mirror of
https://github.com/sasjs/server.git
synced 2026-01-11 00:10:06 +00:00
chore: swagger docs generated
This commit is contained in:
Saad Jutt
@@ -1,5 +1,6 @@
|
||||
import express from 'express'
|
||||
import dotenv from 'dotenv'
|
||||
import swaggerUi from 'swagger-ui-express'
|
||||
|
||||
import { authenticateAccessToken, verifyAdmin } from '../../middlewares'
|
||||
|
||||
@@ -19,5 +20,14 @@ router.use('/stp', authenticateAccessToken, stpRouter)
|
||||
router.use('/user', userRouter)
|
||||
router.use('/client', authenticateAccessToken, verifyAdmin, clientRouter)
|
||||
router.use('/auth', authRouter)
|
||||
router.use(
|
||||
'/',
|
||||
swaggerUi.serve,
|
||||
swaggerUi.setup(undefined, {
|
||||
swaggerOptions: {
|
||||
url: '/swagger.json'
|
||||
}
|
||||
})
|
||||
)
|
||||
|
||||
export default router
|
||||
|
||||
@@ -2,7 +2,7 @@ import mongoose, { Mongoose } from 'mongoose'
|
||||
import { MongoMemoryServer } from 'mongodb-memory-server'
|
||||
import request from 'supertest'
|
||||
import app from '../../../app'
|
||||
import { createUser } from '../../../controllers/createUser'
|
||||
import UserController from '../../../controllers/user'
|
||||
import { createClient } from '../../../controllers/createClient'
|
||||
import {
|
||||
generateAccessToken,
|
||||
@@ -27,6 +27,7 @@ const user = {
|
||||
describe('auth', () => {
|
||||
let con: Mongoose
|
||||
let mongoServer: MongoMemoryServer
|
||||
const userController = new UserController()
|
||||
|
||||
beforeAll(async () => {
|
||||
mongoServer = await MongoMemoryServer.create()
|
||||
@@ -49,7 +50,7 @@ describe('auth', () => {
|
||||
})
|
||||
|
||||
it('should respond with authorization code', async () => {
|
||||
await createUser(user)
|
||||
await userController.createUser(user)
|
||||
|
||||
const res = await request(app)
|
||||
.post('/SASjsApi/auth/authorize')
|
||||
@@ -117,7 +118,7 @@ describe('auth', () => {
|
||||
})
|
||||
|
||||
it('should respond with Forbidden if password is incorrect', async () => {
|
||||
await createUser(user)
|
||||
await userController.createUser(user)
|
||||
|
||||
const res = await request(app)
|
||||
.post('/SASjsApi/auth/authorize')
|
||||
@@ -133,7 +134,7 @@ describe('auth', () => {
|
||||
})
|
||||
|
||||
it('should respond with Forbidden if clientId is incorrect', async () => {
|
||||
await createUser(user)
|
||||
await userController.createUser(user)
|
||||
|
||||
const res = await request(app)
|
||||
.post('/SASjsApi/auth/authorize')
|
||||
@@ -155,7 +156,7 @@ describe('auth', () => {
|
||||
username: user.username
|
||||
}
|
||||
beforeAll(async () => {
|
||||
await createUser(user)
|
||||
await userController.createUser(user)
|
||||
})
|
||||
afterAll(async () => {
|
||||
const collections = mongoose.connection.collections
|
||||
@@ -250,7 +251,7 @@ describe('auth', () => {
|
||||
})
|
||||
|
||||
beforeEach(async () => {
|
||||
await createUser(user)
|
||||
await userController.createUser(user)
|
||||
await saveTokensInDB(user.username, clientId, 'accessToken', refreshToken)
|
||||
})
|
||||
|
||||
@@ -294,7 +295,7 @@ describe('auth', () => {
|
||||
})
|
||||
|
||||
beforeEach(async () => {
|
||||
await createUser(user)
|
||||
await userController.createUser(user)
|
||||
await saveTokensInDB(user.username, clientId, accessToken, 'refreshToken')
|
||||
})
|
||||
|
||||
|
||||
@@ -3,8 +3,8 @@ import { MongoMemoryServer } from 'mongodb-memory-server'
|
||||
import request from 'supertest'
|
||||
import app from '../../../app'
|
||||
import { createClient } from '../../../controllers/createClient'
|
||||
import UserController from '../../../controllers/user'
|
||||
import { generateAccessToken } from '../auth'
|
||||
import { createUser } from '../../../controllers/createUser'
|
||||
import { saveTokensInDB } from '../../../utils'
|
||||
|
||||
const client = {
|
||||
@@ -23,9 +23,10 @@ const newClient = {
|
||||
clientSecret: 'newClientSecret'
|
||||
}
|
||||
|
||||
describe('user', () => {
|
||||
describe('client', () => {
|
||||
let con: Mongoose
|
||||
let mongoServer: MongoMemoryServer
|
||||
const userController = new UserController()
