Have every request return "Not logged in" if an access token is not

    included in the request. This makes the user interface more understandable.
Modify several requests to report different errors if not logged in
    or if parameters are not specified. Makes error more specific.
Closes #70

src/route-tools/middleware.ts

@@ -120,7 +120,7 @@ export const accountFromAuthToken: RequestHandler = async (req: Request, resp: R
     if (IsNotNullOrEmpty(req.vAuthToken)) {
       req.vAuthAccount = await Accounts.getAccountWithId(req.vAuthToken.accountId);
       if (IsNullOrEmpty(req.vAuthAccount)) {
-        req.vAccountError = 'No account found for authorization';
+        req.vAccountError = 'Not logged in';
         Logger.debug('accountFromAuthToken: account lookup fail: authToken=' + req.vRestResp.getAuthToken());
       };
     };

src/routes/api/maint/makeAdmin.ts

@@ -50,7 +50,7 @@ const procMakeAdmin: RequestHandler = async (req: Request, resp: Response, next:
     }
     else {
       Logger.error(`procMakeAdmin: could not fetch account "${adminAccountName}"`);
-      req.vRestResp.respondFailure('no such account');
+      req.vRestResp.respondFailure('No account named admin account name exists');
     };
   };
   next();

src/routes/api/v1/account/accountId.ts

@@ -30,18 +30,23 @@ import { Logger } from '@Tools/Logging';
 // metaverseServerApp.use(express.urlencoded({ extended: false }));
 
 const procGetAccountId: RequestHandler = async (req: Request, resp: Response, next: NextFunction) => {
-  if (req.vAuthAccount && req.vAccount) {
-    if (checkAccessToEntity(req.vAuthToken, req.vAccount, [ Perm.OWNER, Perm.ADMIN ])) {
-      req.vRestResp.Data = {
-        account: await buildAccountInfo(req, req.vAccount)
+  if (req.vAuthAccount) {
+    if (req.vAccount) {
+      if (checkAccessToEntity(req.vAuthToken, req.vAccount, [ Perm.OWNER, Perm.ADMIN ])) {
+        req.vRestResp.Data = {
+          account: await buildAccountInfo(req, req.vAccount)
+        };
+      }
+      else {
+        req.vRestResp.respondFailure('Unauthorized');
       };
     }
     else {
-      req.vRestResp.respondFailure('Unauthorized');
+      req.vRestResp.respondFailure('Target account not found');
     };
   }
   else {
-    req.vRestResp.respondFailure('No account specified');
+    req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in');
   };
   next();
 };
@@ -50,29 +55,34 @@ const procGetAccountId: RequestHandler = async (req: Request, resp: Response, ne
 // The setter must be either an admin account or the account itself
 const procPostAccountId: RequestHandler = async (req: Request, resp: Response, next: NextFunction) => {
   if (req.vRestResp) {
-    if (req.vAuthAccount && req.vAccount) {
-      const valuesToSet = req.body.accounts;
-      const updates: VKeyedCollection = {};
-      for (const field of [ 'email', 'public_key' ]) {
-        if (valuesToSet.hasOwnProperty(field)) {
-          await Accounts.setField(req.vAuthToken, req.vAccount, field, valuesToSet.field, req.vAuthAccount, updates);
