import crypto from 'crypto' import bodyParser from 'body-parser' import cookieParser from 'cookie-parser' import express from 'express' import { authMiddleware, PingRouter, StatusRouter } from './middlewares.js' import { createDatabase, getUser, updateUser } from './db/database.js' import { initialDatabaseValue } from './db/example-data.js' export async function createApiRouter() { const sessions = { store: {}, createSession(username) { const sid = crypto.randomBytes(10).toString('hex') this.store[sid] = username return sid }, getUserForSession(sid) { return this.store[sid] ?? null }, } const db = createDatabase('./db.local.json', initialDatabaseValue) const r = express.Router() r.use(bodyParser.json()) r.use(cookieParser()) r.use(authMiddleware(sid => sessions.getUserForSession(sid))) r.use('/api/status', new StatusRouter()) r.use('/api/ping', new PingRouter()) r.get('/api/current-user', async (req, res) => { const userId = sessions.getUserForSession(req.cookies.sid) if (!userId) { res.cookie('sid', '', { expires: new Date() }) res.status(400) res.end('Invalid session token') return } const user = await getUser(db, userId) res.json({ username: userId, ...user, }) }) r.post('/api/login', (req, res) => { const { username } = req.body res.cookie('sid', sessions.createSession(username), { maxAge: 1000 * 60 * 60 * 24 * 7 }) res.json({ status: 'ok' }) }) r.post('/api/logout', (req, res) => { res.cookie('sid', '', { expires: new Date() }) res.json({ status: 'ok' }) }) r.get('/api/user/:id', async (req, res) => { const user = await getUser(db, req.params.id) if (user) { res.json(user) } else { res.sendStatus(404) } }) r.post('/api/user/:id', async (req, res) => { await updateUser(db, req.params.id, req.body) res.sendStatus(200) }) return r }