From cb6aa8d1cb74ef8264f02f2e174a07e785d98b73 Mon Sep 17 00:00:00 2001 From: eranshmil Date: Fri, 15 Mar 2019 23:55:56 +0200 Subject: [PATCH] refactor: send reporter key in auth header --- src/controllers/user-statuses-controller.ts | 22 +++++++++++++++++---- src/data/report.ts | 8 ++++---- src/data/reporters.ts | 4 ++++ src/models/authenticated-request.model.ts | 16 --------------- src/models/index.ts | 1 - src/models/user-status.model.ts | 10 +++++----- src/security/authentication.ts | 13 +++++------- 7 files changed, 36 insertions(+), 38 deletions(-) delete mode 100644 src/models/authenticated-request.model.ts diff --git a/src/controllers/user-statuses-controller.ts b/src/controllers/user-statuses-controller.ts index cf49092..2f3962b 100644 --- a/src/controllers/user-statuses-controller.ts +++ b/src/controllers/user-statuses-controller.ts @@ -1,7 +1,18 @@ -import { Body, Controller, Query, Get, Post, Response, Route, Security, Tags } from 'tsoa'; +import { + Body, + Controller, + Query, + Get, + Post, + Response, + Route, + Security, + Tags, + Header +} from 'tsoa'; import { getUserStatusMap, createNewReport } from '../data'; -import { Platform, UserStatusMap, Status, Cache } from '../core'; +import { Platform, UserStatusMap, Cache } from '../core'; import { UserStatus } from '../models'; const usersCache = new Cache( @@ -53,7 +64,10 @@ export class UserStatusesController extends Controller { @Response(401, 'Authentication fail') @Security('reporterAuth') @Post('report') - public async report(@Body() report: UserStatus): Promise { - await createNewReport(report); + public async report( + @Body() report: UserStatus, + @Header('Authorization') reporterKey: string + ): Promise { + await createNewReport(report, reporterKey); } } diff --git a/src/data/report.ts b/src/data/report.ts index eb190b9..baaa972 100644 --- a/src/data/report.ts +++ b/src/data/report.ts @@ -9,8 +9,8 @@ import { UserStatus } from '../models'; * mark report as 'DUPLICATE'. * @param report Report to create. */ -export const createNewReport = async (report: UserStatus) => { - let initialStatus: Status = Status.REPORTED; +export const createNewReport = async (report: UserStatus, reporterKey: string) => { + let status: Status = Status.REPORTED; const { platform, userId, postId, commentId, replyCommentId } = report; const userStatusRepository = getConnection().getRepository(UserStatus); @@ -42,10 +42,10 @@ export const createNewReport = async (report: UserStatus) => { } /** Mark the report as 'DUPLICATE' */ - initialStatus = Status.DUPLICATE; + status = Status.DUPLICATE; } - const userStatus = new UserStatus({ ...report, status: initialStatus }); + const userStatus = new UserStatus({ ...report, status, reporterKey }); await userStatusRepository.save(userStatus); }; diff --git a/src/data/reporters.ts b/src/data/reporters.ts index 087daaf..1a9f4b0 100644 --- a/src/data/reporters.ts +++ b/src/data/reporters.ts @@ -2,6 +2,10 @@ import { getConnection } from '../core'; import { Reporter } from '../models'; export const checkReporterKey = async (reporterKey: string): Promise => { + if (!reporterKey) { + return; + } + /** Get the record that reporterKey match *reporterKey* parameter. */ const reporterRepository = getConnection().getRepository(Reporter); const reporter = await reporterRepository.findOne({ reporterKey }); diff --git a/src/models/authenticated-request.model.ts b/src/models/authenticated-request.model.ts deleted file mode 100644 index f5f007c..0000000 --- a/src/models/authenticated-request.model.ts +++ /dev/null @@ -1,16 +0,0 @@ -import { Entity, Column } from 'typeorm'; - -/** - * Each schema that needs to authenticate the client before handling it should extend it. - */ -@Entity() -export class AuthenticatedRequest { - @Column({ name: 'reporter_key', type: 'varchar', length: 30, nullable: false }) - reporterKey: string; - - constructor(private authenticatedRequest?: Partial) { - if (authenticatedRequest) { - this.reporterKey = authenticatedRequest.reporterKey; - } - } -} diff --git a/src/models/index.ts b/src/models/index.ts index d38a53f..6e21c4a 100644 --- a/src/models/index.ts +++ b/src/models/index.ts @@ -1,3 +1,2 @@ -export * from './authenticated-request.model'; export * from './user-status.model'; export * from './reporter.model'; diff --git a/src/models/user-status.model.ts b/src/models/user-status.model.ts index 9f0fabc..95c3498 100644 --- a/src/models/user-status.model.ts +++ b/src/models/user-status.model.ts @@ -1,12 +1,10 @@ import { Entity, PrimaryGeneratedColumn, Column, Unique } from 'typeorm'; -import { AuthenticatedRequest } from './authenticated-request.model'; - import { Platform, Status, Reason } from '../core'; @Entity({ name: 'user_statuses' }) @Unique(['platform', 'userId', 'postId', 'commentId', 'replyCommentId']) -export class UserStatus extends AuthenticatedRequest { +export class UserStatus { @PrimaryGeneratedColumn() private id: number; @Column({ type: 'enum', enum: Platform, nullable: false }) @@ -33,9 +31,11 @@ export class UserStatus extends AuthenticatedRequest { @Column({ type: 'varchar', length: 200, nullable: true }) public description?: string; - constructor(private userStatus?: Partial) { - super(userStatus); + @Column({ name: 'reporter_key', type: 'varchar', length: 30, nullable: false }) + // optional for the report route validations + public reporterKey?: string; + constructor(private userStatus?: Partial) { if (userStatus) { Object.assign(this, userStatus); } diff --git a/src/security/authentication.ts b/src/security/authentication.ts index cc385d1..246b27c 100644 --- a/src/security/authentication.ts +++ b/src/security/authentication.ts @@ -1,11 +1,10 @@ import * as express from 'express'; -import { AuthenticatedRequest } from '../models'; import { checkReporterKey } from '../data'; -import { Cache, logger } from '../core'; +import { logger } from '../core'; /** - * Cert Authentication middelwhere API. + * Cert Authentication middleware API. * the key should be the 'reporterKey' property in the body. */ export const expressAuthentication = async (request: express.Request, scopes: string[]) => { @@ -16,11 +15,9 @@ export const expressAuthentication = async (request: express.Request, scopes: st } /** Make sure that there is a body, and the body contains the API key. */ - const authenticatedRequest: AuthenticatedRequest = request.body; - if (authenticatedRequest && authenticatedRequest.reporterKey) { - if (await checkReporterKey(authenticatedRequest.reporterKey)) { - return; - } + const reporterKey = request.header('Authorization'); + if (await checkReporterKey(reporterKey)) { + return; } throw new Error('auth fail');