diff --git a/src/entities/BaseRequestsHandler.ts b/src/entities/BaseRequestsHandler.ts index d2d281d..208fc28 100644 --- a/src/entities/BaseRequestsHandler.ts +++ b/src/entities/BaseRequestsHandler.ts @@ -5,7 +5,15 @@ */ import { UserHelper } from "../helpers/UserHelper"; -import { removeHTMLNodes, checkMail } from "../utils/StringUtils"; +import { removeHTMLNodes, checkMail, checkURL } from "../utils/StringUtils"; +import { FriendsHelper } from "../helpers/FriendsHelper"; +import { AccountHelper } from "../helpers/AccountHelper"; +import { GroupsHelper } from "../helpers/GroupsHelper"; +import { GroupsAccessLevel } from "./Group"; +import { PostsHelper } from "../helpers/PostsHelper"; +import { PostAccessLevel } from "./Post"; +import { CommentsHelper } from "../helpers/CommentsHelper"; +import { checkVirtualDirectory } from "../utils/VirtualDirsUtils"; export abstract class BaseRequestsHandler { @@ -221,4 +229,162 @@ export abstract class BaseRequestsHandler { return userID; } + + /** + * Get the ID of a friend included in a POST request + * + * @param name Name of the POST field + */ + public async postFriendId(name: string) : Promise { + const friendID = await this.postUserId(name); + + if(!await FriendsHelper.AreFriend(this.getUserId(), friendID)) + this.error(401, "You are not friend with this personn!"); + + return friendID; + } + + /** + * Find user ID based on its email address, included in a POST request + * + * @param name The name of the POST field containing the email address of the user + */ + public async postUserIdFromEmail(name: string) : Promise { + const email = this.postEmail(name); + const userID = await AccountHelper.FindIDFromEmail(email); + + if(userID < 1) + this.error(404, "Email not found!"); + + return userID; + } + + /** + * Get a POST group ID + * + * @param name The name of the POST field + */ + public async postGroupID(name: string) : Promise { + const groupID = this.postInt(name); + + if(!await GroupsHelper.Exists(groupID)) + this.error(404, "Specified group not found!"); + + return groupID; + } + + /** + * Get a POST group ID with a check for access level of current user + * + * @param name The name of the POST field containing group ID + * @param minVisibility Minimum visiblity requested to the group + * @returns The ID of the group (throws in case of failure) + */ + public async postGroupIDWithAccess(name: string, minVisibility : GroupsAccessLevel) : Promise { + const groupID = await this.postGroupID(name); + + const access = await GroupsHelper.GetAccessLevel(groupID, this.optionnalUserID); + + if(access == GroupsAccessLevel.NO_ACCESS) + this.error(404, "Specified group not found!"); + + if(access < minVisibility) + this.error(401, "You do not have enough rights to perform what you intend to do on this group!"); + + return groupID; + } + + /** + * Get the ID of post included in a POST request + * + * @param name The name of the POST field containing the id of the target post + */ + public async postPostID(name: string) : Promise { + const postID = this.postInt(name); + + if(postID < 1) + this.error(400, "Invalid post ID!"); + + if(!await PostsHelper.Exists(postID)) + this.error(404, "Specified post does not exists!"); + + return postID; + } + + /** + * Get the ID of a post a user has access to + * + * @param name The name of the POST field containing the ID of the target post + */ + public async postPostIDWithAccess(name: string, minLevel: PostAccessLevel = PostAccessLevel.BASIC_ACCESS) : Promise { + const postID = await this.postPostID(name); + + if(await PostsHelper.GetAccessLevelFromPostID(this.optionnalUserID, postID) < minLevel) + this.error(401, "Your are not allowed to access this post information!"); + + return postID; + } + + /** + * Get the ID of a comment that the user is allowed to access + * + * @param name The name of the comment field + */ + public async postCommentIDWithAccess(name: string) : Promise { + const commentID = this.postInt(name); + + if(!await CommentsHelper.Exists(commentID)) + this.error(404, "Specified comment not found!"); + + const postID = await CommentsHelper.GetAssociatedPost(commentID); + const post = await PostsHelper.GetSingle(postID); + + if(await PostsHelper.GetAccessLevel(this.getUserId(), post) == PostAccessLevel.NO_ACCESS) + this.error(401, "You are not allowed to acess this post information!"); + + return commentID; + } + + /** + * Get a virtual directory included in a POST request + * + * @param name The name of the POST variable + * @return The virtual directory, if found as valid + */ + public postVirtualDirectory(name: string) : string { + const dir = this.postString(name); + + if(!checkVirtualDirectory(dir)) + this.error(401, "Specified directory seems to be invalid!"); + + return dir; + } + + /** + * Get an URL included in a POST request + * + * @param name The name of the POST field containing + * the URL + */ + public postURL(name: string) : string { + const url = this.postString(name); + + if(!checkURL(url)) + this.error(401, "Specified URL in '"+name+"' seems to be invalid!"); + + return url; + } + + /** + * Check the user password included in the request + * + * @param postField The name of the post field + * containing user password + */ + public async needUserPostPassword(postField: string) { + const password = this.postString(postField, 3); + + if(!await AccountHelper.CheckUserPassword(this.getUserId(), password)) + this.error(401, "Invalid password!"); + } } \ No newline at end of file diff --git a/src/entities/RequestHandler.ts b/src/entities/RequestHandler.ts index 09e0acd..4a2ae50 100644 --- a/src/entities/RequestHandler.ts +++ b/src/entities/RequestHandler.ts @@ -1,20 +1,12 @@ -import { conf } from "../helpers/ConfigHelper"; -import { Response, Request } from "express"; -import { APIHelper } from "../helpers/APIHelper"; -import { APIClient } from "./APIClient"; -import { checkURL } from "../utils/StringUtils"; -import { AccountHelper } from "../helpers/AccountHelper"; +import { Request, Response } from "express"; import { UploadedFile } from "express-fileupload"; -import { prepareFileCreation, generateNewUserDataFileName, pathUserData } from "../utils/UserDataUtils"; -import * as sharp from 'sharp'; -import { GroupsAccessLevel } from "./Group"; -import { GroupsHelper } from "../helpers/GroupsHelper"; -import { checkVirtualDirectory } from "../utils/VirtualDirsUtils"; -import { FriendsHelper } from "../helpers/FriendsHelper"; -import { PostsHelper } from "../helpers/PostsHelper"; -import { PostAccessLevel } from "./Post"; import { writeFileSync } from "fs"; -import { CommentsHelper } from "../helpers/CommentsHelper"; +import * as sharp from 'sharp'; +import { AccountHelper } from "../helpers/AccountHelper"; +import { APIHelper } from "../helpers/APIHelper"; +import { conf } from "../helpers/ConfigHelper"; +import { generateNewUserDataFileName, pathUserData, prepareFileCreation } from "../utils/UserDataUtils"; +import { APIClient } from "./APIClient"; import { BaseRequestsHandler } from "./BaseRequestsHandler"; /** @@ -63,151 +55,6 @@ export class RequestHandler extends BaseRequestsHandler { return this.getPostParam(name) != undefined; } - /** - * Get the ID of a friend included in a POST request - * - * @param name Name of the POST field - */ - public async postFriendId(name: string) : Promise { - const friendID = await this.postUserId(name); - - if(!await FriendsHelper.AreFriend(this.getUserId(), friendID)) - this.error(401, "You are not friend with this personn!"); - - return friendID; - } - - /** - * Find user ID based on its email address, included in a POST request - * - * @param name The name of the POST field containing the email address of the user - */ - public async postUserIdFromEmail(name: string) : Promise { - const email = this.postEmail(name); - const userID = await AccountHelper.FindIDFromEmail(email); - - if(userID < 1) - this.error(404, "Email not found!"); - - return userID; - } - - /** - * Get a POST group ID - * - * @param name The name of the POST field - */ - public async postGroupID(name: string) : Promise { - const groupID = this.postInt(name); - - if(!await GroupsHelper.Exists(groupID)) - this.error(404, "Specified group not found!"); - - return groupID; - } - - /** - * Get a POST group ID with a check for access level of current user - * - * @param name The name of the POST field containing group ID - * @param minVisibility Minimum visiblity requested to the group - * @returns The ID of the group (throws in case of failure) - */ - public async postGroupIDWithAccess(name: string, minVisibility : GroupsAccessLevel) : Promise { - const groupID = await this.postGroupID(name); - - const access = await GroupsHelper.GetAccessLevel(groupID, this.optionnalUserID); - - if(access == GroupsAccessLevel.NO_ACCESS) - this.error(404, "Specified group not found!"); - - if(access < minVisibility) - this.error(401, "You do not have enough rights to perform what you intend to do on this group!"); - - return groupID; - } - - /** - * Get the ID of post included in a POST request - * - * @param name The name of the POST field containing the id of the target post - */ - public async postPostID(name: string) : Promise { - const postID = this.postInt(name); - - if(postID < 1) - this.error(400, "Invalid post ID!"); - - if(!await PostsHelper.Exists(postID)) - this.error(404, "Specified post does not exists!"); - - return postID; - } - - /** - * Get the ID of a post a user has access to - * - * @param name The name of the POST field containing the ID of the target post - */ - public async postPostIDWithAccess(name: string, minLevel: PostAccessLevel = PostAccessLevel.BASIC_ACCESS) : Promise { - const postID = await this.postPostID(name); - - if(await PostsHelper.GetAccessLevelFromPostID(this.optionnalUserID, postID) < minLevel) - this.error(401, "Your are not allowed to access this post information!"); - - return postID; - } - - /** - * Get the ID of a comment that the user is allowed to access - * - * @param name The name of the comment field - */ - public async postCommentIDWithAccess(name: string) : Promise { - const commentID = this.postInt(name); - - if(!await CommentsHelper.Exists(commentID)) - this.error(404, "Specified comment not found!"); - - const postID = await CommentsHelper.GetAssociatedPost(commentID); - const post = await PostsHelper.GetSingle(postID); - - if(await PostsHelper.GetAccessLevel(this.getUserId(), post) == PostAccessLevel.NO_ACCESS) - this.error(401, "You are not allowed to acess this post information!"); - - return commentID; - } - - /** - * Get a virtual directory included in a POST request - * - * @param name The name of the POST variable - * @return The virtual directory, if found as valid - */ - public postVirtualDirectory(name: string) : string { - const dir = this.postString(name); - - if(!checkVirtualDirectory(dir)) - this.error(401, "Specified directory seems to be invalid!"); - - return dir; - } - - /** - * Get an URL included in a POST request - * - * @param name The name of the POST field containing - * the URL - */ - public postURL(name: string) : string { - const url = this.postString(name); - - if(!checkURL(url)) - this.error(401, "Specified URL in '"+name+"' seems to be invalid!"); - - return url; - } - /** * Get information about an uploaded file * @@ -349,19 +196,6 @@ export class RequestHandler extends BaseRequestsHandler { this.error(412, "Please check your login tokens!"); } - /** - * Check the user password included in the request - * - * @param postField The name of the post field - * containing user password - */ - public async needUserPostPassword(postField: string) { - const password = this.postString(postField, 3); - - if(!await AccountHelper.CheckUserPassword(this.getUserId(), password)) - this.error(401, "Invalid password!"); - } - /** * Get information about API client */