Implement access marker for API

tshemsedinov · tshemsedinov · commit 949e031524b0 · 2020-05-13T00:33:40.000+03:00
Contract definition: https://github.com/metarhia/Contracts/blob/master/doc/API.md Closes: #99 PR-URL: #103
diff --git a/api/about.js b/api/about.js
@@ -1,4 +1,4 @@
-(async () => [
+async () => [
   'Metarhia is a Community and Technology Stack',
   'for Distributed Highload Applications and Data Storage',
   '',
@@ -25,4 +25,4 @@
   'Objective-C, Kotlin, C#, Delphi, Assembler, Python, Haskell, etc.',
   'We provide solutions for Unix/Linux, Windows, OSX, Android, Internet',
   'solutions and Embedded systems.'
-]);
+];
diff --git a/api/signIn.js b/api/signIn.js
@@ -1,8 +1,11 @@
-async ({ login, password }) => {
-  const user = await application.auth.getUser(login);
-  const hash = user ? user.password : undefined;
-  const verified = await application.security.validatePassword(password, hash);
-  if (!user || !verified) throw new Error('Incorrect login or password');
-  console.log(`Logged user: ${login}`);
-  return { result: 'success', userId: user.id };
-};
+({
+  access: 'public',
+  method: async ({ login, password }) => {
+    const user = await application.auth.getUser(login);
+    const hash = user ? user.password : undefined;
+    const valid = await application.security.validatePassword(password, hash);
+    if (!user || !valid) throw new Error('Incorrect login or password');
+    console.log(`Logged user: ${login}`);
+    return { result: 'success', userId: user.id };
+  }
+});
diff --git a/lib/application.js b/lib/application.js
@@ -48,7 +48,9 @@ class Application extends events.EventEmitter {
   }
 
   async createScript(fileName) {
-    const code = await fsp.readFile(fileName, 'utf8');
+    const data = await fsp.readFile(fileName, 'utf8');
+    const code = data.startsWith('({') ? data :
+      `({ access: 'logged', method: ${data.trim().slice(0, -1)} });`;
     const src = `'use strict';\ncontext => ${code}`;
     const options = { filename: fileName, lineOffset: -1 };
     try {
diff --git a/lib/server.js b/lib/server.js
@@ -80,25 +80,26 @@ class Client {
     const { req, res } = this;
     const { url } = req;
     const ip = req.connection.remoteAddress;
-    const method = url.substring(METHOD_OFFSET);
+    const name = url.substring(METHOD_OFFSET);
     const session = await this.application.auth.restore(req);
-    if (!session && method !== 'signIn') {
-      this.application.logger.error(`Forbidden ${url}`);
-      this.error(403);
-      semaphore.leave();
-      return;
-    }
     const args = await receiveArgs(req);
     const sandbox = session ? session.sandbox : undefined;
     const context = session ? session.context : {};
     try {
-      const proc = this.application.runScript(method, sandbox);
-      const result = await proc(context)(args);
+      const exp = this.application.runScript(name, sandbox);
+      const { method, access } = exp(context);
+      if (!session && access !== 'public') {
+        this.application.logger.error(`Forbidden ${url}`);
+        this.error(403);
+        semaphore.leave();
+        return;
+      }
+      const result = await method(args);
       if (res.finished) {
         semaphore.leave();
         return;
       }
-      if (method === 'signIn') {
+      if (!session && access === 'public') {
         const session = this.application.auth.start(req, ip, result.userId);
         res.setHeader('Set-Cookie', session.cookie);
       }
@@ -151,19 +152,20 @@ const apiws = (application, connection, req) => async message => {
   }
   try {
     const ip = req.connection.remoteAddress;
-    const { method, args } = JSON.parse(message);
+    const { method: name, args } = JSON.parse(message);
     const session = await application.auth.restore(req);
-    if (!session && method !== 'signIn') {
-      application.logger.error(`Forbidden: ${method}`);
+    const sandbox = session ? session.sandbox : undefined;
+    const context = session ? session.context : {};
+    const exp = application.runScript(name, sandbox);
+    const { method, access } = exp(context);
+    if (!session && access !== 'public') {
+      application.logger.error(`Forbidden: ${name}`);
       send({ result: 'error', reason: 'forbidden' });
       semaphore.leave();
       return;
     }
-    const sandbox = session ? session.sandbox : undefined;
-    const context = session ? session.context : {};
-    const proc = application.runScript(method, sandbox);
-    const result = await proc(context)(args);
-    if (method === 'signIn') {
+    const result = await method(args);
+    if (!session && access === 'public') {
       const session = application.auth.start(req, ip, result.userId);
       result.token = session.cookie;
     }