-        };
-      };
-      if (valuesToSet.hasOwnProperty('images')) {
-        if (valuesToSet.images.hero) {
-          await Accounts.setField(req.vAuthToken, req.vAccount, 'images_hero', valuesToSet.images.hero, req.vAuthAccount, updates);
+    if (req.vAuthAccount) {
+      if (req.vAccount) {
+        const valuesToSet = req.body.accounts;
+        const updates: VKeyedCollection = {};
+        for (const field of [ 'email', 'public_key' ]) {
+          if (valuesToSet.hasOwnProperty(field)) {
+            await Accounts.setField(req.vAuthToken, req.vAccount, field, valuesToSet.field, req.vAuthAccount, updates);
+          };
         };
-        if (valuesToSet.images.tiny) {
-          await Accounts.setField(req.vAuthToken, req.vAccount, 'images_tiny', valuesToSet.images.tiny, req.vAuthAccount, updates);
-        };
-        if (valuesToSet.images.thumbnail) {
-          await Accounts.setField(req.vAuthToken, req.vAccount, 'images_thumbnail', valuesToSet.images.thumbnail, req.vAuthAccount, updates);
+        if (valuesToSet.hasOwnProperty('images')) {
+          if (valuesToSet.images.hero) {
+            await Accounts.setField(req.vAuthToken, req.vAccount, 'images_hero', valuesToSet.images.hero, req.vAuthAccount, updates);
+          };
+          if (valuesToSet.images.tiny) {
+            await Accounts.setField(req.vAuthToken, req.vAccount, 'images_tiny', valuesToSet.images.tiny, req.vAuthAccount, updates);
+          };
+          if (valuesToSet.images.thumbnail) {
+            await Accounts.setField(req.vAuthToken, req.vAccount, 'images_thumbnail', valuesToSet.images.thumbnail, req.vAuthAccount, updates);
+          };
         };
+        await Accounts.updateEntityFields(req.vAuthAccount, updates);
+      }
+      else {
+        req.vRestResp.respondFailure(req.vAccountError ?? 'Account not specified');
       };
-      await Accounts.updateEntityFields(req.vAuthAccount, updates);
     }
     else {
-      req.vRestResp.respondFailure(req.vAccountError ?? 'Accounts not specified');
+      req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in');
     };
   };
   next();
@@ -81,13 +91,22 @@ const procPostAccountId: RequestHandler = async (req: Request, resp: Response, n
 // Delete an account.
 // The setter must be an admin account.
 const procDeleteAccountId: RequestHandler = async (req: Request, resp: Response, next: NextFunction) => {
-  if (req.vRestResp) {
-    if (req.vAuthAccount && req.vAccount) {
+  if (req.vAuthAccount) {
+    if (req.vAccount) {
       if (Accounts.isAdmin(req.vAuthAccount)) {
         await Accounts.removeAccount(req.vAccount);
         await Accounts.removeAccountContext(req.vAccount);
+      }
+      else {
+        req.vRestResp.respondFailure('Not an administrator');
       };
+    }
+    else {
+      req.vRestResp.respondFailure('Target account does not exist');
     };
+  }
+  else {
+    req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in');
   };
   next();
 };