|
||||
|
||||
beforeAll(async () => {
|
||||
mongoServer = await MongoMemoryServer.create()
|
||||
@@ -45,7 +46,7 @@ describe('user', () => {
|
||||
})
|
||||
|
||||
beforeAll(async () => {
|
||||
await createUser(adminUser)
|
||||
await userController.createUser(adminUser)
|
||||
await saveTokensInDB(
|
||||
adminUser.username,
|
||||
client.clientId,
|
||||
@@ -93,7 +94,7 @@ describe('user', () => {
|
||||
clientId: client.clientId,
|
||||
username: user.username
|
||||
})
|
||||
await createUser(user)
|
||||
await userController.createUser(user)
|
||||
await saveTokensInDB(
|
||||
user.username,
|
||||
client.clientId,
|
||||
@@ -105,7 +106,7 @@ describe('user', () => {
|
||||
.post('/SASjsApi/client')
|
||||
.auth(accessToken, { type: 'bearer' })
|
||||
.send(newClient)
|
||||
.expect(403)
|
||||
.expect(401)
|
||||
|
||||
expect(res.text).toEqual('Admin account required')
|
||||
expect(res.body).toEqual({})
|
||||
|
||||
@@ -3,11 +3,11 @@ import { MongoMemoryServer } from 'mongodb-memory-server'
|
||||
import request from 'supertest'
|
||||
import app from '../../../app'
|
||||
import { getTreeExample } from '../../../controllers/deploy'
|
||||
import UserController from '../../../controllers/user'
|
||||
import { getTmpFilesFolderPath } from '../../../utils/file'
|
||||
import { folderExists, fileExists, readFile, deleteFolder } from '@sasjs/utils'
|
||||
import path from 'path'
|
||||
import { generateAccessToken } from '../auth'
|
||||
import { createUser } from '../../../controllers/createUser'
|
||||
import { saveTokensInDB } from '../../../utils'
|
||||
|
||||
const clientId = 'someclientID'
|
||||
@@ -22,6 +22,7 @@ const user = {
|
||||
describe('files', () => {
|
||||
let con: Mongoose
|
||||
let mongoServer: MongoMemoryServer
|
||||
const controller = new UserController()
|
||||
|
||||
beforeAll(async () => {
|
||||
mongoServer = await MongoMemoryServer.create()
|
||||
@@ -40,7 +41,7 @@ describe('files', () => {
|
||||
})
|
||||
|
||||
beforeAll(async () => {
|
||||
await createUser(user)
|
||||
await controller.createUser(user)
|
||||
await saveTokensInDB(user.username, clientId, accessToken, 'refreshToken')
|
||||
})
|
||||
const shouldFailAssertion = async (payload: any) => {
|
||||
|
||||
@@ -2,7 +2,7 @@ import mongoose, { Mongoose } from 'mongoose'
|
||||
import { MongoMemoryServer } from 'mongodb-memory-server'
|
||||
import request from 'supertest'
|
||||
import app from '../../../app'
|
||||
import { createUser } from '../../../controllers/createUser'
|
||||
import UserController from '../../../controllers/user'
|
||||
import { generateAccessToken } from '../auth'
|
||||
import { saveTokensInDB } from '../../../utils'
|
||||
|
||||
@@ -25,6 +25,7 @@ const user = {
|
||||
describe('user', () => {
|
||||
let con: Mongoose
|
||||
let mongoServer: MongoMemoryServer
|
||||
const controller = new UserController()
|
||||
|
||||
beforeAll(async () => {
|
||||
mongoServer = await MongoMemoryServer.create()
|
||||
@@ -44,7 +45,7 @@ describe('user', () => {
|
||||
})
|
||||
|
||||
beforeEach(async () => {
|
||||
await createUser(adminUser)
|
||||
await controller.createUser(adminUser)
|
||||
await saveTokensInDB(
|
||||
adminUser.username,
|
||||
clientId,
|
||||
@@ -87,21 +88,21 @@ describe('user', () => {
|
||||
clientId,
|
||||
username: user.username
|
||||
})
|
||||
await createUser(user)
|
||||
await controller.createUser(user)
|
||||
await saveTokensInDB(user.username, clientId, accessToken, 'refreshToken')
|
||||
|
||||
const res = await request(app)
|
||||
.post('/SASjsApi/user')
|
||||
.auth(accessToken, { type: 'bearer' })
|
||||
.send(user)
|
||||
.expect(403)
|
||||
.expect(401)
|
||||
|
||||
expect(res.text).toEqual('Admin account required')
|
||||
expect(res.body).toEqual({})
|
||||
})
|
||||
|
||||
it('should respond with Forbidden if username is already present', async () => {
|
||||
await createUser(user)
|
||||
await controller.createUser(user)
|
||||
|
||||
const res = await request(app)
|
||||
.post('/SASjsApi/user')
|
||||
|
||||
@@ -1,8 +1,10 @@
|
||||
import express from 'express'
|
||||
