GitLab steht wegen Wartungsarbeiten am Montag, den 10. Mai, zwischen 17:00 und 19:00 Uhr nicht zur Verfügung.

Adds parsing of the jwt -> privateKey before the necessary routes

parent aa235d5c
......@@ -11,7 +11,7 @@ module.exports = {
await Promise.all(quizzes.map(async quiz => {
const privateKey = jwt.verify(
const privateKey = jwt.decode(
quiz.privateKey.substr(7),
'arsnova.click-v2', {
algorithms: ['HS512'],
......
......@@ -9,7 +9,7 @@ import {
Param,
Post,
Put,
UnauthorizedError,
UnauthorizedError, UseBefore,
} from 'routing-controllers';
import MemberDAO from '../../db/MemberDAO';
import QuizDAO from '../../db/QuizDAO';
......@@ -33,6 +33,7 @@ export class MemberRouter extends AbstractRouter {
}
@Get('/token/bonus')
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
public async getCurrentBonusToken(@HeaderParam('authorization') token: string): Promise<string> {
const member = await MemberDAO.getMemberByToken(token);
if (!member) {
......@@ -54,6 +55,7 @@ export class MemberRouter extends AbstractRouter {
}
@Put('/')
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
public async addMember(
@BodyParam('member') member: IMemberSerialized, //
@HeaderParam('authorization') token: string, //
......@@ -112,6 +114,7 @@ export class MemberRouter extends AbstractRouter {
}
@Put('/reading-confirmation')
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
public async addReadingConfirmation(@HeaderParam('authorization') token: string, //
): Promise<IMessage> {
......@@ -135,6 +138,7 @@ export class MemberRouter extends AbstractRouter {
}
@Put('/confidence-value')
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
public async addConfidenceValue(
@HeaderParam('authorization') token: string, //
@BodyParam('confidenceValue') confidenceValue: number, //
......@@ -160,6 +164,7 @@ export class MemberRouter extends AbstractRouter {
}
@Put('/response')
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
public async addResponse(
@HeaderParam('authorization') token: string, //
@Body() body: any, // Must use body since string value '3,14' of body.response results in a JSON.parse error if using BodyParam
......
......@@ -53,6 +53,7 @@ import { AbstractRouter } from './AbstractRouter';
export class QuizRouter extends AbstractRouter {
@Get('/answer-result')
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
public async getAnswerResult(
@HeaderParam('authorization', { required: true }) token: string, //
): Promise<IAnswerResult> {
......@@ -69,6 +70,7 @@ export class QuizRouter extends AbstractRouter {
}
@Get('/bonus-token')
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
public async getCanUseBonusToken(
@HeaderParam('authorization', { required: true }) token: string, //
): Promise<boolean> {
......@@ -101,6 +103,7 @@ export class QuizRouter extends AbstractRouter {
}
@Get('/status/:quizName?') //
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
@OpenAPI({
summary: 'Returns the status of a quiz',
parameters: [
......@@ -270,6 +273,7 @@ export class QuizRouter extends AbstractRouter {
}
@Post('/upload')
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
public async uploadQuiz(
@HeaderParam('authorization') privateKey: string, //
@UploadedFiles('uploadFiles[]') uploadedFiles: any, //
......@@ -321,6 +325,7 @@ export class QuizRouter extends AbstractRouter {
}
@Post('/next')
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
public async startQuiz(
@HeaderParam('authorization') token: string, //
@BodyParam('quizName') quizName: string, //
......@@ -443,6 +448,7 @@ export class QuizRouter extends AbstractRouter {
}
@Get('/start-time')
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
public async getStartTime(@HeaderParam('authorization') token: string): Promise<number> {
const member = await MemberDAO.getMemberByToken(token);
if (!member) {
......@@ -551,6 +557,7 @@ export class QuizRouter extends AbstractRouter {
}
@Post('/settings')
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
public async updateQuizSettings(
@HeaderParam('authorization') token: string, //
@BodyParam('quizName') quizName: string, //
......@@ -579,6 +586,7 @@ export class QuizRouter extends AbstractRouter {
}
@Put('/')
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
public async addQuiz(
@HeaderParam('authorization') privateKey: string, //
@BodyParam('quiz') quiz: IQuiz, //
