auth.getNewAPIKey - Code Metrics - Inspection of "Added form to request API key" - emilfolino/order_api - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 6f3ec2...7ccabd )

by Emil

created 2019-02-27 12:53 UTC

auth.getNewAPIKey A

↳ Parent: v2/models/auth.js

Complexity

Conditions	3
Paths	2

Size

Total Lines	29
Code Lines	16

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	9
CRAP Score	3.4098

Importance

Changes

Metric	Value
cc	3
eloc	16
nc	2
nop	2
dl	0
loc	29
ccs	9
cts	14
cp	0.6429
crap	3.4098
rs	9.6
c	0
b	0
f	0

1 Function

Rating	Name	Duplication	Size	Complexity
A		0	16	3

const db = require("../db/database.js");
const hat = require("hat");
const validator = require("email-validator");

const bcrypt = require('bcrypt');
const jwt = require('jsonwebtoken');

let config;

try {
    config = require('../../config/config.json');
} catch (error) {
    console.error(error);
}

const jwtSecret = process.env.JWT_SECRET || config.secret;

const auth = {
    checkAPIKey: function (req, res, next) {
        if ( req.path == '/') {
            return next();
        }

        if ( req.path == '/v2') {
            return next();
        }

        if ( req.path == '/auth/api_key') {
            return next();
        }

        if ( req.path == '/auth/api_key/confirmation') {
            return next();
        }

        auth.isValidAPIKey(req.query.api_key || req.body.api_key, next, req.path, res);

    },

    isValidAPIKey: function(apiKey, next, path, res) {
        db.get("SELECT email FROM apikeys WHERE key = ?", apiKey, (err, row) => {

            if (err) {
                return res.status(500).json({
                    errors: {
                        status: 500,
                        source: path,
                        title: "Database error",
                        detail: err.message
                    }
                });
            }

            if (row !== undefined) {
                return next();
            }

            return res.status(401).json({
                errors: {
                    status: 401,
                    source: path,
                    title: "Valid API key",
                    detail: "No valid API key provided."
                }
            });
        });
    },

    getNewAPIKey: function(res, email) {
        let data = {
            apiKey: ""
        };

        if (email === undefined || !validator.validate(email)) {
            data.message = "A valid email address is required to obtain an API key.";
            data.email = email;

            return res.render("api_key/form", data);
        }

        db.get("SELECT email, key FROM apikeys WHERE email = ?", email, (err, row) => {
            if (err) {
                data.message = "Database error: " + err.message;
                data.email = email;

                return res.render("api_key/form", data);
            }

            if (row !== undefined) {
                data.apiKey = row.key;

                return res.render("api_key/confirmation", data);
            }

            return auth.getUniqueAPIKey(res, email);
        });

    },

    getUniqueAPIKey: function(res, email) {
        const apiKey = hat();
        let data = {
            apiKey: ""
        };

        db.get("SELECT key FROM apikeys WHERE key = ?", apiKey, (err, row) => {
            if (err) {
                data.message = "Database error: " + err.message;
                data.email = email;

                return res.render("api_key/form", data);
            }

            if (row === undefined) {
                db.run("INSERT INTO apikeys (key, email) VALUES (?, ?)",
                    apiKey,
                    email, (err) => {
                        if (err) {
                            data.message = "Database error: " + err.message;
                            data.email = email;

                            return res.render("api_key/form", data);
                        }

                        data.apiKey = apiKey;

                        return res.render("api_key/confirmation", data);
                    });

            } else {
                return auth.getUniqueAPIKey(res, email);
            }
        });
    },

    login: function(res, body) {
        const email = body.email;
        const password = body.password;
        const apiKey = body.api_key;

        if (!email || !password) {
            return res.status(401).json({
                errors: {
                    status: 401,
                    source: "/login",
                    title: "Email or password missing",
                    detail: "Email or password missing in request"
                }
            });
        }

        db.get("SELECT * FROM users WHERE apiKey = ? AND email = ?",
            apiKey,
            email,
            (err, rows) => {

                if (err) {
                    return res.status(500).json({
                        errors: {
                            status: 500,
                            source: "/login",
                            title: "Database error",
                            detail: err.message
                        }
                    });
                }