import { createUser } from '../../controllers/createUser'
|
||||
import { updateUser } from '../../controllers/updateUser'
|
||||
import { deleteUser } from '../../controllers/deleteUser'
|
||||
import { authenticateAccessToken, verifyAdmin } from '../../middlewares'
|
||||
import UserController from '../../controllers/user'
|
||||
import {
|
||||
authenticateAccessToken,
|
||||
verifyAdmin,
|
||||
verifyAdminIfNeeded
|
||||
} from '../../middlewares'
|
||||
import User from '../../model/User'
|
||||
import {
|
||||
deleteUserValidation,
|
||||
@@ -12,29 +14,31 @@ import {
|
||||
|
||||
const userRouter = express.Router()
|
||||
|
||||
// create user
|
||||
userRouter.post('/', authenticateAccessToken, verifyAdmin, async (req, res) => {
|
||||
const { error, value: data } = registerUserValidation(req.body)
|
||||
const { error, value: body } = registerUserValidation(req.body)
|
||||
if (error) return res.status(400).send(error.details[0].message)
|
||||
|
||||
const controller = new UserController()
|
||||
try {
|
||||
const savedUser = await createUser(data)
|
||||
res.send(savedUser)
|
||||
const response = await controller.createUser(body)
|
||||
res.send(response)
|
||||
} catch (err: any) {
|
||||
res.status(403).send(err.toString())
|
||||
}
|
||||
})
|
||||
|
||||
userRouter.get('/', authenticateAccessToken, async (req, res) => {
|
||||
const controller = new UserController()
|
||||
try {
|
||||
const users = await User.find({})
|
||||
.select({ _id: 0, username: 1, displayName: 1, isAdmin: 1, isActive: 1 })
|
||||
.exec()
|
||||
res.send(users)
|
||||
const response = await controller.getAllUsers()
|
||||
res.send(response)
|
||||
} catch (err: any) {
|
||||
res.status(403).send(err.toString())
|
||||
}
|
||||
})
|
||||
|
||||
// get one user
|
||||
userRouter.get('/:username', authenticateAccessToken, async (req: any, res) => {
|
||||
const { username } = req.params
|
||||
try {
|
||||
@@ -47,48 +51,45 @@ userRouter.get('/:username', authenticateAccessToken, async (req: any, res) => {
|
||||
}
|
||||
})
|
||||
|
||||
// update user
|
||||
userRouter.patch(
|
||||
'/:username',
|
||||
authenticateAccessToken,
|
||||
verifyAdminIfNeeded,
|
||||
async (req: any, res) => {
|
||||
const { user } = req
|
||||
const { username } = req.params
|
||||
|
||||
// only an admin can update other users
|
||||
if (!user.isAdmin && user.username !== username) {
|
||||
return res.status(401).send('Admin account required')
|
||||
}
|
||||
|
||||
// only an admin can update `isActive` and `isAdmin` fields
|
||||
const { error, value: data } = updateUserValidation(req.body, user.isAdmin)
|
||||
const { error, value: body } = updateUserValidation(req.body, user.isAdmin)
|
||||
if (error) return res.status(400).send(error.details[0].message)
|
||||
|
||||
const controller = new UserController()
|
||||
try {
|
||||
const user = await updateUser(username, data)
|
||||
res.send(user)
|
||||
const response = await controller.updateUser(username, body)
|
||||
res.send(response)
|
||||
} catch (err: any) {
|
||||
res.status(403).send(err.toString())
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
// delete user
|
||||
userRouter.delete(
|
||||
'/:username',
|
||||
authenticateAccessToken,
|
||||
verifyAdminIfNeeded,
|
||||
async (req: any, res) => {
|
||||
const { user } = req
|
||||
const { username } = req.params
|
||||
|
||||
// only an admin can delete other users
|
||||
if (!user.isAdmin && user.username !== username) {
|
||||
return res.status(401).send('Admin account required')
|
||||
}
|
||||
|
||||
// only an admin can delete user without providing password
|
||||
const { error, value: data } = deleteUserValidation(req.body, user.isAdmin)
|
||||
if (error) return res.status(400).send(error.details[0].message)
|
||||
|
||||
const controller = new UserController()
|
||||
try {
|
||||
await deleteUser(username, user.isAdmin, data)
|
||||
await controller.deleteUser(username, data, user.isAdmin)
|
||||
res.status(200).send('Account Deleted!')
|
||||
} catch (err: any) {
|
||||
res.status(403).send(err.toString())
|
||||
|
||||
Reference in New Issue
Block a user