dougal-software/lib/www/server/api/index.js


const http = require('http');
const express = require('express');
const cookieParser = require('cookie-parser')

const maybeSendAlert = require("../lib/alerts");
const mw = require('./middleware');

const app = express();
const verbose = process.env.NODE_ENV != 'test';

app.map = function(a, route){
	route = route || '';
	for (var key in a) {
		switch (typeof a[key]) {
			// { '/path': { ... }}
			case 'object':
				if (!Array.isArray(a[key])) {
					app.map(a[key], route + key);
					break;
				} // else drop through
				// get: function(){ ... }
			case 'function':
				if (verbose) console.log('%s %s', key, route);
				app[key](route, a[key]);
				break;
		}
	}
};

app.use(express.json({type: "application/json", strict: false, limit: '10mb'}));
app.use(express.urlencoded({ type: "application/x-www-form-urlencoded", extended: true }));
app.use(express.text({type: "text/*", limit: '10mb'}));
app.use((req, res, next) => {
	res.set("Access-Control-Allow-Origin", "*");
	res.set("Access-Control-Allow-Methods", "OPTIONS, GET, POST, PUT, PATCH, DELETE");
	res.set("Access-Control-Allow-Headers", "Content-Type");
	next();
});

app.use(cookieParser());
app.use(mw.auth.jwt);
// app.use(mw.auth.access({path: {allow:["^/login", "^/user$"]}}));

// Adds arbitrary information to the request object
const meta = (key, value) => {
	return (req, res, next) => {
		if (!req.meta) {
			req.meta = {};
		}

		if (key) {
			req.meta[key] = value;
		}

		next();
	}
};

// Short for adding meta to all methods
const allMeta = (key, value) => {
	return { all: [ meta(key, value) ] };
};

// These routes do not require authentication
app.map({
	'*': { all: [ meta() ] }, // Create the req.meta object
	'/login': {
		post: [ mw.user.login ]
	},
	'/logout': {
		get: [ mw.user.logout ],
		post: [ mw.user.logout ]
	},
	'/': {
		get: [ mw.openapi.get ]
	}
});

app.use(mw.auth.authentify);

// We must be authenticated before we can access these
app.map({
	'/project': {
		get: [ mw.project.list ],  // Get list of projects
	},
	'/project/:project': {
		get: [ mw.project.get ],      // Get project data
	},
	'/project/:project/summary': {
		get: [ mw.project.get ],
	},
	'/project/:project/gis': {
		get: [ mw.gis.project.bbox ]
	},
	'/project/:project/gis/preplot': {
		get: [ mw.gis.project.preplot ]
	},
	'/project/:project/gis/preplot/:featuretype(line|point)': {
		get: [ mw.gis.project.preplot ]
	},
	'/project/:project/gis/raw/:featuretype(line|point)': {
		get: [ mw.gis.project.raw ]
	},
	'/project/:project/gis/final/:featuretype(line|point)': {
		get: [ mw.gis.project.final ]
	},
	'/project/:project/line/': {
		get: [ mw.line.list ],
	},
	'/project/:project/line/:line': {
// 		get: [ mw.line.get ],
		patch: [ mw.auth.access.write, mw.line.patch ],
	},

	'/project/:project/sequence/': {
		get: [ mw.sequence.list ],
	},
	'/project/:project/sequence/:sequence': {
// 		get: [ mw.sequence.get ],
		patch: [ mw.auth.access.write, mw.sequence.patch ],
	},

