From dc1db4ca1dd6eab7e147048f7c2790483bce939c Mon Sep 17 00:00:00 2001 From: Robert Adams Date: Sun, 10 Jan 2021 16:19:09 -0800 Subject: [PATCH] Have every request return "Not logged in" if an access token is not included in the request. This makes the user interface more understandable. Modify several requests to report different errors if not logged in or if parameters are not specified. Makes error more specific. Closes #70 --- src/route-tools/middleware.ts | 2 +- src/routes/api/maint/makeAdmin.ts | 2 +- src/routes/api/v1/account/accountId.ts | 71 ++++++++++++------- .../v1/account/accountId/field/fieldname.ts | 36 ++++++---- .../v1/account/accountId/tokens/tokenId.ts | 40 +++++++---- src/routes/api/v1/accounts.ts | 2 +- src/routes/api/v1/commerce/hfc_account.ts | 2 +- src/routes/api/v1/domains.ts | 4 +- src/routes/api/v1/domains/domainId.ts | 4 +- .../v1/domains/domainId/field/fieldname.ts | 34 +++++---- src/routes/api/v1/places.ts | 4 +- src/routes/api/v1/places/placeId.ts | 65 ++++++++++------- .../api/v1/places/placeId/field/fieldname.ts | 2 +- src/routes/api/v1/profile/accountId.ts | 2 +- src/routes/api/v1/requests.ts | 2 +- src/routes/api/v1/stats/category/category.ts | 2 +- src/routes/api/v1/stats/list.ts | 2 +- src/routes/api/v1/stats/stat.ts | 2 +- src/routes/api/v1/token/new.ts | 3 +- src/routes/api/v1/tokens.ts | 2 +- src/routes/api/v1/user/connection_request.ts | 4 +- src/routes/api/v1/user/connections.ts | 4 +- src/routes/api/v1/user/friends.ts | 6 +- src/routes/api/v1/user/heartbeat.ts | 2 +- src/routes/api/v1/user/location.ts | 2 +- src/routes/api/v1/user/locker.ts | 4 +- src/routes/api/v1/user/places.ts | 2 +- src/routes/api/v1/user/profile.ts | 2 +- src/routes/api/v1/user/public_key.ts | 2 +- src/routes/api/v1/user_activities.ts | 16 ++--- src/routes/api/v1/users.ts | 4 +- src/routes/api/v1/users/connections.ts | 2 +- src/routes/api/v1/users/public_key.ts | 5 +- src/routes/api/v1/users/username/location.ts | 2 +- 34 files changed, 203 insertions(+), 137 deletions(-) diff --git a/src/route-tools/middleware.ts b/src/route-tools/middleware.ts index 9092f90a..5c747050 100755 --- a/src/route-tools/middleware.ts +++ b/src/route-tools/middleware.ts @@ -120,7 +120,7 @@ export const accountFromAuthToken: RequestHandler = async (req: Request, resp: R if (IsNotNullOrEmpty(req.vAuthToken)) { req.vAuthAccount = await Accounts.getAccountWithId(req.vAuthToken.accountId); if (IsNullOrEmpty(req.vAuthAccount)) { - req.vAccountError = 'No account found for authorization'; + req.vAccountError = 'Not logged in'; Logger.debug('accountFromAuthToken: account lookup fail: authToken=' + req.vRestResp.getAuthToken()); }; }; diff --git a/src/routes/api/maint/makeAdmin.ts b/src/routes/api/maint/makeAdmin.ts index 3f81876f..a4202e3c 100755 --- a/src/routes/api/maint/makeAdmin.ts +++ b/src/routes/api/maint/makeAdmin.ts @@ -50,7 +50,7 @@ const procMakeAdmin: RequestHandler = async (req: Request, resp: Response, next: } else { Logger.error(`procMakeAdmin: could not fetch account "${adminAccountName}"`); - req.vRestResp.respondFailure('no such account'); + req.vRestResp.respondFailure('No account named admin account name exists'); }; }; next(); diff --git a/src/routes/api/v1/account/accountId.ts b/src/routes/api/v1/account/accountId.ts index fabd4db9..78077a58 100755 --- a/src/routes/api/v1/account/accountId.ts +++ b/src/routes/api/v1/account/accountId.ts @@ -30,18 +30,23 @@ import { Logger } from '@Tools/Logging'; // metaverseServerApp.use(express.urlencoded({ extended: false })); const procGetAccountId: RequestHandler = async (req: Request, resp: Response, next: NextFunction) => { - if (req.vAuthAccount && req.vAccount) { - if (checkAccessToEntity(req.vAuthToken, req.vAccount, [ Perm.OWNER, Perm.ADMIN ])) { - req.vRestResp.Data = { - account: await buildAccountInfo(req, req.vAccount) + if (req.vAuthAccount) { + if (req.vAccount) { + if (checkAccessToEntity(req.vAuthToken, req.vAccount, [ Perm.OWNER, Perm.ADMIN ])) { + req.vRestResp.Data = { + account: await buildAccountInfo(req, req.vAccount) + }; + } + else { + req.vRestResp.respondFailure('Unauthorized'); }; } else { - req.vRestResp.respondFailure('Unauthorized'); + req.vRestResp.respondFailure('Target account not found'); }; } else { - req.vRestResp.respondFailure('No account specified'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; @@ -50,29 +55,34 @@ const procGetAccountId: RequestHandler = async (req: Request, resp: Response, ne // The setter must be either an admin account or the account itself const procPostAccountId: RequestHandler = async (req: Request, resp: Response, next: NextFunction) => { if (req.vRestResp) { - if (req.vAuthAccount && req.vAccount) { - const valuesToSet = req.body.accounts; - const updates: VKeyedCollection = {}; - for (const field of [ 'email', 'public_key' ]) { - if (valuesToSet.hasOwnProperty(field)) { - await Accounts.setField(req.vAuthToken, req.vAccount, field, valuesToSet.field, req.vAuthAccount, updates); - }; - }; - if (valuesToSet.hasOwnProperty('images')) { - if (valuesToSet.images.hero) { - await Accounts.setField(req.vAuthToken, req.vAccount, 'images_hero', valuesToSet.images.hero, req.vAuthAccount, updates); + if (req.vAuthAccount) { + if (req.vAccount) { + const valuesToSet = req.body.accounts; + const updates: VKeyedCollection = {}; + for (const field of [ 'email', 'public_key' ]) { + if (valuesToSet.hasOwnProperty(field)) { + await Accounts.setField(req.vAuthToken, req.vAccount, field, valuesToSet.field, req.vAuthAccount, updates); + }; }; - if (valuesToSet.images.tiny) { - await Accounts.setField(req.vAuthToken, req.vAccount, 'images_tiny', valuesToSet.images.tiny, req.vAuthAccount, updates); - }; - if (valuesToSet.images.thumbnail) { - await Accounts.setField(req.vAuthToken, req.vAccount, 'images_thumbnail', valuesToSet.images.thumbnail, req.vAuthAccount, updates); + if (valuesToSet.hasOwnProperty('images')) { + if (valuesToSet.images.hero) { + await Accounts.setField(req.vAuthToken, req.vAccount, 'images_hero', valuesToSet.images.hero, req.vAuthAccount, updates); + }; + if (valuesToSet.images.tiny) { + await Accounts.setField(req.vAuthToken, req.vAccount, 'images_tiny', valuesToSet.images.tiny, req.vAuthAccount, updates); + }; + if (valuesToSet.images.thumbnail) { + await Accounts.setField(req.vAuthToken, req.vAccount, 'images_thumbnail', valuesToSet.images.thumbnail, req.vAuthAccount, updates); + }; }; + await Accounts.updateEntityFields(req.vAuthAccount, updates); + } + else { + req.vRestResp.respondFailure(req.vAccountError ?? 'Account not specified'); }; - await Accounts.updateEntityFields(req.vAuthAccount, updates); } else { - req.vRestResp.respondFailure(req.vAccountError ?? 'Accounts not specified'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; }; next(); @@ -81,13 +91,22 @@ const procPostAccountId: RequestHandler = async (req: Request, resp: Response, n // Delete an account. // The setter must be an admin account. const procDeleteAccountId: RequestHandler = async (req: Request, resp: Response, next: NextFunction) => { - if (req.vRestResp) { - if (req.vAuthAccount && req.vAccount) { + if (req.vAuthAccount) { + if (req.vAccount) { if (Accounts.isAdmin(req.vAuthAccount)) { await Accounts.removeAccount(req.vAccount); await Accounts.removeAccountContext(req.vAccount); + } + else { + req.vRestResp.respondFailure('Not an administrator'); }; + } + else { + req.vRestResp.respondFailure('Target account does not exist'); }; + } + else { + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/account/accountId/field/fieldname.ts b/src/routes/api/v1/account/accountId/field/fieldname.ts index a479e75a..fd5e17ee 100755 --- a/src/routes/api/v1/account/accountId/field/fieldname.ts +++ b/src/routes/api/v1/account/accountId/field/fieldname.ts @@ -24,11 +24,16 @@ import { VKeyedCollection } from '@Tools/vTypes'; // Get the scope of the logged in account const procGetField: RequestHandler = async (req: Request, resp: Response, next: NextFunction) => { - if (req.vAuthAccount && req.vAccount) { - req.vRestResp.Data = await Accounts.getField(req.vAuthToken, req.vAccount, req.vParam1, req.vAuthAccount); + if (req.vAuthAccount) { + if (req.vAccount) { + req.vRestResp.Data = await Accounts.getField(req.vAuthToken, req.vAccount, req.vParam1, req.vAuthAccount); + } + else { + req.vRestResp.respondFailure('Target account not found'); + }; } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; @@ -36,24 +41,29 @@ const procGetField: RequestHandler = async (req: Request, resp: Response, next: // Add a role to my roles collection. // Not implemented as something needs to be done with request_connection, etc const procPostField: RequestHandler = async (req: Request, resp: Response, next: NextFunction) => { - if (req.vAuthAccount && req.vAccount) { - if (req.body.hasOwnProperty('set')) { - const updates: VKeyedCollection = {}; - const success = await Accounts.setField(req.vAuthToken, req.vAccount, req.vParam1, req.body.set, req.vAuthAccount, updates); - if (success.valid) { - // Setting worked so update the database - Accounts.updateEntityFields(req.vAccount, updates); + if (req.vAuthAccount) { + if (req.vAccount) { + if (req.body.hasOwnProperty('set')) { + const updates: VKeyedCollection = {}; + const success = await Accounts.setField(req.vAuthToken, req.vAccount, req.vParam1, req.body.set, req.vAuthAccount, updates); + if (success.valid) { + // Setting worked so update the database + Accounts.updateEntityFields(req.vAccount, updates); + } + else { + req.vRestResp.respondFailure('value could not be set:' + success.reason); + }; } else { - req.vRestResp.respondFailure('value could not be set:' + success.reason); + req.vRestResp.respondFailure('no set value given'); }; } else { - req.vRestResp.respondFailure('no set value given'); + req.vRestResp.respondFailure('Target account not found'); }; } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/account/accountId/tokens/tokenId.ts b/src/routes/api/v1/account/accountId/tokens/tokenId.ts index 27666c6e..f1ac135b 100755 --- a/src/routes/api/v1/account/accountId/tokens/tokenId.ts +++ b/src/routes/api/v1/account/accountId/tokens/tokenId.ts @@ -31,28 +31,40 @@ import { Accounts } from '@Entities/Accounts'; // The requestor account has to have authorization to access the toke so // either 'vAuthAccount' is an admin or is the same as 'vAccount'. const procDeleteToken: RequestHandler = async (req: Request, resp: Response, next: NextFunction) => { - if (req.vRestResp && req.vAuthAccount && req.vAccount && req.vTokenId) { - const scoper = new AccountScopeFilter(req.vAuthAccount, 'accountId'); - scoper.parametersFromRequest(req); - - const tok = await Tokens.getTokenWithTokenId(req.vTokenId); - if (tok) { - if ( scoper.AsAdmin() && Accounts.isAdmin(req.vAuthAccount) - || req.vAuthAccount.id === tok.accountId) { - if (req.vAccount.id === tok.accountId) { - await Tokens.removeToken(tok); + if (req.vAuthAccount) { + if (req.vAccount) { + if (req.vTokenId) { + const scoper = new AccountScopeFilter(req.vAuthAccount, 'accountId'); + scoper.parametersFromRequest(req); + const tok = await Tokens.getTokenWithTokenId(req.vTokenId); + if (tok) { + if ( scoper.AsAdmin() && Accounts.isAdmin(req.vAuthAccount) + || req.vAuthAccount.id === tok.accountId) { + if (req.vAccount.id === tok.accountId) { + await Tokens.removeToken(tok); + } + else { + req.vRestResp.respondFailure('Token account does not match requested account'); + }; + } + else { + req.vRestResp.respondFailure('Unauthorized'); + }; } else { - req.vRestResp.respondFailure('Token account does not match requested account'); + req.vRestResp.respondFailure('Token not found'); }; } else { - req.vRestResp.respondFailure('Unauthorized'); + req.vRestResp.respondFailure('Token no speciied'); }; } else { - req.vRestResp.respondFailure('Token not found'); - } + req.vRestResp.respondFailure('Target