src/routes/api/v1/account/accountId/field/fieldname.ts

@@ -24,36 +24,46 @@ import { VKeyedCollection } from '@Tools/vTypes';
 
 // Get the scope of the logged in account
 const procGetField: RequestHandler = async (req: Request, resp: Response, next: NextFunction) => {
-  if (req.vAuthAccount && req.vAccount) {
-    req.vRestResp.Data = await Accounts.getField(req.vAuthToken, req.vAccount, req.vParam1, req.vAuthAccount);
+  if (req.vAuthAccount) {
+    if (req.vAccount) {
+      req.vRestResp.Data = await Accounts.getField(req.vAuthToken, req.vAccount, req.vParam1, req.vAuthAccount);
+    }
+    else {
+      req.vRestResp.respondFailure('Target account not found');
+    };
   }
   else {
-    req.vRestResp.respondFailure('unauthorized');
+    req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in');
   };
   next();
 };
 
 // Add a role to my roles collection.
 // Not implemented as something needs to be done with request_connection, etc
 const procPostField: RequestHandler = async (req: Request, resp: Response, next: NextFunction) => {
-  if (req.vAuthAccount && req.vAccount) {
-    if (req.body.hasOwnProperty('set')) {
-      const updates: VKeyedCollection = {};
-      const success = await Accounts.setField(req.vAuthToken, req.vAccount, req.vParam1, req.body.set, req.vAuthAccount, updates);
-      if (success.valid) {
-        // Setting worked so update the database
-        Accounts.updateEntityFields(req.vAccount, updates);
+  if (req.vAuthAccount) {
+    if (req.vAccount) {
+      if (req.body.hasOwnProperty('set')) {
+        const updates: VKeyedCollection = {};
+        const success = await Accounts.setField(req.vAuthToken, req.vAccount, req.vParam1, req.body.set, req.vAuthAccount, updates);
+        if (success.valid) {
+          // Setting worked so update the database
+          Accounts.updateEntityFields(req.vAccount, updates);
+        }
+        else {
+          req.vRestResp.respondFailure('value could not be set:' + success.reason);
+        };
       }
       else {
-        req.vRestResp.respondFailure('value could not be set:' + success.reason);
+        req.vRestResp.respondFailure('no set value given');
       };
     }
     else {
-      req.vRestResp.respondFailure('no set value given');
+      req.vRestResp.respondFailure('Target account not found');
     };
   }
   else {
-    req.vRestResp.respondFailure('unauthorized');
+    req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in');
   };
   next();
 };

src/routes/api/v1/account/accountId/tokens/tokenId.ts

@@ -31,28 +31,40 @@ import { Accounts } from '@Entities/Accounts';
 // The requestor account has to have authorization to access the toke so
 //    either 'vAuthAccount' is an admin or is the same as 'vAccount'.
 const procDeleteToken: RequestHandler = async (req: Request, resp: Response, next: NextFunction) => {
-  if (req.vRestResp && req.vAuthAccount && req.vAccount && req.vTokenId) {
-    const scoper = new AccountScopeFilter(req.vAuthAccount, 'accountId');
-    scoper.parametersFromRequest(req);
-
-    const tok = await Tokens.getTokenWithTokenId(req.vTokenId);
-    if (tok) {
-      if ( scoper.AsAdmin() && Accounts.isAdmin(req.vAuthAccount)
-                || req.vAuthAccount.id === tok.accountId) {
-        if (req.vAccount.id === tok.accountId) {
-          await Tokens.removeToken(tok);
+  if (req.vAuthAccount) {
+    if (req.vAccount) {
+      if (req.vTokenId) {
+        const scoper = new AccountScopeFilter(req.vAuthAccount, 'accountId');
+        scoper.parametersFromRequest(req);
+        const tok = await Tokens.getTokenWithTokenId(req.vTokenId);
+        if (tok) {
+          if ( scoper.AsAdmin() && Accounts.isAdmin(req.vAuthAccount)
+                    || req.vAuthAccount.id === tok.accountId) {
+            if (req.vAccount.id === tok.accountId) {
+              await Tokens.removeToken(tok);
+            }
+            else {
+              req.vRestResp.respondFailure('Token account does not match requested account');
+            };
+          }
+          else {
+            req.vRestResp.respondFailure('Unauthorized');
+          };
         }
         else {
-          req.vRestResp.respondFailure('Token account does not match requested account');
+          req.vRestResp.respondFailure('Token not found');
         };
       }
       else {
-        req.vRestResp.respondFailure('Unauthorized');
+        req.vRestResp.respondFailure('Token no speciied');
       };
     }
     else {
-      req.vRestResp.respondFailure('Token not found');
-    }
+      req.vRestResp.respondFailure('Target acccount not found');
+    };
+  }
+  else {
+    req.vRestResp.respondFailure('Not logged in');
   };
   next();
 };

src/routes/api/v1/accounts.ts

@@ -52,7 +52,7 @@ const procGetAccounts: RequestHandler = async (req: Request, resp: Response, nex
     infoer.addResponseFields(req);
   }
   else {
-    req.vRestResp.respondFailure('Not logged in');
+    req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in');
   };
   next();
 };

src/routes/api/v1/commerce/hfc_account.ts

@@ -26,7 +26,7 @@ const procPutCommerceHfcAccount: RequestHandler = async (req: Request, resp: Res
     Logger.debug('procPutCommerceHfcAccount');
   }
   else {
-    req.vRestResp.respondFailure('unauthorized');
+    req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in');
   };
   next();
 };

