-
Notifications
You must be signed in to change notification settings - Fork 8
/
server.js
321 lines (264 loc) · 8.93 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
_RESTstop = function() {
this._routes = [];
this._config = {
use_auth: false,
api_path: '/api',
pretty_json: false,
bodyParser: {},
onLoggedIn: function() {},
onLoggedOut: function() {}
};
this._started = false;
this._configured = false;
};
// simply match this path to this function
_RESTstop.prototype.add = function(path, options, endpoint) {
var self = this;
if(path[0] != "/") path = "/" + path;
// Start serving on first add() call
if(!this._started){
this._start();
}
if (_.isObject(path) && ! _.isRegExp(path)) {
_.each(path, function(endpoint, p) {
self.add(p, endpoint);
});
} else {
if (! endpoint) {
// no options were supplied so 2nd parameter is the endpoint
endpoint = options;
options = null;
}
if (! _.isFunction(endpoint)) {
endpoint = _.bind(_.identity, null, endpoint);
}
self._routes.push([new RESTstop.Route(self._config.api_path, path, options), endpoint]);
}
};
_RESTstop.prototype.match = function(request, response) {
for (var i = 0; i < this._routes.length; i++) {
var params = {}, route = this._routes[i];
if (route[0].match(request.url, request.method, params)) {
context = {request: request, response: response, params: params};
var args = [];
for (var key in context.params)
args.push(context.params[key]);
if(request.method == "POST" || request.method == "PUT") {
_.extend(context.params, request.body);
}
if(request.method == "GET" || _.size(request.query)) {
_.extend(context.params, request.query);
}
if(this._config.use_auth) {
context.user = false;
var userId = context.params.userId;
var loginToken = context.params.loginToken;
if(request.headers['x-login-token']) {
loginToken = request.headers['x-login-token'];
}
if(request.headers['x-user-id']) {
userId = request.headers['x-user-id'];
}
// Get the user object
if(userId && loginToken) {
context.user = Meteor.users.findOne({
_id: userId,
"services.resume.loginTokens.token": loginToken
});
}
// Return an error if no user and login required
if(route[0].options.require_login && !context.user) {
return [403, {success: false, message: "You must be logged in to do this."}];
}
}
try {
return route[1].apply(context, args);
} catch (e) {
return [e.error || 404, {success: false, message: e.reason || e.message}];
}
}
}
return false;
};
_RESTstop.prototype.configure = function(config){
if(this._configured){
throw new Error("RESTstop.configure() can only be called once");
}
this._configured = true;
_.extend(this._config, config);
if(this._config.api_path[0] != "/") {
this._config.api_path = "/" +this._config.api_path;
}
RoutePolicy.declare('/' + this._config.api_path + '/', 'network');
for (var i = 0; i< this._routes.length; i++) {
var route = this._routes[i]
, newRoute = [
new RESTstop.Route(this._config.api_path, route[0].originalPath, route[0].options),
route[1]
];
this._routes[i] = newRoute;
}
if(this._config.use_auth) {
RESTstop.initAuth();
}
};
_RESTstop.prototype._start = function(){
var self = this;
if(this._started){
throw new Error("RESTstop has already been started");
}
this._started = true;
// hook up the serving
var self = this,
connect = Npm.require("connect");
WebApp.connectHandlers.use(connect.query());
WebApp.connectHandlers.use(connect.bodyParser(this._config.bodyParser));
WebApp.connectHandlers.use(function(req, res, next) {
if (req.url.slice(0, self._config.api_path.length) !== self._config.api_path) {
return next();
}
// need to wrap in a fiber in case they do something async
// (e.g. in the database)
if(typeof(Fiber)=="undefined") Fiber = Npm.require('fibers');
Fiber(function() {
res.statusCode = 200; // 200 response, by default
var output = RESTstop.match(req, res);
if (output === false) {
output = [404, {success: false, message:'API method not found'}];
}
// parse out the various type of response we can have
// array can be
// [content], [status, content], [status, headers, content]
if (_.isArray(output)) {
// copy the array so we aren't actually modifying it!