	'/project/:project/plan/': {
		get: [ mw.plan.list ],
		put: [ mw.auth.access.write, mw.plan.put ],
		post: [ mw.auth.access.write, mw.plan.post ]
	},
	'/project/:project/plan/:sequence': {
// 		get: [ mw.plan.get ],
		patch: [ mw.auth.access.write, mw.plan.patch ],
		delete: [ mw.auth.access.write, mw.plan.delete ]
	},
//
	'/project/:project/event/': {
		get: [ mw.event.cache.get, mw.event.list, mw.event.cache.save ],
		post: [ mw.auth.access.write, mw.event.post ],
		put: [ mw.auth.access.write, mw.event.put ],
		delete: [ mw.auth.access.write, mw.event.delete ],
		':type/': {
			':id/': {
// 				get: [ mw.event.get ],
				put: [ mw.auth.access.write, mw.event.put ],
				delete: [mw.auth.access.write,  mw.event.delete ]
			}
		},
	},
	'/project/:project/label/': {
		get: [ mw.label.list ],
// 		post: [ mw.label.post ],
	},
	'/project/:project/configuration/:path(*)?': {
		get: [ mw.configuration.get ],
// 		post: [ mw.auth.access.admin, mw.label.post ],
	},
	'/project/:project/info/:path(*)': {
		get: [ mw.info.get ],
// 		post: [ mw.info.post ],
	},
	'/project/:project/meta/': {
		put: [ mw.meta.put ],
	},
	'/project/:project/meta/:path(*)': {
		// Path examples:
		// GET:
		// `/raw/sequences/qc/missing_shots`,
		// `/final/points/qc/sync_warn/results
		get: [ mw.meta.get ],
// 		// PUT:
// 		// `/raw/qc/missing_shots` ← { sequence: …, value: … }
// 		put: [ mw.meta.put ]
	},
//
// 	'/project/:id/permissions/:mode(read|write)?': {
// 		get: [ mw.permissions.get ],
// 		put: [ mw.permissions.put ],
// // 		post: [ mw.permissions.post ],
// // 		delete: [ mw.permissions.delete ]
// 	},
	'/navdata/': {
		get: [ mw.navdata.get ],
		'gis/:featuretype(line|point)': {
			get: [ mw.gis.navdata.get ]
		}
	},
	'/rss/': {
		get: [ mw.rss.get ]
	}
//
// 	'/user': {
// 		get: [ mw.user.get ],
// 		post: [  mw.user.put ]
// 	},
// 	'/user/:user': {
// 		get: [ mw.user.get ],
// 		put: [  mw.user.put ],
// // 		delete: [ mw.user.delete ]
// 	},
//
});

// Generic error handler. Stops stack dumps
// being sent to clients.
app.use(function (err, req, res, next) {
	const title = `HTTP backend error at ${req.method} ${req.originalUrl}`;
	const description = err.message;
	const message = err.message;
	const alert = {title, message, description, error: err};

	console.log("Error:", err);

	if (err instanceof Error && err.name != "UnauthorizedError") {
		console.error(err.stack);
		res.status(500).send('General internal error');
		maybeSendAlert(alert);
	} else if (typeof err === 'string') {
		res.status(500).send({message: err});
		maybeSendAlert(alert);
	} else {
		res.status(err.status || 500).send({message: err.message || (err.inner && err.inner.message) || "Internal error"});
		if (!res.status) {
			maybeSendAlert(alert);
		}
	}
});

app.disable('x-powered-by');
app.enable('trust proxy');
console.log('trust proxy is ' + (app.get('trust proxy')? 'on' : 'off'));

const addr = "127.0.0.1";

if (!module.parent) {
	var port = process.env.HTTP_PORT || 3000;
	var server = http.createServer(app).listen(port, addr);

	console.log('API started on port ' + port);
} else {
	app.start = function (port = 3000, path) {

		var root = app;
		if (path) {
			root = express();
			['x-powered-by', 'trust proxy'].forEach(k => root.set(k, app.get(k)));
			root.use(path, app);
		}

		const server = http.createServer(root).listen(port, addr);
		if (server) {
			console.log(`API started on port ${port}, prefix: ${path || "/"}`);
		}
		return server;
	}
	module.exports = app;
}
Initial commit 2020-08-08 23:59:13 +02:00
			`const http = require('http');`
			`const express = require('express');`
			`const cookieParser = require('cookie-parser')`

