Allow POST to edit building with ?api_key=...

2018-10-20 12:59:17 +01:00 · 2018-10-20 12:59:17 +01:00 · f460aaeef6
commit f460aaeef6
parent ab2db30bc4
3 changed files with 53 additions and 23 deletions
--- a/app/src/building.js
+++ b/app/src/building.js
@ -133,7 +133,7 @@ function saveBuilding(building_id, building, user_id) {
    }).catch(function(error){
        // TODO report transaction error as 'Need to re-fetch building before update'
        console.error(error);
-        return undefined;
+        return {error: error};
    });
 }

--- a/app/src/server.js
+++ b/app/src/server.js
@ -16,7 +16,7 @@ import pgConnect from 'connect-pg-simple';

 import App from './frontend/app';
 import db from './db';
-import { authUser, createUser, getUserById, getNewUserAPIKey } from './user';
+import { authUser, createUser, getUserById, authAPIUser, getNewUserAPIKey } from './user';
 import { queryBuildingsAtPoint, queryBuildingsByReference, getBuildingById,
         saveBuilding } from './building';
 import tileserver from './tileserver';
@ -188,27 +188,39 @@ server.route('/building/:building_id.json')
        })
    })
    .post(function (req, res) {
-        if (!req.session.user_id) {
+        if (req.session.user_id) {
+            updateBuilding(req, res, req.session.user_id);
+        }  else if (req.query.api_key) {
+            authAPIUser(req.query.api_key)
+                .then(function(user){
+                    updateBuilding(req, res, user.user_id)
+                })
+                .catch(function(err){
+                    console.error(err);
+                    res.send({error: 'Must be logged in'});
+                });
+        } else {
            res.send({error: 'Must be logged in'});
+        }
+    })
+
+function updateBuilding(req, res, user_id){
+    const { building_id } = req.params;
+    const building = req.body;
+    saveBuilding(building_id, building, user_id).then(building => {
+        if (building.error) {
+            res.send(building)
            return
        }
-        const user_id = req.session.user_id;
-        const { building_id } = req.params;
-        const building = req.body;
-        saveBuilding(building_id, building, user_id).then(building => {
-            if (building.error) {
-                res.send(building)
-                return
-            }
-            if (typeof(building) === "undefined") {
-                res.send({error:'Database error'})
-                return
-            }
-            res.send(building)
-        }).catch(
-            () => res.send({error:'Database error'})
-        )
-    })
+        if (typeof(building) === "undefined") {
+            res.send({error:'Database error'})
+            return
+        }
+        res.send(building)
+    }).catch(
+        () => res.send({error:'Database error'})
+    )
+}

 // POST new user
 server.post('/users', function(req, res){
--- a/app/src/user.js
+++ b/app/src/user.js
@ -74,9 +74,10 @@ function getUserById(user_id) {
    return db.one(
        `SELECT
            username, email, registered, api_key
-        FROM users
+        FROM
+            users
        WHERE
-        user_id = $1
+            user_id = $1
        `, [
            user_id
        ]
@ -105,4 +106,21 @@ function getNewUserAPIKey(user_id) {
    });
 }

-export { getUserById, createUser, authUser, getNewUserAPIKey }
+function authAPIUser(api_key) {
+    return db.one(
+        `SELECT
+            user_id
+        FROM
+            users
+        WHERE
+            api_key = $1
+        `, [
+            api_key
+        ]
+    ).catch(function(error){
+        console.error('Error:', error)
+        return undefined;
+    });
+}
+
+export { getUserById, createUser, authUser, getNewUserAPIKey, authAPIUser }