overhaul

consumerWebsite/middleware/apiKey.js

@@ -0,0 +1,65 @@
+const { checkAPikey } = require("../functions/api.js");
+async function apikeyCheck(req, res, next) {
+	//const authHeader = req.headers.authorization
+	try {
+		let apikey = req.headers.authorization;
+		if (!apikey) {
+            res.status(401).json({
+                message: "No API key was supplied. Invalid request",
+            });
+			//throw new Error("No API key was supplied. Invalid request");
+		} else {
+			//split the string by the -
+			let splitAPIkey = apikey.split("-");
+			let rowid = splitAPIkey[0];
+
+			//rejoin withouth the rowid
+			let SuppliedKey = splitAPIkey.slice(1).join("-");
+			if (checkAPikey(SuppliedKey, rowid)) {
+				//get permission
+				let permission = await checkAPikey(SuppliedKey, rowid);
+				console.log(permission);
+				if (req.method === "GET" && permission === "canRead") {
+					return next();
+				}
+				//['POST', 'PUT', 'PATCH', 'DELETE'].includes(req.method)
+				if (
+					["GET", "POST", "PUT", "DELETE"].includes(req.method) &&
+					permission === "canWrite"
+				) {
+					console.log("write");
+					return next();
+				}
+				//throw status 403
+				res.status(403).json({
+					message:
+						"Your API key does not have the correct permissions to access this resource",
+				});
+			}
+		}
+	} catch (error) {
+		next(error);
+	}
+}
+
+module.exports = { apikeyCheck };
+
+/*
+//web server microservice
+1) take user supplied rowid-apikey
+2) split the string by -
+3) get the rowid or table id
+4) get the apikey
+5) compare the apikey with the one in database
+6) if match, return true
+*/
+
+/*
+
+I plan to seed some data in user and api
+Than use the system info and my API middleware will somehow check the supplied API key and check
+If it's correct API key and has canWrite perms
+I allow it to access put and post
+
+
+*/

consumerWebsite/middleware/apiLogger.js

@@ -0,0 +1,36 @@
+const { insertLogData } = require("../functions/logger.js");
+const APIlogger = (req, res, next) => {
+  try {
+    const log = {
+      ip: req.ip,
+      time: new Date().toUTCString(),
+      method: req.method,
+      //https://stackoverflow.com/questions/10183291/how-to-get-the-full-url-in-express
+      host: `${req.protocol}://${req.get("host")}${req.originalUrl}`, 
+      statusCode: res.statusCode,
+      Responsesize: res.get('Content-Length') ? res.get('Content-Length') : 0,
+      referrer: res.get('content-type') ? res.get('content-type') : "none",
+      userAgent: req.headers["user-agent"],
+    };
+    //upload to db logic here for api logs
+    insertLogData(log);
+    next();
+  }
+  catch (error) {
+    console.error(error);
+  }
+};
+
+module.exports = { APIlogger };
+
+
+/*
+		method: req.method,
+		statusCode: res.statusCode,
+		protocol: req.protocol,
+    //formatted in nice utc format
+    time: new Date().toUTCString(),
+    ip: req.ip,
+		userAgent: req.headers["user-agent"],
+		host: `${req.protocol}://${req.get("host")}${req.originalUrl}`,
+*/

consumerWebsite/middleware/authChecker.js

@@ -1,6 +1,6 @@
 const { apikeyModel } = require("../database/model/apiKeyModel");
 const { userModel } = require("../database/model/userModel");
-const { comparePassword } = require("../functions/bcrypt");
+const { compareHash } = require("../functions/bcrypt");
 
 async function auth(req, res, next){
     try{ 
@@ -15,7 +15,7 @@ async function auth(req, res, next){
         if (!token) return false;
 
         //compare
-        let isMatch = await comparePassword(suppliedToken, token.apikey);
+        let isMatch = await compareHash(suppliedToken, token.apikey);
         if (!isMatch) return false;
 
         //else do logic
@@ -28,4 +28,4 @@ async function auth(req, res, next){
     }
 }
 
-module.exports = { auth };
+module.exports = { auth };