Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
import {Body, Post, Put, Param, JsonController, UseBefore, BadRequestError, Authorized, Get} from 'routing-controllers';
import passportJwtMiddleware from '../security/passportJwtMiddleware';
import {UnitBaseController} from './UnitBaseController';
import {TaskUnit} from '../models/units/TaskUnit';
import {ITask} from '../../../shared/models/task/ITask';
import {ITaskModel, Task} from '../models/Task';
import {ITaskUnit} from '../../../shared/models/units/ITaskUnit';
@JsonController('/units/tasks')
@UseBefore(passportJwtMiddleware)
export class TaskUnitController extends UnitBaseController {
@Authorized(['teacher', 'admin'])
@Post('/')
addTaskUnit(@Body() data: any) {
// discard invalid requests
this.checkPostParam(data);
const tasks: ITask[] = data.model.tasks;
data.model.tasks = [];
return Promise.all(tasks.map(this.addTask))
.then((savedTasks) => {
for (let i = 0; i < savedTasks.length; i++) {
const savedTask: ITaskModel = savedTasks[i];
data.model.tasks.push(savedTask._id);
import {Request} from 'express';
import {Body, Get, Post, Put, Param, Req, JsonController, UseBefore, Delete, NotFoundError} from 'routing-controllers';
import passportJwtMiddleware from '../security/passportJwtMiddleware';
import {Task} from '../models/Task';
import {ITask} from '../../../shared/models/task/ITask';
import {Unit} from '../models/units/Unit';
@JsonController('/tasks')
@UseBefore(passportJwtMiddleware)
export class TaskController {
@Get('/')
getTasks() {
return Task.find({}).sort({ createdAt: -1 })
.then((tasks) => tasks.map((t) => t.toObject()));
}
@Get('/:id')
getTask(@Param('id') id: string) {
return Task.findById(id)
.then((t) => t.toObject());
}
@Post('/')
addTask(@Body() task: ITask, @Req() request: Request) {
import {Request} from 'express';
import {
Body, Post, Param, Req, JsonController, UseBefore, Authorized, InternalServerError
} from 'routing-controllers';
import passportJwtMiddleware from '../security/passportJwtMiddleware';
import {IUnit} from '../../../shared/models/units/IUnit';
import {ILectureModel, Lecture} from '../models/Lecture';
import {IUnitModel, Unit} from '../models/units/Unit';
import {Course, ICourseModel} from '../models/Course';
import {ILecture} from '../../../shared/models/ILecture';
import {ICourse} from '../../../shared/models/ICourse';
@JsonController('/duplicate')
@UseBefore(passportJwtMiddleware)
@Authorized(['teacher', 'admin'])
export class DuplicationController {
/**
* @api {post} /api/duplicate/course/:id Duplicate course
* @apiName PostDuplicateCourse
* @apiGroup Duplication
* @apiPermission teacher
* @apiPermission admin
*
* @apiParam {String} id Course ID.
* @apiParam {Object} data Course data (with courseAdmin).
* @apiParam {Request} request Request.
*
* @apiSuccess {Course} course Duplicated course.
*
/**
* @api {put} /api/config/:id Update config
* @apiName PutConfig
* @apiGroup Config
* @apiPermission admin
*
* @apiParam {String} id Config name (e.g. legalnotice).
* @apiParam {Object} data New data (with single 'data' string property).
*
* @apiSuccess {Object} result Empty object.
*
* @apiSuccessExample {json} Success-Response:
* {}
*
*/
@UseBefore(passportJwtMiddleware)
@Authorized(['admin'])
@Put('/:id')
async putConfig(@Param('id') name: string, @BodyParam('data') value: string) {
await Config.findOneAndUpdate(
{name},
{name, value},
{'upsert': true, 'new': true}
);
return {};
}
/**
* @api {get} /api/config/:id Request config
* @apiName GetConfig
* @apiGroup Config
* @apiPermission admin
import { IBytesBlock, SignedAndChainedBlockType } from '../logic';
import { IBaseTransaction, IBytesTransaction } from '../logic/transactions';
import { BlocksModel, TransactionsModel } from '../models';
import transportSchema from '../schema/transport';
import { APIError } from './errors';
import { AttachPeerHeaders } from './utils/attachPeerHeaders';
import { ValidatePeerHeaders } from './utils/validatePeerHeaders';
import { requestSymbols } from './requests/requestSymbols';
import { RequestFactoryType } from './requests/requestFactoryType';
import { PostBlocksRequest, PostBlocksRequestDataType } from './requests/PostBlocksRequest';
import { PostTransactionsRequest, PostTransactionsRequestDataType } from './requests/PostTransactionsRequest';
@Controller('/v2/peer')
@injectable()
@IoCSymbol(Symbols.api.transportV2)
@UseBefore(ValidatePeerHeaders)
@UseBefore(AttachPeerHeaders)
@ContentType('application/octet-stream')
export class TransportV2API {
@inject(Symbols.generic.zschema)
public schema: z_schema;
@inject(Symbols.logic.block)
private blockLogic: IBlockLogic;
@inject(Symbols.logic.transaction)