acccount not found'); + }; + } + else { + req.vRestResp.respondFailure('Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/accounts.ts b/src/routes/api/v1/accounts.ts index bbfa5c4d..38ba9f56 100755 --- a/src/routes/api/v1/accounts.ts +++ b/src/routes/api/v1/accounts.ts @@ -52,7 +52,7 @@ const procGetAccounts: RequestHandler = async (req: Request, resp: Response, nex infoer.addResponseFields(req); } else { - req.vRestResp.respondFailure('Not logged in'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/commerce/hfc_account.ts b/src/routes/api/v1/commerce/hfc_account.ts index 9a7cc7d2..225af94e 100755 --- a/src/routes/api/v1/commerce/hfc_account.ts +++ b/src/routes/api/v1/commerce/hfc_account.ts @@ -26,7 +26,7 @@ const procPutCommerceHfcAccount: RequestHandler = async (req: Request, resp: Res Logger.debug('procPutCommerceHfcAccount'); } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/domains.ts b/src/routes/api/v1/domains.ts index 597ac2fd..9611ce5a 100755 --- a/src/routes/api/v1/domains.ts +++ b/src/routes/api/v1/domains.ts @@ -53,7 +53,7 @@ const procGetDomains: RequestHandler = async (req: Request, resp: Response, next pager.addResponseFields(req); } else { - req.vRestResp.respondFailure("Unauthorized"); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); req.vRestResp.HTTPStatus = HTTPStatusCode.Unauthorized; }; next(); @@ -127,7 +127,7 @@ const procPostDomains: RequestHandler = async (req: Request, resp: Response, nex }; } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/domains/domainId.ts b/src/routes/api/v1/domains/domainId.ts index aa8b5df5..58fd58be 100755 --- a/src/routes/api/v1/domains/domainId.ts +++ b/src/routes/api/v1/domains/domainId.ts @@ -141,11 +141,11 @@ const procDeleteDomains: RequestHandler = async (req: Request, resp: Response, n }; } else { - req.vRestResp.respondFailure('Domain not found'); + req.vRestResp.respondFailure(req.vDomainError ?? 'Domain not found'); }; } else { - req.vRestResp.respondFailure('Not logged in'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/domains/domainId/field/fieldname.ts b/src/routes/api/v1/domains/domainId/field/fieldname.ts index 5bc7d449..1fc3eb46 100755 --- a/src/routes/api/v1/domains/domainId/field/fieldname.ts +++ b/src/routes/api/v1/domains/domainId/field/fieldname.ts @@ -24,11 +24,16 @@ import { VKeyedCollection } from '@Tools/vTypes'; // Get the scope of the logged in account const procGetField: RequestHandler = async (req: Request, resp: Response, next: NextFunction) => { - if (req.vAuthAccount && req.vDomain) { - req.vRestResp.Data = await Domains.getField(req.vAuthToken, req.vDomain, req.vParam1); + if (req.vAuthAccount) { + if (req.vDomain) { + req.vRestResp.Data = await Domains.getField(req.vAuthToken, req.vDomain, req.vParam1); + } + else { + req.vRestResp.respondFailure(req.vDomainError ?? 'Target domain not found'); + }; } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); } next(); }; @@ -36,20 +41,25 @@ const procGetField: RequestHandler = async (req: Request, resp: Response, next: // Add a role to my roles collection. // Not implemented as something needs to be done with request_connection, etc const procPostField: RequestHandler = async (req: Request, resp: Response, next: NextFunction) => { - if (req.vAuthAccount && req.vDomain) { - const updates: VKeyedCollection = {}; - const success = await Domains.setField(req.vAuthToken, req.vDomain, req.vParam1, - req.body.set, req.vAuthAccount, updates); - if (success.valid) { - // Setting worked so update the database - Domains.updateEntityFields(req.vDomain, updates); + if (req.vAuthAccount) { + if (req.vDomain) { + const updates: VKeyedCollection = {}; + const success = await Domains.setField(req.vAuthToken, req.vDomain, req.vParam1, + req.body.set, req.vAuthAccount, updates); + if (success.valid) { + // Setting worked so update the database + Domains.updateEntityFields(req.vDomain, updates); + } + else { + req.vRestResp.respondFailure('value could not be set: ' + success.reason); + }; } else { - req.vRestResp.respondFailure('value could not be set: ' + success.reason); + req.vRestResp.respondFailure(req.vDomainError ?? 