Instrument alerts for HTTP backend. An alert is sent whenever an endpoint returns an error other than an explicit failure (e.g., it won't send an alert if a middleware intentionally returns a {status: XXX} object). 2020-08-25 11:32:13 +02:00			`const maybeSendAlert = require("../lib/alerts");`
Initial commit 2020-08-08 23:59:13 +02:00			`const mw = require('./middleware');`

			`const app = express();`
			`const verbose = process.env.NODE_ENV != 'test';`

			`app.map = function(a, route){`
			`route = route \|\| '';`
			`for (var key in a) {`
			`switch (typeof a[key]) {`
			`// { '/path': { ... }}`
			`case 'object':`
			`if (!Array.isArray(a[key])) {`
			`app.map(a[key], route + key);`
			`break;`
			`} // else drop through`
			`// get: function(){ ... }`
			`case 'function':`
			`if (verbose) console.log('%s %s', key, route);`
			`app[key](route, a[key]);`
			`break;`
			`}`
			`}`
			`};`

Increase body-parser limits. Fixes #51. 2020-10-02 15:28:43 +02:00			`app.use(express.json({type: "application/json", strict: false, limit: '10mb'}));`
Initial commit 2020-08-08 23:59:13 +02:00			`app.use(express.urlencoded({ type: "application/x-www-form-urlencoded", extended: true }));`
Increase body-parser limits. Fixes #51. 2020-10-02 15:28:43 +02:00			`app.use(express.text({type: "text/*", limit: '10mb'}));`
Initial commit 2020-08-08 23:59:13 +02:00			`app.use((req, res, next) => {`
			`res.set("Access-Control-Allow-Origin", "*");`
			`res.set("Access-Control-Allow-Methods", "OPTIONS, GET, POST, PUT, PATCH, DELETE");`
			`res.set("Access-Control-Allow-Headers", "Content-Type");`
			`next();`
			`});`

			`app.use(cookieParser());`
			`app.use(mw.auth.jwt);`
			`// app.use(mw.auth.access({path: {allow:["^/login", "^/user$"]}}));`

Add a `meta` property to requests. Using the meta(key, value) middleware factory, the user can add a property req.meta[key] = value to the request. 2020-08-22 20:30:15 +02:00			`// Adds arbitrary information to the request object`
			`const meta = (key, value) => {`
			`return (req, res, next) => {`
			`if (!req.meta) {`
			`req.meta = {};`
			`}`

			`if (key) {`
			`req.meta[key] = value;`
			`}`

			`next();`
			`}`
			`};`

			`// Short for adding meta to all methods`
			`const allMeta = (key, value) => {`
			`return { all: [ meta(key, value) ] };`
			`};`

Inject auth middleware after login routes. Routes not requiring authentication must, self-evidently, go before the authentication middleware. 2020-10-11 22:11:36 +02:00			`// These routes do not require authentication`
Initial commit 2020-08-08 23:59:13 +02:00			`app.map({`
Add a `meta` property to requests. Using the meta(key, value) middleware factory, the user can add a property req.meta[key] = value to the request. 2020-08-22 20:30:15 +02:00			`'*': { all: [ meta() ] }, // Create the req.meta object`
Inject auth middleware after login routes. Routes not requiring authentication must, self-evidently, go before the authentication middleware. 2020-10-11 22:11:36 +02:00			`'/login': {`
			`post: [ mw.user.login ]`
			`},`
			`'/logout': {`
			`get: [ mw.user.logout ],`
			`post: [ mw.user.logout ]`
Serve OpenAPI document on API root. When a client makes a request for `/` (the root of the API), the OpenAPI description is served in an appropriate format according to the `Accept` request header, as follows: Accept: text/html => HTML version Accept: application/json => JSON version Accept: * => YAML version 2020-12-29 16:20:57 +01:00			`},`
			`'/': {`
			`get: [ mw.openapi.get ]`
Inject auth middleware after login routes. Routes not requiring authentication must, self-evidently, go before the authentication middleware. 2020-10-11 22:11:36 +02:00			`}`
			`});`