output = output.slice(0);
if (output.length === 3) {
var headers = output.splice(1, 1)[0];
_.each(headers, function(value, key) {
res.setHeader(key, value);
});
}
if (output.length === 2) {
res.statusCode = output.shift();
}
output = output[0];
}
if (_.isNumber(output)) {
res.statusCode = output;
output = '';
}
if(_.isObject(output)) {
if (self._config.pretty_json) {
output = JSON.stringify(output, null, " ");
} else {
output = JSON.stringify(output);
}
if (!res.getHeader("Content-Type")) {
res.setHeader("Content-Type", "text/json");
}
}
return res.end(output);
}).run();
});
};
_RESTstop.prototype.call = function (context, name, args) {
var args = Array.prototype.slice.call(arguments, 2);
return this._apply(context, name, args, 'method_handlers');
};
_RESTstop.prototype.apply = function (context, name, args) {
return this._apply(context, name, args, 'method_handlers');
};
_RESTstop.prototype.getPublished = function (context, name, args) {
return this._apply(context, name, args, 'publish_handlers');
};
MethodInvocation = function (options) {
var self = this;
// true if we're running not the actual method, but a stub (that is,
// if we're on a client (which may be a browser, or in the future a
// server connecting to another server) and presently running a
// simulation of a server-side method for latency compensation
// purposes). not currently true except in a client such as a browser,
// since there's usually no point in running stubs unless you have a
// zero-latency connection to the user.
this.isSimulation = options.isSimulation;
// call this function to allow other method invocations (from the
// same client) to continue running without waiting for this one to
// complete.
this._unblock = options.unblock || function () {};
this._calledUnblock = false;
// current user id
this.userId = options.userId;
// sets current user id in all appropriate server contexts and
// reruns subscriptions
this._setUserId = options.setUserId || function () {};
// used for associating the connection with a login token so that the
// connection can be closed if the token is no longer valid
this._setLoginToken = options._setLoginToken || function () {};
// Scratch data scoped to this connection (livedata_connection on the
// client, livedata_session on the server). This is only used
// internally, but we should have real and documented API for this
// sort of thing someday.
this._sessionData = options.sessionData;
};
_.extend(MethodInvocation.prototype, {
unblock: function () {
var self = this;
self._calledUnblock = true;
self._unblock();
},
setUserId: function(userId) {
var self = this;
if (self._calledUnblock)
throw new Error("Can't call setUserId in a method after calling unblock");
self.userId = userId;
self._setUserId(userId);
},
_setLoginToken: function (token) {
this._setLoginToken(token);
this._sessionData.loginToken = token;
},
_getLoginToken: function (token) {
return this._sessionData.loginToken;
}
});
_RESTstop.prototype._apply = function (context, name, args, handler_name) {
var self = Meteor.default_server;
// Run the handler
var handler = self[handler_name][name];
var exception;
if (!handler) {
exception = new Meteor.Error(404, "Method not found");
} else {
var userId = context.user ? context.user._id : null;
var setUserId = function() {
throw new Error("Can't call setUserId on a server initiated method call");
};
var invocation = new MethodInvocation({
isSimulation: false,
userId: userId,
setUserId: setUserId,
sessionData: self.sessionData
});
try {
var result = DDP._CurrentInvocation.withValue(invocation, function () {
return maybeAuditArgumentChecks(
handler, invocation, args, "internal call to '" + name + "'");
});
} catch (e) {
exception = e;
}
}
if (exception)
throw exception;
return result;
};
var maybeAuditArgumentChecks = function (f, context, args, description) {
args = args || [];
if (Package['audit-argument-checks']) {
return Match._failIfArgumentsAreNotAllChecked(
f, context, args, description);
}
return f.apply(context, args);
};
// Make the router available
RESTstop = new _RESTstop();