'Target domain not found'); }; } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/places.ts b/src/routes/api/v1/places.ts index 15f59237..2c081c47 100755 --- a/src/routes/api/v1/places.ts +++ b/src/routes/api/v1/places.ts @@ -59,7 +59,7 @@ const procGetPlaces: RequestHandler = async (req: Request, resp: Response, next: pager.addResponseFields(req); } else { - req.vRestResp.respondFailure('No account specified'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; @@ -120,7 +120,7 @@ export const procPostPlaces: RequestHandler = async (req: Request, resp: Respons }; } else { - req.vRestResp.respondFailure('no domain specified'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/places/placeId.ts b/src/routes/api/v1/places/placeId.ts index b6c852e9..63ba2ea6 100755 --- a/src/routes/api/v1/places/placeId.ts +++ b/src/routes/api/v1/places/placeId.ts @@ -48,51 +48,66 @@ export const procGetPlacesPlaceId: RequestHandler = async (req: Request, resp: R // Update place information // This request happens when a domain is being assigned to another domain export const procPutPlacesPlaceId: RequestHandler = async (req: Request, resp: Response, next: NextFunction) => { - if (req.vAuthAccount && req.vPlace && req.vDomain) { - if (checkAccessToEntity(req.vAuthToken, req.vDomain, [ Perm.SPONSOR, Perm.ADMIN ], req.vAuthAccount)) { - if (req.body.place) { - const updates: VKeyedCollection = {}; - if (req.body.place.pointee_query) { - // The caller specified a domain. Either the same domain or changing - if (req.body.place.pointee_query !== req.vPlace.domainId) { - Logger.info(`procPutPlacesPlaceId: domain changing from ${req.vPlace.domainId} to ${req.body.place.pointee_query}`) - req.vPlace.domainId = req.body.place.pointee_query; - updates.domainId = req.vPlace.domainId; + if (req.vAuthAccount) { + if (req.vPlace) { + if (req.vDomain) { + if (await checkAccessToEntity(req.vAuthToken, req.vDomain, [ Perm.SPONSOR, Perm.ADMIN ], req.vAuthAccount)) { + if (req.body.place) { + const updates: VKeyedCollection = {}; + if (req.body.place.pointee_query) { + // The caller specified a domain. Either the same domain or changing + if (req.body.place.pointee_query !== req.vPlace.domainId) { + Logger.info(`procPutPlacesPlaceId: domain changing from ${req.vPlace.domainId} to ${req.body.place.pointee_query}`) + req.vPlace.domainId = req.body.place.pointee_query; + updates.domainId = req.vPlace.domainId; + }; + }; + for (const field of [ 'path', 'address', 'description', 'thumbnail' ]) { + if (req.body.place.hasOwnProperty(field)) { + await Places.setField(req.vAuthToken, req.vPlace, field, req.body.place[field], req.vAuthAccount, updates); + }; + }; + Places.updateEntityFields(req.vPlace, updates); + } + else { + req.vRestResp.respondFailure('badly formed data'); }; + } + else { + req.vRestResp.respondFailure('unauthorized'); }; - for (const field of [ 'path', 'address', 'description', 'thumbnail' ]) { - if (req.body.place.hasOwnProperty(field)) { - await Places.setField(req.vAuthToken, req.vPlace, field, req.body.place[field], req.vAuthAccount, updates); - }; - }; - Places.updateEntityFields(req.vPlace, updates); } else { - req.vRestResp.respondFailure('badly formed data'); + req.vRestResp.respondFailure('Target domain not found'); }; } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure('Target place not found'); }; } else { - req.vRestResp.respondFailure('no such place'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; // Delete a Place export const procDeletePlacesPlaceId: RequestHandler = async (req: Request, resp: Response, next: NextFunction) => { - if (req.vAuthAccount && req.vPlace) { - if (checkAccessToEntity(req.vAuthToken, req.vDomain, [ Perm.SPONSOR, Perm.ADMIN ], req.vAuthAccount)) { - Logger.info(`procDeletePlacesPlaceId: deleting place "${req.vPlace.name}", id=${req.vPlace.id}`); - await Places.removePlace(req.vPlace); + if (req.vAuthAccount) { + if (req.vPlace) { + if (checkAccessToEntity(req.vAuthToken, req.vDomain, [ Perm.SPONSOR, Perm.ADMIN ], req.vAuthAccount)) { + Logger.info(`procDeletePlacesPlaceId: deleting place "${req.vPlace.name}", id=${req.vPlace.id}`); + await Places.removePlace(req.vPlace); + } + else { + req.vRestResp.respondFailure('unauthorized'); + }; } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure('Target place not found'); }; } else { - req.vRestResp.respondFailure('no authorization or parameter'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/places/placeId/field/fieldname.ts b/src/routes/api/v1/places/placeId/field/fieldname.ts index 80a2f8e5..d9074400 100755 --- a/src/routes/api/v1/places/placeId/field/fieldname.ts +++ b/src/routes/api/v1/places/placeId/field/fieldname.ts @@ -62,7 +62,7 @@ const procPostField: RequestHandler = async (req: Request, resp: Response, next: }; } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/profile/accountId.ts b/src/routes/api/v1/profile/accountId.ts index a1f6920a..ef0e8ea2 100644 --- a/src/routes/api/v1/profile/accountId.ts +++ b/src/routes/api/v1/profile/accountId.ts @@ -41,7 +41,7 @@ const procGetProfileAccountId: RequestHandler = async (req: Request, resp: Respo }; } else { - req.vRestResp.respondFailure('No such account'); + req.vRestResp.respondFailure('Target account not found'); }; next(); diff --git a/src/routes/api/v1/requests.ts b/src/routes/api/v1/requests.ts index f56cf579..aabff43f 100755 --- a/src/routes/api/v1/requests.ts +++ b/src/routes/api/v1/requests.ts @@ -62,7 +62,7 @@ const procGetRequests: RequestHandler = async (req: Request, resp: Response, nex pager.addResponseFields(req); } else { - req.vRestResp.respondFailure('No account specified'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/stats/category/category.ts b/src/routes/api/v1/stats/category/category.ts index 4d0d4b79..1deff818 100755 --- a/src/routes/api/v1/stats/category/category.ts +++ b/src/routes/api/v1/stats/category/category.ts @@ -49,7 +49,7 @@ const procGetCategoryStats: RequestHandler = async (req: Request, resp: Response }; } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/stats/list.ts b/src/routes/api/v1/stats/list.ts index 5fe2de3f..e4419d53 100755 --- a/src/routes/api/v1/stats/list.ts +++ b/src/routes/api/v1/stats/list.ts @@ -38,7 +38,7 @@ const procGetStatList: RequestHandler = async (req: Request, resp: Response, nex }; } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/stats/stat.ts b/src/routes/api/v1/stats/stat.ts index 82ee0395..4564e6d2 100755 --- a/src/routes/api/v1/stats/stat.ts +++ b/src/routes/api/v1/stats/stat.ts @@ -48,7 +48,7 @@ const procGetStat: RequestHandler = async (req: Request, resp: Response, next: N }; } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/token/new.ts b/src/routes/api/v1/token/new.ts index 466bd44b..e0623813 100755 --- a/src/routes/api/v1/token/new.ts +++ b/src/routes/api/v1/token/new.ts @@ -26,7 +26,6 @@ import { Logger } from '@Tools/Logging'; // Query parameter of 'scope' can say wether token is for 'owner' or 'domain'. const procPostTokenNew: RequestHandler = async (req: Request, resp: Response, next: NextFunction) => { if (req.vAuthAccount) { - // The user passes the scope but make sure we know it's one we know let scope = TokenScope.OWNER; if (req.query && req.query.scope && typeof(req.query.scope) === 'string') { @@ -50,7 +49,7 @@ const procPostTokenNew: RequestHandler = async (req: Request, resp: Response, ne }; } else { - req.vRestResp.respondFailure('account not found'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/tokens.ts b/src/routes/api/v1/tokens.ts index b6cb4f55..8899a4bd 100755 --- a/src/routes/api/v1/tokens.ts +++ b/src/routes/api/v1/tokens.ts @@ -55,7 +55,7 @@ const procGetTokens: RequestHandler = async (req: Request, resp: Response, next: pager.addResponseFields(req); } else { - req.vRestResp.respondFailure('No account specified'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/user/connection_request.ts b/src/routes/api/v1/user/connection_request.ts index 6b034e98..88944fb8 100755 --- a/src/routes/api/v1/user/connection_request.ts +++ b/src/routes/api/v1/user/connection_request.ts @@ -129,7 +129,7 @@ const procPostUserConnectionRequest: RequestHandler = async (req: Request, resp: }; } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; @@ -168,7 +168,7 @@ const procDeleteUserConnectionRequest: RequestHandler = async (req: Request, res await Requests.removeAllMyRequests(req.vAuthAccount.id, RequestType.HANDSHAKE); } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/user/connections.ts b/src/routes/api/v1/user/connections.ts index 969cd2c9..7411c605 100755 --- a/src/routes/api/v1/user/connections.ts +++ b/src/routes/api/v1/user/connections.ts @@ -42,7 +42,7 @@ const procGetUserConnections: RequestHandler = async (req: Request, resp: Respon pager.addResponseFields(req); } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; @@ -60,7 +60,7 @@ const procDeleteUserConnections: RequestHandler = async (req: Request, resp: Res await Accounts.removeConnection(req.vAuthAccount, req.vParam1); } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/user/friends.ts b/src/routes/api/v1/user/friends.ts index abfde323..d8bcce7a 100755 --- a/src/routes/api/v1/user/friends.ts +++ b/src/routes/api/v1/user/friends.ts @@ -42,7 +42,7 @@ const procGetUserFriends: RequestHandler = async (req: Request, resp: Response, pager.addResponseFields(req); } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; @@ -68,7 +68,7 @@ const procPostUserFriends: RequestHandler = async (req: Request, resp: Response, }; } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; @@ -79,7 +79,7 @@ const procDeleteUserFriends: RequestHandler = async (req: Request, resp: Respons await Accounts.removeFriend(req.vAuthAccount, req.vParam1); } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/user/heartbeat.ts b/src/routes/api/v1/user/heartbeat.ts index b79f381d..c686880e 100755 --- a/src/routes/api/v1/user/heartbeat.ts +++ b/src/routes/api/v1/user/heartbeat.ts @@ -40,7 +40,7 @@ const procPutUserHeartbeat: RequestHandler = async (req: Request, resp: Response }; } else { - req.vRestResp.respondFailure('auth token did not work'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/user/location.ts b/src/routes/api/v1/user/location.ts index f85f86b5..461d7d4c 100755 --- a/src/routes/api/v1/user/location.ts +++ b/src/routes/api/v1/user/location.ts @@ -32,7 +32,7 @@ const procPutUserLocation: RequestHandler = async (req: Request, resp: Response, await Accounts.updateEntityFields(req.vAuthAccount, updates); } else { - req.vRestResp.respondFailure('auth token did not work'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/user/locker.ts b/src/routes/api/v1/user/locker.ts index b32c36b4..2973fad7 100755 --- a/src/routes/api/v1/user/locker.ts +++ b/src/routes/api/v1/user/locker.ts @@ -31,7 +31,7 @@ const procGetUserLocker: RequestHandler = async (req: Request, resp: Response, n }; } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); @@ -41,7 +41,7 @@ const procPostUserLocker: RequestHandler = async (req: Request, resp: Response, await Accounts.updateEntityFields(req.vAuthAccount, { 'locker': req.body } ); } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/user/places.ts b/src/routes/api/v1/user/places.ts index 71cfa346..6a53757b 100755 --- a/src/routes/api/v1/user/places.ts +++ b/src/routes/api/v1/user/places.ts @@ -59,7 +59,7 @@ const procGetPlaces: RequestHandler = async (req: Request, resp: Response, next: pager.addResponseFields(req); } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/user/profile.ts b/src/routes/api/v1/user/profile.ts index 33f00a16..fe3dbe3d 100755 --- a/src/routes/api/v1/user/profile.ts +++ b/src/routes/api/v1/user/profile.ts @@ -36,7 +36,7 @@ const procGetUserProfile: RequestHandler = async (req: Request, resp: Response, }; } else { - req.vRestResp.respondFailure('auth token did not work'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/user/public_key.ts b/src/routes/api/v1/user/public_key.ts index 21086def..cce87eb7 100755 --- a/src/routes/api/v1/user/public_key.ts +++ b/src/routes/api/v1/user/public_key.ts @@ -59,7 +59,7 @@ const procPutUserPublicKey: RequestHandler = async (req: Request, resp: Response } } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/user_activities.ts b/src/routes/api/v1/user_activities.ts index 3e045853..9d1ac9dc 100755 --- a/src/routes/api/v1/user_activities.ts +++ b/src/routes/api/v1/user_activities.ts @@ -21,15 +21,13 @@ import { setupMetaverseAPI, finishMetaverseAPI } from '@Route-Tools/middleware'; import { Logger } from '@Tools/Logging'; const procPostUserActivities: RequestHandler = async (req: Request, resp: Response, next: NextFunction) => { - if (req.vRestResp) { - if (req.body.action_name) { - const activity = req.body.action_name; - if (req.vAuthAccount) { - Logger.debug(`procPostUserActivities: Received user activity "${activity}" from ${req.vAuthAccount.username}`); - } - else { - Logger.debug(`procPostUserActivities: Received user activity "${activity}" from unknown user`); - }; + if (req.body.action_name) { + const activity = req.body.action_name; + if (req.vAuthAccount) { + Logger.debug(`procPostUserActivities: Received user activity "${activity}" from ${req.vAuthAccount.username}`); + } + else { + Logger.debug(`procPostUserActivities: Received user activity "${activity}" from unknown user`); }; }; next(); diff --git a/src/routes/api/v1/users.ts b/src/routes/api/v1/users.ts index a946ec5a..de23913b 100755 --- a/src/routes/api/v1/users.ts +++ b/src/routes/api/v1/users.ts @@ -64,7 +64,7 @@ const procGetUsers: RequestHandler = async (req: Request, resp: Response, next: scoper.addResponseFields(req); } else { - req.vRestResp.respondFailure('No account specified'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; @@ -129,7 +129,7 @@ const procPostUsers: RequestHandler = async (req: Request, resp: Response, next: else { req.vRestResp.respondFailure('Badly formatted request'); }; - } + }; next(); }; diff --git a/src/routes/api/v1/users/connections.ts b/src/routes/api/v1/users/connections.ts index 4d9bbeec..ccaf0d32 100755 --- a/src/routes/api/v1/users/connections.ts +++ b/src/routes/api/v1/users/connections.ts @@ -68,7 +68,7 @@ const procGetUsersConnections: RequestHandler = async (req: Request, resp: Respo pager.addResponseFields(req); } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); }; diff --git a/src/routes/api/v1/users/public_key.ts b/src/routes/api/v1/users/public_key.ts index 05542318..9dcf5182 100755 --- a/src/routes/api/v1/users/public_key.ts +++ b/src/routes/api/v1/users/public_key.ts @@ -26,12 +26,15 @@ import { createSimplifiedPublicKey, convertBinKeyToPEM } from '@Route-Tools/Util // metaverseServerApp.use(express.urlencoded({ extended: false })); const procGetUsersPublicKey: RequestHandler = async (req: Request, resp: Response, next: NextFunction) => { - if (req.vRestResp && req.vAccount) { + if (req.vAccount) { req.vRestResp.Data = { 'public_key': createSimplifiedPublicKey(req.vAccount.sessionPublicKey), 'username': req.vAccount.username, 'accountid': req.vAccount.id }; + } + else { + req.vRestResp.respondFailure('Target account not found'); }; next(); }; diff --git a/src/routes/api/v1/users/username/location.ts b/src/routes/api/v1/users/username/location.ts index 90d827f1..64bc30b8 100755 --- a/src/routes/api/v1/users/username/location.ts +++ b/src/routes/api/v1/users/username/location.ts @@ -40,7 +40,7 @@ const procGetUserLocation: RequestHandler = async (req: Request, resp: Response, }; } else { - req.vRestResp.respondFailure('unauthorized'); + req.vRestResp.respondFailure(req.vAccountError ?? 'Not logged in'); }; next(); };