			`app.use(mw.auth.authentify);`

			`// We must be authenticated before we can access these`
			`app.map({`
Initial commit 2020-08-08 23:59:13 +02:00			`'/project': {`
			`get: [ mw.project.list ], // Get list of projects`
			`},`
			`'/project/:project': {`
			`get: [ mw.project.get ], // Get project data`
			`},`
			`'/project/:project/summary': {`
			`get: [ mw.project.get ],`
			`},`
			`'/project/:project/gis': {`
			`get: [ mw.gis.project.bbox ]`
			`},`
			`'/project/:project/gis/preplot': {`
			`get: [ mw.gis.project.preplot ]`
			`},`
			`'/project/:project/gis/preplot/:featuretype(line\|point)': {`
			`get: [ mw.gis.project.preplot ]`
			`},`
			`'/project/:project/gis/raw/:featuretype(line\|point)': {`
			`get: [ mw.gis.project.raw ]`
			`},`
			`'/project/:project/gis/final/:featuretype(line\|point)': {`
			`get: [ mw.gis.project.final ]`
			`},`
			`'/project/:project/line/': {`
			`get: [ mw.line.list ],`
			`},`
Add preplot line patching endpoint. Allows us to change remarks, meta and ntba fields in preplot lines. 2020-10-01 18:25:32 +02:00			`'/project/:project/line/:line': {`
Initial commit 2020-08-08 23:59:13 +02:00			`// get: [ mw.line.get ],`
Apply access restrictions to writable routes 2020-10-12 19:43:07 +02:00			`patch: [ mw.auth.access.write, mw.line.patch ],`
Add preplot line patching endpoint. Allows us to change remarks, meta and ntba fields in preplot lines. 2020-10-01 18:25:32 +02:00			`},`