                if (rows === undefined) {
                    return res.status(401).json({
                        errors: {
                            status: 401,
                            source: "/login",
                            title: "User not found",
                            detail: "User with provided email not found."
                        }
                    });
                }

                const user = rows;

                bcrypt.compare(password, user.password, (err, result) => {
                    if (err) {
                        return res.status(500).json({
                            errors: {
                                status: 500,
                                source: "/login",
                                title: "bcrypt error",
                                detail: "bcrypt error"
                            }
                        });
                    }

                    if (result) {
                        let payload = { api_key: user.apiKey, email: user.email };
                        let jwtToken = jwt.sign(payload, jwtSecret, { expiresIn: '24h' });

                        return res.json({
                            data: {
                                type: "success",
                                message: "User logged in",
                                user: payload,
                                token: jwtToken
                            }
                        });
                    }

                    return res.status(401).json({
                        errors: {
                            status: 401,
                            source: "/login",
                            title: "Wrong password",
                            detail: "Password is incorrect."
                        }
                    });
                });

            });

    },

    register: function(res, body) {
        const email = body.email;
        const password = body.password;
        const apiKey = body.api_key;

        if (!email || !password) {
            return res.status(401).json({
                errors: {
                    status: 401,
                    source: "/register",
                    title: "Email or password missing",
                    detail: "Email or password missing in request"
                }
            });
        }

        bcrypt.hash(password, 10, function(err, hash) {

            if (err) {
                return res.status(500).json({
                    errors: {
                        status: 500,
                        source: "/register",
                        title: "bcrypt error",
                        detail: "bcrypt error"
                    }
                });
            }

            db.run("INSERT INTO users (apiKey, email, password) VALUES (?, ?, ?)",
                apiKey,
                email,
                hash, (err) => {
                    if (err) {
                        return res.status(500).json({
                            errors: {
                                status: 500,
                                source: "/register",
                                title: "Database error",
                                detail: err.message
                            }
                        });
                    }

                    return res.status(201).json({
                        data: {
                            message: "User successfully registered."
                        }
                    });
                });

        });

    },

    checkToken: function(req, res, next) {
        var token = req.headers['x-access-token'];

        if (token) {

            jwt.verify(token, jwtSecret, function(err, decoded) {
                if (err) {
                    return res.status(500).json({
                        errors: {
                            status: 500,
                            source: req.path,
                            title: "Failed authentication",
                            detail: err.message
                        }
                    });
                }

                req.user = {};
                req.user.api_key = decoded.api_key;
                req.user.email = decoded.email;

                next();

                return undefined;
            });

        } else {
            return res.status(401).json({
                errors: {
                    status: 401,
                    source: req.path,
                    title: "No token",
                    detail: "No token provided in request headers"
                }
            });
        }
    }
};

module.exports = auth;


