/* ============================================================================ *\
|| ########################################################################## ||
|| # Auction Software Marketplace Release: 0.6 Build 0.7 # ||
|| # ---------------------------------------------------------------------- # ||
|| # License # 35YAHCNR9344X6O666C123AB # ||
|| # ---------------------------------------------------------------------- # ||
|| # Copyright ©2014–2021 Develop Scripts LLC. All Rights Reserved # ||
|| # This file may not be redistributed in whole or significant part. # ||
|| # ------------- AUCTION SOFTWARE IS NOT FREE SOFTWARE ------------------ # ||
|| # http://www.auctionsoftwaremarketplace.com|support@auctionsoftware.com # ||
|| # ---------------------------------------------------------------------- # ||
|| ########################################################################## ||
\* ============================================================================ */
const express = require('express')
const config = require('config').get('JwtToken')
const fs = require('fs')
const morgan = require('morgan')
const path = require('path')
const jwt = require('jsonwebtoken')
const communication = require('./routes/communication')
const product = require('./routes/product')
const userProduct = require('../front/routes/product')
const userBid = require('../front/routes/bid')
const userInvoice = require('../front/routes/invoice')
const userCredit = require('../front/routes/credit')
const userCart = require('../front/routes/cart')
const userShipping = require('../front/routes/shipping/common')
const userpaymentThird = require('../front/routes/payment/index')
const userCommon = require('../front/routes/common')
const userVideo = require('../front/routes/video')
const userOffline = require('../front/routes/offline')
const user = require('./routes/user')
const admin = require('./routes/admin')
const auction = require('./routes/auction')
const invoice = require('./routes/invoice')
const shipping = require('./routes/shipping')
const returnAPI = require('./routes/return')
const report = require('./routes/report')
const employee = require('./routes/employee')
const bidDeposit = require('./routes/bid_deposit')
const refund = require('./routes/refund')
const transaction = require('./routes/transaction')
const setting = require('./routes/setting')
const language = require('./routes/language')
const thirdParty = require('./routes/third_party')
const adminModule = require('./modules/admin').default
// const graphql = require('./graphql')
// const { CustomStatusError } = require('../../middleware/custom_error')
// const checkIPValidation = require('../../middleware/ip_whitelist');
const { accessLogStream, jsonResponse } = require('./controllers/logger')
// const checkip = new checkIPValidation();
const app = express.Router()
// graphql.applyMiddleware({ app });
const logDirect = path.join(__dirname, '../../../../public/logs/api/error')
if (!fs.existsSync(logDirect)) {
fs.mkdirSync(logDirect)
}
app.use(
morgan(':remote-addr - :remote-user [:date[web]] ":method :url HTTP/:http-version" :reqbody', {
immediate: true,
stream: accessLogStream,
}),
)
app.use(
morgan(':status :res[content-length] - :response-time ms"', {
immediate: false,
stream: accessLogStream,
}),
)
app.use(
morgan(
':remote-addr - :remote-user [:date[web]] ":method :url HTTP/:http-version" :status :res[header] :req[header] - :response-time ms ":referrer" ":user-agent" :reqbody',
{
stream: fs.createWriteStream(
path.join(__dirname, '../../../../public/logs/api/error/access.log'),
{ flags: 'a' },
),
skip(req, res) {
return res.statusCode < 400
},
},
),
)
const NotAuthenticated = async (req, res, next) => {
const bearerHeader = req.headers.authorization
if (typeof bearerHeader !== 'undefined') {
const bearer = bearerHeader.split(' ')
const bearerToken = bearer[1]
try {
const decoded = await jwt.verify(bearerToken, config.get('secret'))
req.token = bearerToken
const [results] = await Promise.all([adminModule.adminDetails(decoded.id)])
const [userValue] = results
req.user = userValue
return next()
} catch (err) {
console.log('login error', err)
