forked from Azure-Samples/ms-identity-javascript-tutorial
-
Notifications
You must be signed in to change notification settings - Fork 0
/
todolist.js
157 lines (138 loc) · 5.69 KB
/
todolist.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
const lowdb = require('lowdb');
const FileSync = require('lowdb/adapters/FileSync');
const adapter = new FileSync('./data/db.json');
const db = lowdb(adapter);
const { v4: uuidv4 } = require('uuid');
const {
isAppOnlyToken,
hasRequiredDelegatedPermissions,
hasRequiredApplicationPermissions
} = require('../auth/permissionUtils');
const authConfig = require('../authConfig');
exports.getTodo = (req, res, next) => {
if (isAppOnlyToken(req.authInfo)) {
if (hasRequiredApplicationPermissions(req.authInfo, authConfig.protectedRoutes.todolist.applicationPermissions.read)) {
try {
const id = req.params.id;
const todo = db.get('todos')
.find({ id: id })
.value();
res.status(200).send(todo);
} catch (error) {
next(error);
}
} else {
next(new Error('Application does not have the required permissions'))
}
} else {
if (hasRequiredDelegatedPermissions(req.authInfo, authConfig.protectedRoutes.todolist.delegatedPermissions.read)) {
try {
/**
* The 'oid' (object id) is the only claim that should be used to uniquely identify
* a user in an Azure AD tenant. The token might have one or more of the following claim,
* that might seem like a unique identifier, but is not and should not be used as such,
* especially for systems which act as system of record (SOR):
*
* - upn (user principal name): might be unique amongst the active set of users in a tenant but
* tend to get reassigned to new employees as employees leave the organization and
* others take their place or might change to reflect a personal change like marriage.
*
* - email: might be unique amongst the active set of users in a tenant but tend to get
* reassigned to new employees as employees leave the organization and others take their place.
*/
const owner = req.authInfo['oid'];
const id = req.params.id;
const todo = db.get('todos')
.filter({ owner: owner })
.find({ id: id })
.value();
res.status(200).send(todo);
} catch (error) {
next(error);
}
} else {
next(new Error('User does not have the required permissions'))
}
}
}
exports.getTodos = (req, res, next) => {
if (isAppOnlyToken(req.authInfo)) {
if (hasRequiredApplicationPermissions(req.authInfo, authConfig.protectedRoutes.todolist.applicationPermissions.read)) {
try {
const todos = db.get('todos')
.value();
res.status(200).send(todos);
} catch (error) {
next(error);
}
} else {
next(new Error('Application does not have the required permissions'))
}
} else {
if (hasRequiredDelegatedPermissions(req.authInfo, authConfig.protectedRoutes.todolist.delegatedPermissions.read)) {
try {
const owner = req.authInfo['oid'];
const todos = db.get('todos')
.filter({ owner: owner })
.value();
res.status(200).send(todos);
} catch (error) {
next(error);
}
} else {
next(new Error('User does not have the required permissions'))
}
}
}
exports.postTodo = (req, res, next) => {
if (hasRequiredDelegatedPermissions(req.authInfo, authConfig.protectedRoutes.todolist.delegatedPermissions.write)
||
hasRequiredApplicationPermissions(req.authInfo, authConfig.protectedRoutes.todolist.applicationPermissions.write)
) {
try {
const todo = {
description: req.body.description,
id: uuidv4(),
owner: req.authInfo['oid'] // oid is the only claim that should be used to uniquely identify a user in an Azure AD tenant
};
db.get('todos').push(todo).write();
res.status(200).json(todo);
} catch (error) {
next(error);
}
} else (
next(new Error('User or application does not have the required permissions'))
)
}
exports.deleteTodo = (req, res, next) => {
if (isAppOnlyToken(req.authInfo)) {
if (hasRequiredApplicationPermissions(req.authInfo, authConfig.protectedRoutes.todolist.applicationPermissions.write)) {
try {
const id = req.params.id;
db.get('todos')
.remove({ id: id })
.write();
res.status(200).json({ message: "success" });
} catch (error) {
next(error);
}
} else {
next(new Error('Application does not have the required permissions'))
}
} else {
if (hasRequiredDelegatedPermissions(req.authInfo, authConfig.protectedRoutes.todolist.delegatedPermissions.write)) {
try {
const id = req.params.id;
const owner = req.authInfo['oid'];
db.get('todos')
.remove({ owner: owner, id: id })
.write();
res.status(200).json({ message: "success" });
} catch (error) {
next(error);
}
} else {
next(new Error('User does not have the required permissions'))
}
}
}