Added auth middleware. Added access control to apps

controllers/apps/createApp.js

@@ -1,11 +1,16 @@
 const asyncWrapper = require('../../middleware/asyncWrapper');
 const App = require('../../models/App');
 const loadConfig = require('../../utils/loadConfig');
+const ErrorResponse = require('../../utils/ErrorResponse');
 
 // @desc      Create new app
 // @route     POST /api/apps
 // @access    Public
 const createApp = asyncWrapper(async (req, res, next) => {
+  if (!req.isAuthenticated) {
+    return next(new ErrorResponse('Unauthorized', 401));
+  }
+
   const { pinAppsByDefault } = await loadConfig();
 
   let app;

controllers/apps/deleteApp.js

@@ -1,10 +1,15 @@
 const asyncWrapper = require('../../middleware/asyncWrapper');
 const App = require('../../models/App');
+const ErrorResponse = require('../../utils/ErrorResponse');
 
 // @desc      Delete app
 // @route     DELETE /api/apps/:id
 // @access    Public
 const deleteApp = asyncWrapper(async (req, res, next) => {
+  if (!req.isAuthenticated) {
+    return next(new ErrorResponse('Unauthorized', 401));
+  }
+
   await App.destroy({
     where: { id: req.params.id },
   });

controllers/apps/getAllApps.js

@@ -25,13 +25,18 @@ const getAllApps = asyncWrapper(async (req, res, next) => {
     await useKubernetes(apps);
   }
 
+  // apps visibility
+  const where = req.isAuthenticated ? {} : { isPublic: true };
+
   if (orderType == 'name') {
     apps = await App.findAll({
       order: [[Sequelize.fn('lower', Sequelize.col('name')), 'ASC']],
+      where,
     });
   } else {
     apps = await App.findAll({
       order: [[orderType, 'ASC']],
+      where,
     });
   }
 

controllers/apps/getSingleApp.js

@@ -1,12 +1,15 @@
 const asyncWrapper = require('../../middleware/asyncWrapper');
 const App = require('../../models/App');
+const ErrorResponse = require('../../utils/ErrorResponse');
 
 // @desc      Get single app
 // @route     GET /api/apps/:id
 // @access    Public
 const getSingleApp = asyncWrapper(async (req, res, next) => {
+  const visibility = req.isAuthenticated ? {} : { isPublic: true };
+
   const app = await App.findOne({
-    where: { id: req.params.id },
+    where: { id: req.params.id, ...visibility },
   });
 
   if (!app) {

controllers/apps/reorderApps.js

@@ -1,10 +1,15 @@
 const asyncWrapper = require('../../middleware/asyncWrapper');
 const App = require('../../models/App');
+const ErrorResponse = require('../../utils/ErrorResponse');
 
 // @desc      Reorder apps
 // @route     PUT /api/apps/0/reorder
 // @access    Public
 const reorderApps = asyncWrapper(async (req, res, next) => {
+  if (!req.isAuthenticated) {
+    return next(new ErrorResponse('Unauthorized', 401));
+  }
+
   req.body.apps.forEach(async ({ id, orderId }) => {
     await App.update(
       { orderId },

controllers/apps/updateApp.js

@@ -1,10 +1,15 @@
 const asyncWrapper = require('../../middleware/asyncWrapper');
 const App = require('../../models/App');
+const ErrorResponse = require('../../utils/ErrorResponse');
 
 // @desc      Update app
 // @route     PUT /api/apps/:id
 // @access    Public
 const updateApp = asyncWrapper(async (req, res, next) => {
+  if (!req.isAuthenticated) {
+    return next(new ErrorResponse('Unauthorized', 401));
+  }
+
   let app = await App.findOne({
     where: { id: req.params.id },
   });

controllers/auth/index.js

@@ -1,3 +1,4 @@
 module.exports = {
   login: require('./login'),
+  validate: require('./validate'),
 };

controllers/auth/validate.js

@@ -0,0 +1,21 @@
+const asyncWrapper = require('../../middleware/asyncWrapper');
+const ErrorResponse = require('../../utils/ErrorResponse');
+const jwt = require('jsonwebtoken');
+
+// @desc      Verify token
+// @route     POST /api/auth/verify
+// @access    Public
+const validate = asyncWrapper(async (req, res, next) => {
+  try {
+    jwt.verify(req.body.token, process.env.SECRET);
+
+    res.status(200).json({
+      success: true,
+      data: { token: { isValid: true } },
+    });
+  } catch (err) {
+    return next(new ErrorResponse('Token expired', 401));
+  }
+});
+
+module.exports = validate;