/* ============================================================================ *\|| ########################################################################## |||| # Auction Software Marketplace Release: 0.6 Build 0.7 # |||| # ---------------------------------------------------------------------- # |||| # License # 35YAHCNR9344X6O666C123AB # |||| # ---------------------------------------------------------------------- # |||| # Copyright ©2014–2021 Develop Scripts LLC. All Rights Reserved # |||| # This file may not be redistributed in whole or significant part. # |||| # ------------- AUCTION SOFTWARE IS NOT FREE SOFTWARE ------------------ # |||| # http://www.auctionsoftwaremarketplace.com|support@auctionsoftware.com # |||| # ---------------------------------------------------------------------- # |||| ########################################################################## ||\* ============================================================================ */const express = require('express')const config = require('config').get('JwtToken')const fs = require('fs')const morgan = require('morgan')const path = require('path')const jwt = require('jsonwebtoken')const communication = require('./routes/communication')const product = require('./routes/product')const userProduct = require('../front/routes/product')const user = require('./routes/user')const admin = require('./routes/admin')const auction = require('./routes/auction')const invoice = require('./routes/invoice')const returnAPI = require('./routes/return')const report = require('./routes/report')const employee = require('./routes/employee')const refund = require('./routes/refund')const transaction = require('./routes/transaction')const setting = require('./routes/setting')const adminModule = require('./modules/admin').default// const { CustomStatusError } = require('../../middleware/custom_error')// const checkIPValidation = require('../../middleware/ip_whitelist');const { accessLogStream, jsonResponse } = require('./controllers/logger')// const checkip = new checkIPValidation();const app = express.Router()app.use( morgan(':remote-addr - :remote-user [:date[web]] ":method :url HTTP/:http-version" :reqbody', { immediate: true, stream: accessLogStream, }),)app.use( morgan(':status :res[content-length] - :response-time ms"', { immediate: false, stream: accessLogStream, }),)app.use( morgan( ':remote-addr - :remote-user [:date[web]] ":method :url HTTP/:http-version" :status :res[header] :req[header] - :response-time ms ":referrer" ":user-agent" :reqbody', { stream: fs.createWriteStream( path.join(__dirname, '../../../../public/logs/api/error/access.log'), { flags: 'a' }, ), skip(req, res) { return res.statusCode < 400 }, }, ),)const NotAuthenticated = async (req, res, next) => { const bearerHeader = req.headers.authorization if (typeof bearerHeader !== 'undefined') { const bearer = bearerHeader.split(' ') const bearerToken = bearer[1] try { const decoded = await jwt.verify(bearerToken, config.get('secret')) req.token = bearerToken const [results] = await Promise.all([adminModule.userDetails(decoded.id)]) const [userValue] = results req.user = userValue return next() } catch (err) { jsonResponse(res, 'error', { responseType: 403, message: 'Session timed out!', }) return false } // finally { // let ipvalidated = checkip.checkIpValidation(req); // if(ipvalidated[0]){ // next(); // } else { // throw new CustomStatusError('IP '+ipvalidated[1]+' is not whitelisted', 403); // } // } } else { return next() }}const Authenticated = async (req, res, next) => { if ( req.originalUrl === '/api/admin/checkValidation' || req.originalUrl === '/api/admin/login' || req.originalUrl === '/api/admin/forgotPassword' || req.originalUrl === '/api/admin/resetPassword' || req.originalUrl === '/api/common/getDefault' ) { return next() } const bearerHeader = req.headers.authorization if (typeof bearerHeader !== 'undefined') { const bearer = bearerHeader.split(' ') const bearerToken = bearer[1] try { const decoded = await jwt.verify(bearerToken, config.get('secret')) req.token = bearerToken const [results] = await Promise.all([adminModule.userDetails(decoded.admin_id)]) const [userValue] = results userValue.admin_id = userValue.id delete userValue.id req.user = userValue return next() } catch (err) { jsonResponse(res, 'error', { responseType: 403, message: 'Session timed out!', }) return false } // finally { // let ipvalidated = checkip.checkIpValidation(req); // if(ipvalidated[0]){ // next(); // } else { // throw new CustomStatusError('IP '+ipvalidated[1]+' is not whitelisted', 403); // } // } } else { jsonResponse(res, 'error', { responseType: 403, message: 'No Bearer Token Available!', }) return false }}const AuthenticatedWithUser = async (req, res, next) => { const bearerHeader = req.headers.authorization if (typeof bearerHeader !== 'undefined' && req.body.user_id) { const bearer = bearerHeader.split(' ') const bearerToken = bearer[1] try { const decoded = await jwt.verify(bearerToken, config.get('secret')) req.token = bearerToken const [results] = await Promise.all([adminModule.userDetails(decoded.admin_id)]) const [userValue] = results userValue.admin_id = userValue.id userValue.id = req.body.user_id req.user = userValue return next() } catch (err) { jsonResponse(res, 'error', { responseType: 403, message: 'Session timed out!', }) return false } // finally { // let ipvalidated = checkip.checkIpValidation(req); // if(ipvalidated[0]){ // next(); // } else { // throw new CustomStatusError('IP '+ipvalidated[1]+' is not whitelisted', 403); // } // } } else if (req.body.user_id) { jsonResponse(res, 'error', { responseType: 403, message: 'No Bearer Token Available!', }) return false } else { jsonResponse(res, 'error', { responseType: 403, message: 'No User ID Available!', }) return false }}/** * Operations for Admin side. * * @namespace adminside */app.use('/', Authenticated, admin)app.use('/communication', Authenticated, communication)app.use('/product', Authenticated, product)app.use('/user/product', AuthenticatedWithUser, userProduct)app.use('/user', Authenticated, user)app.use('/auction', Authenticated, auction)app.use('/invoice', Authenticated, invoice)app.use('/return', Authenticated, returnAPI)app.use('/report', Authenticated, report)app.use('/refund', Authenticated, refund)app.use('/employee', Authenticated, employee)app.use('/transaction', Authenticated, transaction)app.use('/setting', Authenticated, setting)module.exports = app