Skip to content

Commit

Permalink
Merge pull request #54 from lefreire/dev
Browse files Browse the repository at this point in the history 
Fixes #32
  • Loading branch information
Fred Souza committed Mar 20, 2016
2 parents 79c11eb + b086880 commit 6ca07e1
Show file tree
Hide file tree
Showing 6 changed files with 99 additions and 9 deletions.
1 change: 1 addition & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@
"crypto-js": "^3.1.6",
"express": "4.13.3",
"fs-extra": "0.26.0",
"helmet": "^1.3.0",
"json-web-token": "^1.6.3",
"moment": "2.10.6",
"moment-timezone": "0.4.1",
Expand Down
4 changes: 3 additions & 1 deletion src/core/router.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ const Config = require('../config');
const ServerDriver = require('express');
const BodyParser = require("body-parser");
const compression = require('compression');
const helmet = require('helmet');
let logger = LoggerFactory.getServerLogger();

/**
Expand All @@ -16,11 +17,12 @@ class Router {
constructor(){
this.driver = new ServerDriver();
this.driver.use(compression());
this.driver.use(helmet());
this.driver.use(BodyParser.urlencoded({extended: true}));
this.driver.use(BodyParser.json());
this.driver.use(function(req, res, next) {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, Authorization');
logger.info('Serving route '+req.url+' ('+ req.method +')');
next();
});
Expand Down
4 changes: 4 additions & 0 deletions src/register/registerDAO.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,5 +17,9 @@ class RegisterDAO {
return this.collection.findOne({email:user.email, password:md5(user.password).toString()});
}

getUserByEmail(email){
return this.collection.findOne({email: email});
}

}
module.exports = RegisterDAO;
25 changes: 25 additions & 0 deletions src/report/reportResource.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ const Core = require('../core');
const Database = Core.Database;
const Report = require('./reportModel');
const ReportDAO = require('./reportDAO');
const SecurityUtil = require('../common/securityUtil');
const RegisterDAO = require('../register/registerDAO');

class ReportResource {

Expand All @@ -21,8 +23,26 @@ class ReportResource {
if(!data.line || data.line==='') throw new Error("Line not set.");
if(!data.message || data.message==='') throw new Error("Message not set.");
}

static *checkAuth(request, response, next){
let token = request.headers['authorization'];
if(!token) return false;
else{
let data = yield SecurityUtil.decodeToken(token);
let dao = new RegisterDAO();
let user = yield dao.getUserByEmail(data.value);
if(!user) return false;
else return true;
}

}

*postReport(request, response) {
let canAccess = yield ReportResource.checkAuth(request, response);
if(!canAccess){
response.status(403).send('You not allowed here.');
return;
}
const dao = new ReportDAO();
let data;
try {
Expand All @@ -38,6 +58,11 @@ class ReportResource {
}

*getActiveReports(request, response) {
let canAccess = yield ReportResource.checkAuth(request, response);
if(!canAccess){
response.status(403).send('You not allowed here.');
return;
}
const dao = new ReportDAO();
let data;
try {
Expand Down
16 changes: 16 additions & 0 deletions test/register/dao.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,22 @@ describe('RegisterDAO', () => {
Assert.notEqual(data._id, undefined);

});

it('should get user by email and password', function*(){
let data = yield dao.getUser({email:'email', password:'pass'});
Assert.equal(data.name, 'name');
Assert.equal(data.email, 'email');
Assert.notEqual(data.password, 'pass');
Assert.notEqual(data._id, undefined);
});

it('should get user by email', function*(){
let data = yield dao.getUserByEmail('email');
Assert.equal(data.name, 'name');
Assert.equal(data.email, 'email');
Assert.notEqual(data.password, 'pass');
Assert.notEqual(data._id, undefined);
});

after(function*() {
yield col.remove({});
Expand Down
58 changes: 50 additions & 8 deletions test/report/api.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,11 @@ const Core = require(`${base}/core`);
const Database = Core.Database;
const Http = Core.Http;
const Router = Core.Router;
const Report = require(`${base}/report/reportModel`);
const Report = require(`${base}/report/reportModel`);

describe('Report API', () => {

let server, host;
let server, host, token;

before(function*() {
let ip = '0.0.0.0', port = Config.server.port;
Expand All @@ -22,13 +22,17 @@ describe('Report API', () => {
let router = new Router();
router.registerResources(Config.resources);
server = router.start(ip, port);

let user = {name:'name', email:'email', password:'pass'};
user = yield Http.post(`${host}/signup`, user);
token = user.body.auth_token.value;
});

it('should post a report from a POST request to /v4/report', function*() {
it('should post a report from a POST request to /v4/report with token', function*() {
let data;
let obj = {title:'bus report', order: 'C12345', line:'485', message: 'content'};
try {
var output = yield Http.post(`${host}/v4/report`, obj);
try {
var output = yield Http.post(`${host}/v4/report`, obj, {'Authorization': token});
data = output;
} catch(e) {
data = e;
Expand All @@ -45,11 +49,24 @@ describe('Report API', () => {
}
});

it('should fail to post a report from a POST request to /v4/report without token', function*() {
let data;
let obj = {title:'bus report', order: 'C12345', line:'485', message: 'content'};
try {
var output = yield Http.post(`${host}/v4/report`, obj);
data = output;
} catch(e) {
data = e;
} finally {
Assert.equal(data.statusCode, 403);
}
});

it('should get a active reports list from a GET request to /v4/report/C12345', function*() {
let data;
const obj = {title:'bus report', order: 'C12345', line:'485', message: 'content'};
try {
var output = yield Http.get(`${host}/v4/report/C12345`);
var output = yield Http.get(`${host}/v4/report/C12345`, {}, {'Authorization': token});
data = output;
} catch(e) {
data = e;
Expand All @@ -63,15 +80,27 @@ describe('Report API', () => {
Assert.equal(tmp.order, obj.order);
Assert.notEqual(tmp.timestamp, undefined);
Assert.equal(tmp.message, obj.message);
Assert.notEqual(tmp._id, undefined);
Assert.notEqual(tmp._id, undefined);
}
});

it('should fail to get a active reports list from a GET request to /v4/report/C12345 without token', function*() {
let data;
try {
var output = yield Http.get(`${host}/v4/report/C12345`, {});
data = output;
} catch(e) {
data = e;
} finally {
Assert.equal(data.statusCode, 403);
}
});

it('should fail to post a report due to an unconsistent request to /v4/report', function*() {
let data;
let obj = {order: 'C12345', line:'485', message: 'content'};
try {
var output = yield Http.post(`${host}/v4/report`, obj);
var output = yield Http.post(`${host}/v4/report`, obj, {'Authorization': token});
data = JSON.parse(output);
} catch(e) {
data = e;
Expand All @@ -80,6 +109,19 @@ describe('Report API', () => {
}
});

it('should fail to post a report due to an unconsistent request to /v4/report without token', function*() {
let data;
let obj = {order: 'C12345', line:'485', message: 'content'};
try {
var output = yield Http.post(`${host}/v4/report`, obj);
data = JSON.parse(output);
} catch(e) {
data = e;
} finally {
Assert.equal(data.statusCode, 403);
}
});

after(function*() {
server.close();
yield global.database.collection('report').remove({});
Expand Down

0 comments on commit 6ca07e1

Please sign in to comment.