import crypto from 'crypto' import bodyParser from 'body-parser' import cookieParser from 'cookie-parser' import express from 'express' import { createStatusRouter, PingRouter } from './middlewares.js' import { createDatabase, createProblem, createSolution, getProblem, getProblems, getSolutions, getUser, getUsers, } from './db/database.js' import { initialDatabaseValue } from './db/example-data.js' export async function createApiRouter() { const sessions = { store: {}, createSession(username) { const sid = crypto.randomBytes(10).toString('hex') this.store[sid] = username return sid }, getUserForSession(sid) { return this.store[sid] ?? null }, } const db = createDatabase('./db.local.json', initialDatabaseValue) async function getRequestUser(req) { const userId = sessions.getUserForSession(req.cookies.sid) if (!userId) { return null } const user = await getUser(db, userId) return user } const r = express.Router() r.use(bodyParser.json()) r.use(cookieParser()) r.use('/api/status', createStatusRouter()) r.use('/api/ping', new PingRouter()) r.get('/api/current-user', async (req, res) => { res.json(await getRequestUser(req)) }) r.post('/api/login', async (req, res) => { const { username } = req.body const user = await getUser(db, username) if (!user) { res.sendStatus(403) return } res.cookie('sid', sessions.createSession(username), { maxAge: 1000 * 60 * 60 * 24 * 7 }) res.json({ status: 'ok' }) }) r.post('/api/logout', (req, res) => { res.cookie('sid', '', { expires: new Date() }) res.json({ status: 'ok' }) }) r.get('/api/users', async (req, res) => { const requestUser = await getRequestUser(req) if (requestUser.role !== 'admin' && requestUser.role !== 'moderator') { res.sendStatus(401) return } const users = await getUsers(db) res.json(users) }) r.get('/api/problems', async (req, res) => { res.json(await getProblems(db)) }) r.get('/api/problem/:id', async (req, res) => { res.json(await getProblem(db, req.params.id)) }) r.post('/api/problem', async (req, res) => { const user = await getRequestUser(req) if (!user) { res.sendStatus(401) return } if (user.role !== 'admin' && user.role !== 'moderator') { res.sendStatus(401) return } const id = await createProblem(db, { content: req.body.content, createBy: user.username, }) res.json(id) }) r.get('/api/solutions', async (req, res) => { let queryUserId = req.query.user let queryProblemId = req.query.problem const requestUser = await getRequestUser(req) if (!requestUser) { res.sendStatus(401) return } // if current user is not an administrator then force the user query to current user if (requestUser.role !== 'admin' && requestUser.role !== 'moderator') { queryUserId = requestUser.username } res.json(await getSolutions(db, { userId: queryUserId, problemId: queryProblemId })) }) r.post('/api/solution', async (req, res) => { const user = await getRequestUser(req) if (!user) { res.sendStatus(401) return } await createSolution(db, { userId: user.username, problemId: req.body.problemId, content: req.body.content, }) res.send({ status: 'ok' }) }) r.get('/api/user/:id', async (req, res) => { const requestUser = await getRequestUser(req) if (!requestUser) { res.sendStatus(401) return } if (requestUser.role !== 'admin' && requestUser.role !== 'moderator') { res.sendStatus(401) return } const requestedUser = await getUser(db, req.params.id) if (!requestedUser) { res.sendStatus(404) return } res.json(requestedUser) }) return r }