......@@ -670,6 +678,7 @@ export class QuizRouter extends AbstractRouter {
}
@Put('/save')
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
public async saveQuiz(
@HeaderParam('authorization') privateKey: string, //
@BodyParam('quiz') quiz: IQuiz, //
......@@ -710,6 +719,7 @@ export class QuizRouter extends AbstractRouter {
}
@Delete('/active/:quizName')
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
public async deleteActiveQuiz(
@Param('quizName') quizName: string, //
@HeaderParam('authorization') privateKey: string, //
......@@ -729,6 +739,7 @@ export class QuizRouter extends AbstractRouter {
}
@Delete('/:quizName')
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
public async deleteQuiz(
@Param('quizName') quizName: string, //
@HeaderParam('authorization') privateKey: string, //
......@@ -753,6 +764,7 @@ export class QuizRouter extends AbstractRouter {
}
@Post('/reset/:quizName')
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
public async resetQuiz(
@Param('quizName') quizName: string, //
@HeaderParam('authorization') privateKey: string, //
......@@ -775,6 +787,7 @@ export class QuizRouter extends AbstractRouter {
}
@Get('/export/:quizName/:privateKey/:theme/:language') //
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
@UseBefore(routeCache.cacheSeconds(5, req => `${RoutingCache.QuizExportSheet}_${req.url}`))
@ContentType('application/vnd.openxmlformats-officedocument.spreadsheetml.sheet') //
public async getExportFile(
......@@ -830,6 +843,7 @@ export class QuizRouter extends AbstractRouter {
}
@Get('/leaderboard/:quizName/:amount/:questionIndex?') //
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
@UseBefore(routeCache.cacheSeconds(20, (req: Request) => {
return `${req.url}_${req.headers.authorization}`;
}))
......@@ -895,6 +909,7 @@ export class QuizRouter extends AbstractRouter {
}
@Post('/private')
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
private async setQuizAsPrivate(@BodyParam('name') quizName: string, @HeaderParam('authorization') privateKey: string): Promise<void> {
const existingQuiz = await QuizDAO.getQuizByName(quizName);
if (!existingQuiz) {
......@@ -908,6 +923,7 @@ export class QuizRouter extends AbstractRouter {
}
@Get('/public')
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
private async getPublicQuizzes(@HeaderParam('authorization') privateKey: string): Promise<Array<QuizModelItem>> {
return (
await QuizDAO.getAllPublicQuizzes()
......@@ -915,6 +931,7 @@ export class QuizRouter extends AbstractRouter {
}
@Post('/public/init')
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
private async initQuizInstance(
@BodyParam('name') quizName: string,
@BodyParam('readingConfirmationEnabled', {required: false}) readingConfirmationEnabled: boolean,
......@@ -968,6 +985,7 @@ export class QuizRouter extends AbstractRouter {
}
@Get('/public/amount')
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
private async getPublicQuizAmount(@HeaderParam('authorization') privateKey: string): Promise<number> {
return (
await this.getPublicQuizzes(privateKey)
......@@ -975,6 +993,7 @@ export class QuizRouter extends AbstractRouter {
}
@Get('/public/own')
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
private async getOwnPublicQuizzes(@HeaderParam('authorization') privateKey: string): Promise<Array<QuizModelItem>> {
return (
await QuizDAO.getAllPublicQuizzes()
......@@ -982,6 +1001,7 @@ export class QuizRouter extends AbstractRouter {
}
@Get('/public/amount/own')
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
private async getOwnPublicQuizAmount(@HeaderParam('authorization') privateKey: string): Promise<number> {
return (
await this.getOwnPublicQuizzes(privateKey)
......@@ -995,6 +1015,7 @@ export class QuizRouter extends AbstractRouter {
}
@Get('/quiz/:quizName?') //
@UseBefore(req => (AuthService.decodeLoginToken(req.headers.authorization) as any).privateKey)
@UseBefore(routeCache.cacheSeconds(10, req => `${RoutingCache.QuizData}_${req.params.quizName}`))
@OpenAPI({
summary: 'Returns the data of a quiz',
......
......@@ -63,4 +63,8 @@ export class AuthService {
algorithms: ['HS512'],
});
}
public static decodeLoginToken(token: string): string {
return token.match(/bearer /i) ? (this.decodeToken(token.substr(7)) as any).privateKey : null;
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment