70 lines
No EOL
2.6 KiB
JavaScript
70 lines
No EOL
2.6 KiB
JavaScript
// This file contains the routes for the the account linking process on the student side.
|
|
|
|
let express = require('express');
|
|
let router = express.Router();
|
|
let passport = require('passport');
|
|
let directory = require('../directory.js');
|
|
let database = require('../config/database.js');
|
|
let uuid = require('uuid');
|
|
|
|
function storePairingCode(upn, pairing_code) {
|
|
// If a student-pairing_code pair already exists, update the pairing code
|
|
// Else, insert a new student-pairing_code pair
|
|
let sql = 'INSERT INTO ps_pairing_codes (upn, pairing_code) VALUES (?, ?) ON DUPLICATE KEY UPDATE pairing_code = ?';
|
|
let values = [upn, pairing_code, pairing_code];
|
|
database.query(sql, values, function (err, result) {
|
|
if (err) {
|
|
console.log('Error:', err);
|
|
} else {
|
|
console.log('Pairing code stored');
|
|
}
|
|
});
|
|
}
|
|
|
|
router.get('/student/:upn/pairing-code', function (req, res) {
|
|
if(!req.isAuthenticated()) {
|
|
return res.status(401).send('Unauthorized');
|
|
}
|
|
if (req.user.userType !== directory.USER_TYPE.STUDENT) {
|
|
return res.status(403).send('Forbidden, not a student');
|
|
}
|
|
let upn = req.params.upn;
|
|
// Is the logged in user a student with the same UPN as the one in the URL?
|
|
// If not, return a 403 Forbidden response
|
|
if (req.user.username !== upn) {
|
|
console.log('UPN mismatch');
|
|
console.log('req.user.upn:', req.user.upn);
|
|
console.log('upn:', upn);
|
|
return res.status(403).send('Forbidden, UPN mismatch');
|
|
}
|
|
// Generate a uuid (v4) as the pairing code
|
|
let pairing_code = uuid.v4();
|
|
// Store the pairing code in the database
|
|
storePairingCode(upn, pairing_code);
|
|
// Return the pairing code
|
|
res.send(pairing_code);
|
|
});
|
|
|
|
router.get('/student/:upn', function (req, res) {
|
|
if(!req.isAuthenticated()) {
|
|
return res.status(401).send('Unauthorized');
|
|
}
|
|
if (req.user.userType !== directory.USER_TYPE.STUDENT) {
|
|
return res.status(403).send('Forbidden, not a student');
|
|
}
|
|
let upn = req.params.upn;
|
|
// Is the logged in user a student with the same UPN as the one in the URL?
|
|
// If not, return a 403 Forbidden response
|
|
if (req.user.username !== upn) {
|
|
return res.status(403).send('Forbidden, UPN mismatch');
|
|
}
|
|
// Return the student's details in the response in JSON format
|
|
allowedAttributes = ['username', 'first_name', 'last_name'];
|
|
let student = {};
|
|
allowedAttributes.forEach(function (attribute) {
|
|
student[attribute] = req.user[attribute];
|
|
});
|
|
res.json(student);
|
|
});
|
|
|
|
module.exports = router; |