Matthias-Claudius-Schule/borrow-system
3
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

NOT WORKING - Implement API key management features: add API key creation and deletion, update API routes, and refactor related components. - NOT WORKING

Browse Source
This commit is contained in:
Theis Gaedigk
2025-09-27 17:33:59 +02:00
parent b9d637665c
commit f83f321876
6 changed files with 299 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
backend/routes/apiV2.js
View File

@@ -7,93 +7,110 @@ import {
setTakeDateV2,
getLoanByCodeV2,
getAllLoansV2,
getAPIkey,
} from "../services/database.js";
dotenv.config();
const router = express.Router();
async function validateAPIKey(apiKey) {
try {
const result = await getAPIkey();
if (!result.success || !Array.isArray(result.data)) return false;
return result.data.some((row) => {
const val = String(row?.apiKey ?? row?.key ?? row?.api_key);
return val === String(apiKey);
});
} catch (err) {
console.error("validateAPIKey error:", err);
return false;
}
}
async function ensureValidApiKey(req, res) {
const isValid = await validateAPIKey(req.params.key);
if (!isValid) {
res.status(403).json({ message: "Access denied" });
return false;
}
return true;
}
// Route for API to get ALL items from the database
router.get("/items/:key", async (req, res) => {
if (req.params.key === process.env.ADMIN_ID) {
const result = await getItemsFromDatabaseV2();
if (result.success) {
res.status(200).json({ data: result.data });
} else {
res.status(500).json({ message: "Failed to fetch items" });
}
if (!(await ensureValidApiKey(req, res))) return;
const result = await getItemsFromDatabaseV2();
if (result.success) {
res.status(200).json({ data: result.data });
} else {
res.status(403).json({ message: "Access denied" });
res.status(500).json({ message: "Failed to fetch items" });
}
});
// Route for API to control the position of an item
router.post("/controlInSafe/:key/:itemId/:state", async (req, res) => {
if (req.params.key === process.env.ADMIN_ID) {
const itemId = req.params.itemId;
const state = req.params.state;
if (state === "1" || state === "0") {
const result = await changeInSafeStateV2(itemId, state);
if (result.success) {
res.status(200).json({ data: result.data });
} else {
res.status(500).json({ message: "Failed to update item state" });
}
if (!(await ensureValidApiKey(req, res))) return;
const itemId = req.params.itemId;
const state = req.params.state;
if (state === "1" || state === "0") {
const result = await changeInSafeStateV2(itemId, state);
if (result.success) {
res.status(200).json({ data: result.data });
} else {
res.status(400).json({ message: "Invalid state value" });
res.status(500).json({ message: "Failed to update item state" });
}
} else {
res.status(403).json({ message: "Access denied" });
res.status(400).json({ message: "Invalid state value" });
}
});
// Route for API to get a loan by its code
router.get("/getLoanByCode/:key/:loan_code", async (req, res) => {
if (req.params.key === process.env.ADMIN_ID) {
const loan_code = req.params.loan_code;
if (!(await ensureValidApiKey(req, res))) return;
const result = await getLoanByCodeV2(loan_code);
if (result.success) {
res.status(200).json({ data: result.data });
} else {
res.status(404).json({ message: "Loan not found" });
}
const loan_code = req.params.loan_code;
const result = await getLoanByCodeV2(loan_code);
if (result.success) {
res.status(200).json({ data: result.data });
} else {
res.status(404).json({ message: "Loan not found" });
}
});
// Route for API to set the return date by the loan code
router.post("/setReturnDate/:key/:loan_code", async (req, res) => {
if (req.params.key === process.env.ADMIN_ID) {
const loanCode = req.params.loan_code;
if (!(await ensureValidApiKey(req, res))) return;
const result = await setReturnDateV2(loanCode);
if (result.success) {
res.status(200).json({ data: result.data });
} else {
res.status(500).json({ message: "Failed to set return date" });
}
const loanCode = req.params.loan_code;
const result = await setReturnDateV2(loanCode);
if (result.success) {
res.status(200).json({ data: result.data });
} else {
res.status(403).json({ message: "Access denied" });
res.status(500).json({ message: "Failed to set return date" });
}
});
// Route for API to set the take away date by the loan code
router.post("/setTakeDate/:key/:loan_code", async (req, res) => {
if (req.params.key === process.env.ADMIN_ID) {
const loanCode = req.params.loan_code;
if (!(await ensureValidApiKey(req, res))) return;
const result = await setTakeDateV2(loanCode);
if (result.success) {
res.status(200).json({ data: result.data });
} else {
res.status(500).json({ message: "Failed to set take date" });
}
const loanCode = req.params.loan_code;
const result = await setTakeDateV2(loanCode);
if (result.success) {
res.status(200).json({ data: result.data });
} else {
res.status(403).json({ message: "Access denied" });
res.status(500).json({ message: "Failed to set take date" });
}
});
// Route for API to get ALL loans from the database without sensitive info
router.get("/allLoans", async (req, res) => {
router.get("/allLoans/:key", async (req, res) => {
if (!(await ensureValidApiKey(req, res))) return;
const result = await getAllLoansV2();
if (result.success) {
return res.status(200).json(result.data);
@@ -101,8 +118,10 @@ router.get("/allLoans", async (req, res) => {
return res.status(500).json({ message: "Failed to fetch loans" });
});
// Route for API to get ALL items form the database without key
router.get("/allItems", async (req, res) => {
// Route for API to get ALL items form the database
router.get("/allItems/:key", async (req, res) => {
if (!(await ensureValidApiKey(req, res))) return;
const result = await getItemsFromDatabaseV2();
if (result.success) {
res.status(200).json(result.data);