private transactionLogic: ITransactionLogic;
@inject(Symbols.modules.blocks)
private blocksModule: IBlocksModule;
@inject(Symbols.modules.blocksSubModules.utils)
private blocksModuleUtils: IBlocksModuleUtils;
@inject(Symbols.helpers.bus)
private bus: Bus;
@inject(Symbols.helpers.constants)
delegates: [params.publicKey],
enabled : this.forgeModule.isForgeEnabledOn(params.publicKey),
};
} else {
const delegates = this.forgeModule.getEnabledKeys();
return {
delegates,
enabled: delegates.length > 0,
};
}
}
@Post('/forging/enable')
@ValidateSchema()
@UseBefore(ForgingApisWatchGuard)
public async forgingEnable(@SchemaValid(schema.disableForging)
@Body() params: { secret: string, publicKey: string }) {
const kp = this.ed.makeKeypair(crypto
.createHash('sha256').update(params.secret, 'utf8')
.digest());
const pk = kp.publicKey.toString('hex');
if (params.publicKey && pk !== params.publicKey) {
throw new APIError('Invalid passphrase', 200);
}
if (this.forgeModule.isForgeEnabledOn(pk)) {
throw new APIError('Forging is already enabled', 200);
}
const account = await this.accounts.getAccount({ publicKey: kp.publicKey });
Authorized,
BadRequestError, Body, CurrentUser, Get, JsonController, Param, Post, Put,
UseBefore
} from 'routing-controllers';
import passportJwtMiddleware from '../security/passportJwtMiddleware';
import {Progress} from '../models/Progress';
import {IProgress} from '../../../shared/models/IProgress';
import {IUser} from '../../../shared/models/IUser';
import * as mongoose from 'mongoose';
import ObjectId = mongoose.Types.ObjectId;
import {Course} from '../models/Course';
import {ILecture} from '../../../shared/models/ILecture';
import {IUnit} from '../../../shared/models/units/IUnit';
@JsonController('/report')
@UseBefore(passportJwtMiddleware)
@Authorized(['teacher', 'admin'])
export class ReportController {
@Get('/units/:id')
getUnitProgress(@Param('id') id: string) {
return Progress.find({'unit': id})
.then((progresses) => progresses.map((progress) => progress.toObject({virtuals: true})));
}
@Get('/overview/courses/:id')
getCourseOverview(@Param('id') id: string) {
const coursePromise = Course.findOne({_id: id})
.select({
name: 1,
lectures: 1,
students: 1
destination: (req: any, file: any, cb: any) => {
cb(null, 'tmp/');
},
filename: (req: any, file: any, cb: any) => {
const extPos = file.originalname.lastIndexOf('.');
const ext = (extPos !== -1) ? `.${file.originalname.substr(extPos + 1).toLowerCase()}` : '';
crypto.pseudoRandomBytes(16, (err, raw) => {
cb(err, err ? undefined : `${raw.toString('hex')}${ext}`);
});
}
}),
};
@JsonController('/courses')
@UseBefore(passportJwtMiddleware)
export class CourseController {
parser: ObsCsvController = new ObsCsvController();
/**
* @api {get} /api/courses/ Request courses of current user
* @apiName GetCourses
* @apiGroup Course
*
* @apiParam {IUser} currentUser Currently logged in user.
*
* @apiSuccess {Course[]} courses List of courses.
*
* @apiSuccessExample {json} Success-Response:
* [
* {
const uploadOptions = {
storage: multer.diskStorage({
destination: (req: any, file: any, cb: any) => {
cb(null, config.uploadFolder);
},
filename: (req: any, file: any, cb: any) => {
crypto.pseudoRandomBytes(16, (err, raw) => {
cb(err, err ? undefined : raw.toString('hex') + path.extname(file.originalname));
});
}
}),
};
@JsonController('/media')
@UseBefore(passportJwtMiddleware)
export class MediaController {
@Authorized(['student', 'teacher', 'admin'])
@Get('/directory/:id')
async getDirectory(@Param('id') directoryId: string) {
const directory = await Directory.findById(directoryId);
return directory.toObject();
}
@Authorized(['student', 'teacher', 'admin'])
@Get('/directory/:id/lazy')
async getDirectoryLazy(@Param('id') directoryId: string) {
const directory = await Directory.findById(directoryId)
.populate('subDirectories')
.populate('files');
return directory.toObject();
}
@ValidateSchema()
public async getUnconfirmedTx(
@SchemaValid(schema.getPooledTransaction.properties.id)
@QueryParam('id')
id: string
) {
if (!this.pool.unconfirmed.has(id)) {
throw new HTTPError('Transaction not found', 200);
}
const { tx } = this.pool.unconfirmed.get(id);
return { transaction: this.TXModel.toTransportTransaction(tx) };
}
@Post()
@ValidateSchema()
@UseBefore(PrivateApisGuard)
public async localCreate(@SchemaValid(schema.addTransactions, {
castNumbers: true,
})
@Body()
body: {
secret: string;
recipientId: string;
amount: number;
secondSecret?: string;
}) {
const kp = RiseV2.deriveKeypair(body.secret);
const skp = body.secondSecret
? RiseV2.deriveKeypair(body.secondSecret)
: undefined;
const transaction = RiseV2.txs.createAndSign(