permissions & routes with middleware

src/routes/admin/index.ts

@@ -21,6 +21,8 @@ import newsletter from "./club/newsletter";
 import role from "./user/role";
 import user from "./user/user";
 import invite from "./user/invite";
+import api from "./user/api";
+import preventApiAccess from "../../middleware/preventWebApiAccess";
 
 var router = express.Router({ mergeParams: true });
 
@@ -60,5 +62,6 @@ router.use("/newsletter", PermissionHelper.passCheckMiddleware("read", "club", "
 router.use("/role", PermissionHelper.passCheckMiddleware("read", "user", "role"), role);
 router.use("/user", PermissionHelper.passCheckMiddleware("read", "user", "user"), user);
 router.use("/invite", PermissionHelper.passCheckMiddleware("read", "user", "user"), invite);
+router.use("/webapi", preventApiAccess, PermissionHelper.passCheckMiddleware("read", "user", "webapi"), api);
 
 export default router;

src/routes/admin/user/api.ts

@@ -0,0 +1,59 @@
+import express, { Request, Response } from "express";
+import PermissionHelper from "../../../helpers/permissionHelper";
+import {
+  createApi,
+  deleteApi,
+  getAllApis,
+  getApiById,
+  getApiPermissions,
+  updateApi,
+  updateApiPermissions,
+} from "../../../controller/admin/user/apiController";
+
+var router = express.Router({ mergeParams: true });
+
+router.get("/", async (req: Request, res: Response) => {
+  await getAllApis(req, res);
+});
+
+router.get("/:id", async (req: Request, res: Response) => {
+  await getApiById(req, res);
+});
+
+router.get("/:id/permissions", async (req: Request, res: Response) => {
+  await getApiPermissions(req, res);
+});
+
+router.post(
+  "/",
+  PermissionHelper.passCheckMiddleware("create", "user", "webapi"),
+  async (req: Request, res: Response) => {
+    await createApi(req, res);
+  }
+);
+
+router.patch(
+  "/:id",
+  PermissionHelper.passCheckMiddleware("update", "user", "webapi"),
+  async (req: Request, res: Response) => {
+    await updateApi(req, res);
+  }
+);
+
+router.patch(
+  "/:id/permissions",
+  PermissionHelper.passCheckMiddleware("admin", "user", "webapi"),
+  async (req: Request, res: Response) => {
+    await updateApiPermissions(req, res);
+  }
+);
+
+router.delete(
+  "/:id",
+  PermissionHelper.passCheckMiddleware("delete", "user", "webapi"),
+  async (req: Request, res: Response) => {
+    await deleteApi(req, res);
+  }
+);
+
+export default router;

src/routes/api.ts

@@ -0,0 +1,10 @@
+import express, { Request, Response } from "express";
+import { getWebApiAccess } from "../controller/apiController";
+
+var router = express.Router({ mergeParams: true });
+
+router.get("/retrieve", async (req: Request, res: Response) => {
+  await getWebApiAccess(req, res);
+});
+
+export default router;

src/routes/index.ts

@@ -14,6 +14,8 @@ import auth from "./auth";
 import admin from "./admin/index";
 import user from "./user";
 import detectPWA from "../middleware/detectPWA";
+import api from "./api";
+import authenticateAPI from "../middleware/authenticateAPI";
 
 export default (app: Express) => {
   app.set("query parser", "extended");
@@ -32,6 +34,7 @@ export default (app: Express) => {
   app.use("/api/reset", reset);
   app.use("/api/invite", invite);
   app.use("/api/auth", auth);
+  app.use("/api/webapi", authenticateAPI, api);
   app.use(authenticate);
   app.use("/api/admin", admin);
   app.use("/api/user", user);