1	1		const db = require("../db/database.js");
2	1		const hat = require("hat");
3	1		const validator = require("email-validator");
4
5	1		const bcrypt = require('bcrypt');
6	1		const jwt = require('jsonwebtoken');
7
8			let config;
9
10	1		try {
11	1		config = require('../../config/config.json');
12			} catch (error) {
13	1		console.error(error);
14			}
15
16	2		const jwtSecret = process.env.JWT_SECRET \|\| config.secret;
17
18	1		const auth = {
19			checkAPIKey: function (req, res, next) {
20	108		if ( req.path == '/') {
21	1		return next();
22			}
23
24	107		if ( req.path == '/v2') {
25			return next();
26			}
27
28	107		if ( req.path == '/auth/api_key') {
29	1		return next();
30			}
31
32	106		if ( req.path == '/auth/api_key/confirmation') {
33	11		return next();
34			}
35
36	95		auth.isValidAPIKey(req.query.api_key \|\| req.body.api_key, next, req.path, res);
			0 ignored issues – show Best Practice introduced 2019-02-22 14:50 UTC by Report Bug Copy Issue Report There is no `return` statement in this branch, but you do return something in other branches. Did you maybe miss it? If you do not want to return anything, consider adding `return undefined;` explicitly. Loading history...
37			},
38
39			isValidAPIKey: function(apiKey, next, path, res) {
40	95	View Code Duplication	db.get("SELECT email FROM apikeys WHERE key = ?", apiKey, (err, row) => {
			0 ignored issues – show Duplication introduced 2019-02-22 14:50 UTC by Report Bug Copy Issue Report This code seems to be duplicated in your project. Loading history...
41	95		if (err) {
42			return res.status(500).json({
43			errors: {
44			status: 500,
45			source: path,
46			title: "Database error",
47			detail: err.message
48			}
49			});
50			}
51
52	95		if (row !== undefined) {
53	86		return next();
54			}
55
56	9		return res.status(401).json({
57			errors: {
58			status: 401,
59			source: path,
60			title: "Valid API key",
61			detail: "No valid API key provided."
62			}
63			});
64			});
65			},
66
67			getNewAPIKey: function(res, email) {
68	9		let data = {
69			apiKey: ""
70			};
71
72	9		if (email === undefined \|\| !validator.validate(email)) {
73	1		data.message = "A valid email address is required to obtain an API key.";
74	1		data.email = email;
75
76	1		return res.render("api_key/form", data);
77			}
78
79	8		db.get("SELECT email, key FROM apikeys WHERE email = ?", email, (err, row) => {
80	8		if (err) {
81			data.message = "Database error: " + err.message;
82			data.email = email;
83
84			return res.render("api_key/form", data);
85			}
86
87	8		if (row !== undefined) {
88			data.apiKey = row.key;
89
90			return res.render("api_key/confirmation", data);
91			}
92
93	8		return auth.getUniqueAPIKey(res, email);
94			});
			0 ignored issues – show Best Practice introduced 2019-02-13 10:24 UTC by Report Bug Copy Issue Report There is no `return` statement in this branch, but you do return something in other branches. Did you maybe miss it? If you do not want to return anything, consider adding `return undefined;` explicitly. Loading history...
95			},
96
97			getUniqueAPIKey: function(res, email) {
98	8		const apiKey = hat();
99	8		let data = {
100			apiKey: ""
101			};
102
103	8		db.get("SELECT key FROM apikeys WHERE key = ?", apiKey, (err, row) => {
104	8		if (err) {
105			data.message = "Database error: " + err.message;
106			data.email = email;
107
108			return res.render("api_key/form", data);
109			}
110
111	8		if (row === undefined) {
112	8		db.run("INSERT INTO apikeys (key, email) VALUES (?, ?)",
113			apiKey,
114			email, (err) => {
115	8		if (err) {
116			data.message = "Database error: " + err.message;
117			data.email = email;
118
119			return res.render("api_key/form", data);
120			}
121
122	8		data.apiKey = apiKey;
123
124	8		return res.render("api_key/confirmation", data);
125			});
			0 ignored issues – show Best Practice introduced 2019-02-27 12:56 UTC by Report Bug Copy Issue Report There is no `return` statement in this branch, but you do return something in other branches. Did you maybe miss it? If you do not want to return anything, consider adding `return undefined;` explicitly. Loading history...
126			} else {
127			return auth.getUniqueAPIKey(res, email);
128			}
129			});
130			},
131
132			login: function(res, body) {
133	6		const email = body.email;
134	6		const password = body.password;
135	6		const apiKey = body.api_key;
136
137	6		if (!email \|\| !password) {
138	2		return res.status(401).json({
139			errors: {
140			status: 401,
141			source: "/login",
142			title: "Email or password missing",
143			detail: "Email or password missing in request"
144			}
145			});
146			}
147
148	4		db.get("SELECT * FROM users WHERE apiKey = ? AND email = ?",
149			apiKey,