src/routes/api/v1/domains.ts

@@ -53,7 +53,7 @@ const procGetDomains: RequestHandler = async (req: Request, resp: Response, next
     pager.addResponseFields(req);
   }
   else {
-    req.vRestResp.respondFailure("Unauthorized");
+    req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in');
     req.vRestResp.HTTPStatus = HTTPStatusCode.Unauthorized;
   };
   next();
@@ -127,7 +127,7 @@ const procPostDomains: RequestHandler = async (req: Request, resp: Response, nex
     };
   }
   else {
-    req.vRestResp.respondFailure('unauthorized');
+    req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in');
   };
   next();
 };

src/routes/api/v1/domains/domainId.ts

@@ -141,11 +141,11 @@ const procDeleteDomains: RequestHandler = async (req: Request, resp: Response, n
       };
     }
     else {
-      req.vRestResp.respondFailure('Domain not found');
+      req.vRestResp.respondFailure(req.vDomainError ?? 'Domain not found');
     };
   }
   else {
-    req.vRestResp.respondFailure('Not logged in');
+    req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in');
   };
   next();
 };

src/routes/api/v1/domains/domainId/field/fieldname.ts

@@ -24,32 +24,42 @@ import { VKeyedCollection } from '@Tools/vTypes';
 
 // Get the scope of the logged in account
 const procGetField: RequestHandler = async (req: Request, resp: Response, next: NextFunction) => {
-  if (req.vAuthAccount && req.vDomain) {
-    req.vRestResp.Data = await Domains.getField(req.vAuthToken, req.vDomain, req.vParam1);
+  if (req.vAuthAccount) {
+    if (req.vDomain) {
+      req.vRestResp.Data = await Domains.getField(req.vAuthToken, req.vDomain, req.vParam1);
+    }
+    else {
+      req.vRestResp.respondFailure(req.vDomainError ?? 'Target domain not found');
+    };
   }
   else {
-    req.vRestResp.respondFailure('unauthorized');
+    req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in');
   }
   next();
 };
 
 // Add a role to my roles collection.
 // Not implemented as something needs to be done with request_connection, etc
 const procPostField: RequestHandler = async (req: Request, resp: Response, next: NextFunction) => {
-  if (req.vAuthAccount && req.vDomain) {
-    const updates: VKeyedCollection = {};
-    const success = await Domains.setField(req.vAuthToken, req.vDomain, req.vParam1,
-                                      req.body.set, req.vAuthAccount, updates);
-    if (success.valid) {
-      // Setting worked so update the database
-      Domains.updateEntityFields(req.vDomain, updates);
+  if (req.vAuthAccount) {
+    if (req.vDomain) {
+      const updates: VKeyedCollection = {};
+      const success = await Domains.setField(req.vAuthToken, req.vDomain, req.vParam1,
+                                        req.body.set, req.vAuthAccount, updates);
+      if (success.valid) {
+        // Setting worked so update the database
+        Domains.updateEntityFields(req.vDomain, updates);
+      }
+      else {
+        req.vRestResp.respondFailure('value could not be set: ' + success.reason);
+      };
     }
     else {
-      req.vRestResp.respondFailure('value could not be set: ' + success.reason);
+      req.vRestResp.respondFailure(req.vDomainError ?? 'Target domain not found');
     };
   }
   else {
-    req.vRestResp.respondFailure('unauthorized');
+    req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in');
   };
   next();
 };

src/routes/api/v1/places.ts

@@ -59,7 +59,7 @@ const procGetPlaces: RequestHandler = async (req: Request, resp: Response, next:
     pager.addResponseFields(req);
   }
   else {
-    req.vRestResp.respondFailure('No account specified');
+    req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in');
   };
   next();
 };
@@ -120,7 +120,7 @@ export const procPostPlaces: RequestHandler = async (req: Request, resp: Respons
     };
   }
   else {
-    req.vRestResp.respondFailure('no domain specified');
+    req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in');
   };
   next();
 };