Initial commit 2020-08-08 23:59:13 +02:00			`'/project/:project/sequence/': {`
			`get: [ mw.sequence.list ],`
			`},`
Implement sequence patching endpoint. Allows us to change remarks and meta fields in sequences. 2020-09-27 19:21:59 +02:00			`'/project/:project/sequence/:sequence': {`
Initial commit 2020-08-08 23:59:13 +02:00			`// get: [ mw.sequence.get ],`
Apply access restrictions to writable routes 2020-10-12 19:43:07 +02:00			`patch: [ mw.auth.access.write, mw.sequence.patch ],`
Implement sequence patching endpoint. Allows us to change remarks and meta fields in sequences. 2020-09-27 19:21:59 +02:00			`},`
Add planner endpoints 2020-10-08 16:36:15 +02:00
			`'/project/:project/plan/': {`
			`get: [ mw.plan.list ],`
Apply access restrictions to writable routes 2020-10-12 19:43:07 +02:00			`put: [ mw.auth.access.write, mw.plan.put ],`
			`post: [ mw.auth.access.write, mw.plan.post ]`
Add planner endpoints 2020-10-08 16:36:15 +02:00			`},`
			`'/project/:project/plan/:sequence': {`
			`// get: [ mw.plan.get ],`
Apply access restrictions to writable routes 2020-10-12 19:43:07 +02:00			`patch: [ mw.auth.access.write, mw.plan.patch ],`
			`delete: [ mw.auth.access.write, mw.plan.delete ]`
Add planner endpoints 2020-10-08 16:36:15 +02:00			`},`
Initial commit 2020-08-08 23:59:13 +02:00			`//`
API: Add event querying endpoint. Events may be filtered by sequence(s): …/event?sequence=1 …/event?sequence=1;3;7 Events may be filtered by date: …/event?date0=1970-01-01 Events may be filtered by a date interval: …/event?date0=1970-01-01&date1=1980-01-01 Events may also be paginated. 2020-08-12 11:35:57 +02:00			`'/project/:project/event/': {`
Refactor events middleware. The reason for refactoring was to accommodate Multiseis / client sequence exports, which will be served by this endpoint via a specific Content-Type. In the process, the cache has been fixed and redesigned. Related to #12. 2020-09-26 17:41:47 +02:00			`get: [ mw.event.cache.get, mw.event.list, mw.event.cache.save ],`
Apply access restrictions to writable routes 2020-10-12 19:43:07 +02:00			`post: [ mw.auth.access.write, mw.event.post ],`
			`put: [ mw.auth.access.write, mw.event.put ],`
			`delete: [ mw.auth.access.write, mw.event.delete ],`
Add event API endpoints 2020-08-22 20:33:43 +02:00			`':type/': {`
			`':id/': {`
			`// get: [ mw.event.get ],`
Apply access restrictions to writable routes 2020-10-12 19:43:07 +02:00			`put: [ mw.auth.access.write, mw.event.put ],`
			`delete: [mw.auth.access.write, mw.event.delete ]`
Add event API endpoints 2020-08-22 20:33:43 +02:00			`}`
			`},`
API: Add event querying endpoint. Events may be filtered by sequence(s): …/event?sequence=1 …/event?sequence=1;3;7 Events may be filtered by date: …/event?date0=1970-01-01 Events may be filtered by a date interval: …/event?date0=1970-01-01&date1=1980-01-01 Events may also be paginated. 2020-08-12 11:35:57 +02:00			`},`
API: Add label querying endpoint. Labels can be associated with events and can have display properties such as a description and colour, this is why we need an endpoint for the client to retrieve them. 2020-08-12 11:41:28 +02:00			`'/project/:project/label/': {`
			`get: [ mw.label.list ],`
Add API endpoint to retrieve survey configuration. The endpoint /project/:project/configuration/:path()? returns the contents of the survey configuration YAML file for a given project. To retrieve the full configuration: /project/:project/configuration To retrieve a specific subset (e.g., binning parameters): * /project/:project/configuration/binning To retrieve a specific value (e.g., inline bin width): * /project/:project/configuration/binning/I_width 2020-08-16 10:06:43 +02:00			`// post: [ mw.label.post ],`
			`},`
			`'/project/:project/configuration/:path(*)?': {`
			`get: [ mw.configuration.get ],`
Apply access restrictions to writable routes 2020-10-12 19:43:07 +02:00			`// post: [ mw.auth.access.admin, mw.label.post ],`
API: Add label querying endpoint. Labels can be associated with events and can have display properties such as a description and colour, this is why we need an endpoint for the client to retrieve them. 2020-08-12 11:41:28 +02:00			`},`
Add `info` API endpoint. It queries a project's `info` table. 2020-09-09 15:55:04 +02:00			`'/project/:project/info/:path(*)': {`
			`get: [ mw.info.get ],`
			`// post: [ mw.info.post ],`
			`},`
Add endpoints for setting and retrieving metadata 2020-09-20 18:11:33 +02:00			`'/project/:project/meta/': {`
			`put: [ mw.meta.put ],`
			`},`
			`'/project/:project/meta/:path(*)': {`
			`// Path examples:`
			`// GET:`
			// `/raw/sequences/qc/missing_shots`,
			// `/final/points/qc/sync_warn/results
			`get: [ mw.meta.get ],`
			`// // PUT:`
			// // `/raw/qc/missing_shots` ← { sequence: …, value: … }
			`// put: [ mw.meta.put ]`
			`},`
Initial commit 2020-08-08 23:59:13 +02:00			`//`
			`// '/project/:id/permissions/:mode(read\|write)?': {`
			`// get: [ mw.permissions.get ],`
			`// put: [ mw.permissions.put ],`
			`// // post: [ mw.permissions.post ],`
			`// // delete: [ mw.permissions.delete ]`
			`// },`
Add endpoint to retrieve real-time input data 2020-09-01 10:56:25 +02:00			`'/navdata/': {`
			`get: [ mw.navdata.get ],`
Add endpoint for retrieving real-time data as GeoJSON 2020-09-01 10:58:37 +02:00			`'gis/:featuretype(line\|point)': {`
			`get: [ mw.gis.navdata.get ]`
			`}`
Add login/logout middleware 2020-10-11 17:51:31 +02:00			`},`
Show development activity log. A button in the help dialogue takes the user to the /feed/… frontend URL, where the latest development activity is shown, taken from the GitLab RSS feed for the project. 2021-05-08 00:46:31 +02:00			`'/rss/': {`
			`get: [ mw.rss.get ]`
			`}`
Initial commit 2020-08-08 23:59:13 +02:00			`//`
			`// '/user': {`
			`// get: [ mw.user.get ],`
			`// post: [ mw.user.put ]`
			`// },`
			`// '/user/:user': {`
			`// get: [ mw.user.get ],`
			`// put: [ mw.user.put ],`
			`// // delete: [ mw.user.delete ]`
			`// },`
			`//`
			`});`

