From d91e572e829bb8eb006663b52a3dd8db80f8acac Mon Sep 17 00:00:00 2001 From: tycrek Date: Mon, 26 Dec 2022 15:19:38 -0700 Subject: [PATCH] fix: properly specify and use Magic Number HTTP codes --- MagicNumbers.json | 2 ++ src/routers/api.ts | 37 +++++++++++++++++++++---------------- src/types/json.d.ts | 2 ++ 3 files changed, 25 insertions(+), 16 deletions(-) diff --git a/MagicNumbers.json b/MagicNumbers.json index 9ad1d5b..af2737c 100644 --- a/MagicNumbers.json +++ b/MagicNumbers.json @@ -3,8 +3,10 @@ "HTTPS": 443, "CODE_OK": 200, "CODE_NO_CONTENT": 204, + "CODE_BAD_REQUEST": 400, "CODE_UNAUTHORIZED": 401, "CODE_NOT_FOUND": 404, + "CODE_CONFLICT": 409, "CODE_PAYLOAD_TOO_LARGE": 413, "CODE_UNSUPPORTED_MEDIA_TYPE": 415, "CODE_INTERNAL_SERVER_ERROR": 500, diff --git a/src/routers/api.ts b/src/routers/api.ts index 4db78fd..8255e09 100644 --- a/src/routers/api.ts +++ b/src/routers/api.ts @@ -4,12 +4,17 @@ * - Resources */ +import { MagicNumbers } from 'ass-json'; +import fs from 'fs-extra'; import { Router, Request, Response, NextFunction } from 'express'; import { findFromToken, setUserPassword, users, createNewUser, deleteUser, setUserMeta, deleteUserMeta, setUsername, resetToken, verifyCliKey } from '../auth'; -import { log } from '../utils'; +import { log, path } from '../utils'; import { data } from '../data'; import { User } from '../types/auth'; +// Load the status codes +const { CODE_OK, CODE_BAD_REQUEST, CODE_UNAUTHORIZED, CODE_NOT_FOUND, CODE_CONFLICT, CODE_INTERNAL_SERVER_ERROR }: MagicNumbers = fs.readJsonSync(path('MagicNumbers.json')); + /** * The primary API router */ @@ -26,12 +31,12 @@ const errorHandler = (res: Response, err: Error | any) => { let code: number; switch (err.message) { case 'User not found': - code = 404; break; + code = CODE_NOT_FOUND; break; case 'Meta key already exists': case 'Username already taken': - code = 409; break; + code = CODE_CONFLICT; break; default: - code = 500; + code = CODE_INTERNAL_SERVER_ERROR; } return res.status(code).type('text').send(err.message ?? err); @@ -43,14 +48,14 @@ const errorHandler = (res: Response, err: Error | any) => { */ const adminAuthMiddleware = (req: Request, res: Response, next: NextFunction) => { const user = findFromToken(req.headers.authorization ?? ''); - (verifyCliKey(req) || (user && user.admin)) ? next() : res.sendStatus(401); + (verifyCliKey(req) || (user && user.admin)) ? next() : res.sendStatus(CODE_UNAUTHORIZED); }; /** * Simple function to either return JSON or a 404, so I don't have to write it 40 times. * @since v0.14.0 */ -const userFinder = (res: Response, user: User | undefined) => user ? res.json(user) : res.sendStatus(404); +const userFinder = (res: Response, user: User | undefined) => user ? res.json(user) : res.sendStatus(CODE_NOT_FOUND); function buildUserRouter() { const userRouter = Router(); @@ -75,7 +80,7 @@ function buildUserRouter() { const newPassword = req.body.password; setUserPassword(id, newPassword) - .then(() => res.sendStatus(200)) + .then(() => res.sendStatus(CODE_OK)) .catch((err) => errorHandler(res, err)); }); @@ -89,7 +94,7 @@ function buildUserRouter() { // Block if username or password is empty, or if username is already taken if (username == null || username.length === 0 || password == null || password.length == 0 || users.find(user => user.username === username)) - return res.sendStatus(400); + return res.sendStatus(CODE_BAD_REQUEST); createNewUser(username, password, admin, meta) .then((user) => res.send(user)) @@ -107,7 +112,7 @@ function buildUserRouter() { const id = req.params.id; deleteUser(id) - .then(() => res.sendStatus(200)) + .then(() => res.sendStatus(CODE_OK)) .catch((err) => errorHandler(res, err)); }); @@ -120,10 +125,10 @@ function buildUserRouter() { const force = req.body.force ?? false; if (key == null || key.length === 0 || value == null || value.length === 0) - return res.sendStatus(400); + return res.sendStatus(CODE_BAD_REQUEST); setUserMeta(id, key, value, force) - .then(() => res.sendStatus(200)) + .then(() => res.sendStatus(CODE_OK)) .catch((err) => errorHandler(res, err)); }); @@ -134,10 +139,10 @@ function buildUserRouter() { const key: string | undefined = req.body.key; if (key == null || key.length === 0) - return res.sendStatus(400); + return res.sendStatus(CODE_BAD_REQUEST); deleteUserMeta(id, key) - .then(() => res.sendStatus(200)) + .then(() => res.sendStatus(CODE_OK)) .catch((err) => errorHandler(res, err)); }); @@ -149,10 +154,10 @@ function buildUserRouter() { const username: string | undefined = req.body.username; if (username == null || username.length === 0) - return res.sendStatus(400); + return res.sendStatus(CODE_BAD_REQUEST); setUsername(id, username) - .then(() => res.sendStatus(200)) + .then(() => res.sendStatus(CODE_OK)) .catch((err) => errorHandler(res, err)); }); @@ -163,7 +168,7 @@ function buildUserRouter() { const id = req.params.id; resetToken(id) - .then(() => res.sendStatus(200)) + .then(() => res.sendStatus(CODE_OK)) .catch((err) => errorHandler(res, err)); }); diff --git a/src/types/json.d.ts b/src/types/json.d.ts index bf54ade..27adacb 100644 --- a/src/types/json.d.ts +++ b/src/types/json.d.ts @@ -39,8 +39,10 @@ declare module 'ass-json' { HTTPS: number CODE_OK: number CODE_NO_CONTENT: number + CODE_BAD_REQUEST: number CODE_UNAUTHORIZED: number CODE_NOT_FOUND: number + CODE_CONFLICT: number CODE_PAYLOAD_TOO_LARGE: number CODE_UNSUPPORTED_MEDIA_TYPE: number CODE_INTERNAL_SERVER_ERROR: number