", async function (req, res) {
+   .get("/user/login/:login", async function (req, res) {
       const {login} = req.params
       const user = await db.getUserByLogin(login)
       if (user.length) {
@@ -25,11 +40,11 @@
          return res.code(404).send({status: "error", msg: "not found"})
       }
    })
-   .get("/api/user/userid/:userid", async function (req, res) {
+   .get("/user/userid/:userid", async function (req, res) {
       const {userid} = req.params
       const user = await db.getUserByUserId(userid)
-      if (user.length) {
-         return res.send(user[0])
+      if (user) {
+         return res.send(user)
       }
       else {
          return res.code(404).send({status: "error", msg: "not found"})
@@ -39,10 +54,16 @@
 
 /////////////////////////////////////////////////////////////////////////
 
-fastify.listen({port: 4101}, function (err, address) {
+fastify.listen({port: settings.port}, function (err, address) {
    if (err) {
       fastify.log.error(err)
       process.exit(1)
    }
    // Server is now listening on ${address}
 })
+
+/////////////////////////////////////////////////////////////////////////
+
+async function promiseDelay(ms) {
+    return new Promise(resolve => setTimeout(resolve, ms))
+}

--
Gitblit v1.8.0