			`// Generic error handler. Stops stack dumps`
			`// being sent to clients.`
			`app.use(function (err, req, res, next) {`
Instrument alerts for HTTP backend. An alert is sent whenever an endpoint returns an error other than an explicit failure (e.g., it won't send an alert if a middleware intentionally returns a {status: XXX} object). 2020-08-25 11:32:13 +02:00			const title = `HTTP backend error at ${req.method} ${req.originalUrl}`;
			`const description = err.message;`
			`const message = err.message;`
			`const alert = {title, message, description, error: err};`

Initial commit 2020-08-08 23:59:13 +02:00			`console.log("Error:", err);`
Instrument alerts for HTTP backend. An alert is sent whenever an endpoint returns an error other than an explicit failure (e.g., it won't send an alert if a middleware intentionally returns a {status: XXX} object). 2020-08-25 11:32:13 +02:00
Initial commit 2020-08-08 23:59:13 +02:00			`if (err instanceof Error && err.name != "UnauthorizedError") {`
			`console.error(err.stack);`
			`res.status(500).send('General internal error');`
Instrument alerts for HTTP backend. An alert is sent whenever an endpoint returns an error other than an explicit failure (e.g., it won't send an alert if a middleware intentionally returns a {status: XXX} object). 2020-08-25 11:32:13 +02:00			`maybeSendAlert(alert);`
Initial commit 2020-08-08 23:59:13 +02:00			`} else if (typeof err === 'string') {`
			`res.status(500).send({message: err});`
Instrument alerts for HTTP backend. An alert is sent whenever an endpoint returns an error other than an explicit failure (e.g., it won't send an alert if a middleware intentionally returns a {status: XXX} object). 2020-08-25 11:32:13 +02:00			`maybeSendAlert(alert);`
Initial commit 2020-08-08 23:59:13 +02:00			`} else {`
			`res.status(err.status \|\| 500).send({message: err.message \|\| (err.inner && err.inner.message) \|\| "Internal error"});`
Instrument alerts for HTTP backend. An alert is sent whenever an endpoint returns an error other than an explicit failure (e.g., it won't send an alert if a middleware intentionally returns a {status: XXX} object). 2020-08-25 11:32:13 +02:00			`if (!res.status) {`
			`maybeSendAlert(alert);`
			`}`
Initial commit 2020-08-08 23:59:13 +02:00			`}`
			`});`

			`app.disable('x-powered-by');`
			`app.enable('trust proxy');`
			`console.log('trust proxy is ' + (app.get('trust proxy')? 'on' : 'off'));`

			`const addr = "127.0.0.1";`

			`if (!module.parent) {`
			`var port = process.env.HTTP_PORT \|\| 3000;`
			`var server = http.createServer(app).listen(port, addr);`

			`console.log('API started on port ' + port);`
			`} else {`
			`app.start = function (port = 3000, path) {`

			`var root = app;`
			`if (path) {`
			`root = express();`
			`['x-powered-by', 'trust proxy'].forEach(k => root.set(k, app.get(k)));`
			`root.use(path, app);`
			`}`

			`const server = http.createServer(root).listen(port, addr);`
			`if (server) {`
			console.log(`API started on port ${port}, prefix: ${path \|\| "/"}`);
			`}`
			`return server;`
			`}`
			`module.exports = app;`
			`}`