2022-02-27 02:07:39 +00:00
|
|
|
import Koa from 'koa';
|
2016-12-28 22:49:51 +00:00
|
|
|
|
2022-02-27 02:07:39 +00:00
|
|
|
import { IEndpoint } from './endpoints.js';
|
2023-05-19 21:08:06 +00:00
|
|
|
import { authenticate, AuthenticationError } from './authenticate.js';
|
2022-02-27 02:07:39 +00:00
|
|
|
import call from './call.js';
|
|
|
|
import { ApiError } from './error.js';
|
2016-12-28 22:49:51 +00:00
|
|
|
|
2022-09-25 19:12:50 +00:00
|
|
|
function getRequestArguments(ctx: Koa.Context): Record<string, any> {
|
|
|
|
const args = {
|
|
|
|
...(ctx.params || {}),
|
|
|
|
...ctx.query,
|
|
|
|
...(ctx.request.body || {}),
|
|
|
|
};
|
|
|
|
|
|
|
|
// For security reasons, we drop the i parameter if it's a GET request
|
|
|
|
if (ctx.method === 'GET') {
|
|
|
|
delete args['i'];
|
|
|
|
}
|
|
|
|
|
|
|
|
return args;
|
|
|
|
}
|
|
|
|
|
2022-10-23 11:34:37 +00:00
|
|
|
export async function handler(endpoint: IEndpoint, ctx: Koa.Context): Promise<void> {
|
2022-09-25 19:12:50 +00:00
|
|
|
const body = getRequestArguments(ctx);
|
2018-04-13 02:44:39 +00:00
|
|
|
|
2017-02-27 07:14:41 +00:00
|
|
|
// Authentication
|
2022-07-18 15:41:08 +00:00
|
|
|
// for GET requests, do not even pass on the body parameter as it is considered unsafe
|
2022-10-23 11:34:37 +00:00
|
|
|
await authenticate(ctx.headers.authorization, ctx.method === 'GET' ? null : body['i']).then(async ([user, app]) => {
|
2019-02-22 05:46:49 +00:00
|
|
|
// API invoking
|
2022-10-23 11:34:37 +00:00
|
|
|
await call(endpoint.name, user, app, body, ctx).then((res: any) => {
|
2022-06-25 09:26:31 +00:00
|
|
|
if (ctx.method === 'GET' && endpoint.meta.cacheSec && !body['i'] && !user) {
|
|
|
|
ctx.set('Cache-Control', `public, max-age=${endpoint.meta.cacheSec}`);
|
|
|
|
}
|
2022-10-23 11:34:37 +00:00
|
|
|
if (res == null) {
|
|
|
|
ctx.status = 204;
|
|
|
|
} else {
|
|
|
|
ctx.status = 200;
|
|
|
|
// If a string is returned, it must be passed through JSON.stringify to be recognized as JSON.
|
|
|
|
ctx.body = typeof res === 'string' ? JSON.stringify(res) : res;
|
|
|
|
}
|
2019-04-12 16:43:22 +00:00
|
|
|
}).catch((e: ApiError) => {
|
2022-12-19 19:12:24 +00:00
|
|
|
e.apply(ctx, endpoint.name);
|
2019-02-22 05:46:49 +00:00
|
|
|
});
|
2021-07-17 15:53:16 +00:00
|
|
|
}).catch(e => {
|
|
|
|
if (e instanceof AuthenticationError) {
|
2022-12-19 19:12:24 +00:00
|
|
|
new ApiError('AUTHENTICATION_FAILED', e.message).apply(ctx, endpoint.name);
|
2021-07-17 15:53:16 +00:00
|
|
|
} else {
|
2022-12-19 19:12:24 +00:00
|
|
|
new ApiError().apply(ctx, endpoint.name);
|
2021-07-17 15:53:16 +00:00
|
|
|
}
|
2019-02-22 05:46:49 +00:00
|
|
|
});
|
2022-10-28 14:57:56 +00:00
|
|
|
}
|