jsonResponse(res, 'error', {
responseType: 403,
message: 'Session timed out!',
})
return false
}
// finally {
// let ipvalidated = checkip.checkIpValidation(req);
// if(ipvalidated[0]){
// next();
// } else {
// throw new CustomStatusError('IP '+ipvalidated[1]+' is not whitelisted', 403);
// }
// }
} else {
return next()
}
}
const Authenticated = async (req, res, next) => {
if (
req.originalUrl === '/api/admin/checkValidation' ||
req.originalUrl === '/api/admin/login' ||
req.originalUrl === '/api/admin/forgotPassword' ||
req.originalUrl === '/api/admin/resetPassword' ||
req.originalUrl === '/api/admin/setting/datatable_insert' ||
req.originalUrl === '/api/admin/setting/datatable_update' ||
req.originalUrl === '/api/common/getDefault'
) {
return next()
}
const bearerHeader = req.headers.authorization
if (typeof bearerHeader !== 'undefined') {
const bearer = bearerHeader.split(' ')
const bearerToken = bearer[1]
try {
const decoded = await jwt.verify(bearerToken, config.get('secret'))
req.token = bearerToken
const [results] = await Promise.all([adminModule.adminDetails(decoded.admin_id)])
const [userValue] = results
userValue.admin_id = userValue.id
delete userValue.id
req.user = userValue
return next()
} catch (err) {
console.log('login error', err)
jsonResponse(res, 'error', {
responseType: 403,
message: 'Session timed out!',
})
return false
}
// finally {
// let ipvalidated = checkip.checkIpValidation(req);
// if(ipvalidated[0]){
// next();
// } else {
// throw new CustomStatusError('IP '+ipvalidated[1]+' is not whitelisted', 403);
// }
// }
} else {
jsonResponse(res, 'error', {
responseType: 403,
message: 'No Bearer Token Available!',
})
return false
}
}
const AuthenticatedWithUser = async (req, res, next) => {
const bearerHeader = req.headers.authorization
if (typeof bearerHeader !== 'undefined' && req.body.user_id) {
const bearer = bearerHeader.split(' ')
const bearerToken = bearer[1]
try {
const decoded = await jwt.verify(bearerToken, config.get('secret'))
req.token = bearerToken
const [results] = await Promise.all([adminModule.userDetails(req.body.user_id)])
const [userValue] = results
userValue.admin_id = decoded.admin_id
req.user = userValue
return next()
} catch (err) {
console.log('login error', err)
jsonResponse(res, 'error', {
responseType: 403,
message: 'Session timed out!',
})
return false
}
// finally {
// let ipvalidated = checkip.checkIpValidation(req);
// if(ipvalidated[0]){
// next();
// } else {
// throw new CustomStatusError('IP '+ipvalidated[1]+' is not whitelisted', 403);
// }
// }
} else if (req.body.user_id) {
jsonResponse(res, 'error', {
responseType: 403,
message: 'No Bearer Token Available!',
})
return false
} else {
jsonResponse(res, 'error', {
responseType: 403,
message: 'No User ID Available!',
})
return false
}
}
/**
* Operations for Admin side.
*
* @namespace adminside
*/
app.use('/', Authenticated, admin)
app.use('/communication', Authenticated, communication)
app.use('/product', Authenticated, product)
app.use('/user/product', AuthenticatedWithUser, userProduct)
app.use('/user/bid', AuthenticatedWithUser, userBid)
app.use('/user/invoice', AuthenticatedWithUser, userInvoice)
app.use('/user/credit', AuthenticatedWithUser, userCredit)
app.use('/user/offline', AuthenticatedWithUser, userOffline)
app.use('/user/cart', AuthenticatedWithUser, userCart)
app.use('/user/shipping', AuthenticatedWithUser, userShipping)
app.use('/user/common', userCommon)
app.use('/user', Authenticated, user)
app.use('/auction', Authenticated, auction)
app.use('/invoice', Authenticated, invoice)
app.use('/shipping', Authenticated, shipping)
app.use('/return', Authenticated, returnAPI)
app.use('/report', Authenticated, report)
app.use('/refund', Authenticated, refund)
app.use('/employee', Authenticated, employee)
app.use('/bid_deposit', Authenticated, bidDeposit)
app.use('/transaction', Authenticated, transaction)
app.use('/setting', /* Authenticated, */ setting)
app.use('/language', Authenticated, language)
app.use('/user/video', Authenticated, userVideo)
app.use('/third_party', Authenticated, thirdParty)
app.use('/user/paymentThird', AuthenticatedWithUser, userpaymentThird)
module.exports = app