150			email,
151		View Code Duplication	(err, rows) => {
			0 ignored issues – show Duplication introduced 2019-02-25 13:54 UTC by Report Bug Copy Issue Report This code seems to be duplicated in your project. Loading history...
152	4		if (err) {
153			return res.status(500).json({
154			errors: {
155			status: 500,
156			source: "/login",
157			title: "Database error",
158			detail: err.message
159			}
160			});
161			}
162
163	4		if (rows === undefined) {
164	1		return res.status(401).json({
165			errors: {
166			status: 401,
167			source: "/login",
168			title: "User not found",
169			detail: "User with provided email not found."
170			}
171			});
172			}
173
174	3		const user = rows;
175
176	3		bcrypt.compare(password, user.password, (err, result) => {
177	3		if (err) {
178			return res.status(500).json({
179			errors: {
180			status: 500,
181			source: "/login",
182			title: "bcrypt error",
183			detail: "bcrypt error"
184			}
185			});
186			}
187
188	3		if (result) {
189	2		let payload = { api_key: user.apiKey, email: user.email };
190	2		let jwtToken = jwt.sign(payload, jwtSecret, { expiresIn: '24h' });
191
192	2		return res.json({
193			data: {
194			type: "success",
195			message: "User logged in",
196			user: payload,
197			token: jwtToken
198			}
199			});
200			}
201
202	1		return res.status(401).json({
203			errors: {
204			status: 401,
205			source: "/login",
206			title: "Wrong password",
207			detail: "Password is incorrect."
208			}
209			});
210			});
			0 ignored issues – show Best Practice introduced 2019-02-13 10:24 UTC by Report Bug Copy Issue Report There is no `return` statement in this branch, but you do return something in other branches. Did you maybe miss it? If you do not want to return anything, consider adding `return undefined;` explicitly. Loading history...
211			});
			0 ignored issues – show Best Practice introduced 2019-02-13 10:24 UTC by Report Bug Copy Issue Report There is no `return` statement in this branch, but you do return something in other branches. Did you maybe miss it? If you do not want to return anything, consider adding `return undefined;` explicitly. Loading history...
212			},
213
214			register: function(res, body) {
215	5		const email = body.email;
216	5		const password = body.password;
217	5		const apiKey = body.api_key;
218
219	5		if (!email \|\| !password) {
220	2		return res.status(401).json({
221			errors: {
222			status: 401,
223			source: "/register",
224			title: "Email or password missing",
225			detail: "Email or password missing in request"
226			}
227			});
228			}
229
230	3	View Code Duplication	bcrypt.hash(password, 10, function(err, hash) {
			0 ignored issues – show Duplication introduced 2019-02-22 14:50 UTC by Report Bug Copy Issue Report This code seems to be duplicated in your project. Loading history...
231	3		if (err) {
232			return res.status(500).json({
233			errors: {
234			status: 500,
235			source: "/register",
236			title: "bcrypt error",
237			detail: "bcrypt error"
238			}
239			});
240			}
241
242	3		db.run("INSERT INTO users (apiKey, email, password) VALUES (?, ?, ?)",
243			apiKey,
244			email,
245			hash, (err) => {
246	3		if (err) {
247	1		return res.status(500).json({
248			errors: {
249			status: 500,
250			source: "/register",
251			title: "Database error",
252			detail: err.message
253			}
254			});
255			}
256
257	2		return res.status(201).json({
258			data: {
259			message: "User successfully registered."
260			}
261			});
262			});
			0 ignored issues – show Best Practice introduced 2019-02-13 10:24 UTC by Report Bug Copy Issue Report There is no `return` statement in this branch, but you do return something in other branches. Did you maybe miss it? If you do not want to return anything, consider adding `return undefined;` explicitly. Loading history...
263			});
			0 ignored issues – show Best Practice introduced 2019-02-13 10:24 UTC by Report Bug Copy Issue Report There is no `return` statement in this branch, but you do return something in other branches. Did you maybe miss it? If you do not want to return anything, consider adding `return undefined;` explicitly. Loading history...
264			},
265
266			checkToken: function(req, res, next) {
267	14		var token = req.headers['x-access-token'];
268
269	14	View Code Duplication	if (token) {
			0 ignored issues – show Duplication introduced 2019-02-25 13:54 UTC by Report Bug Copy Issue Report This code seems to be duplicated in your project. Loading history...
270	11		jwt.verify(token, jwtSecret, function(err, decoded) {
271	11		if (err) {
272			return res.status(500).json({
273			errors: {
274			status: 500,
275			source: req.path,
276			title: "Failed authentication",
277			detail: err.message
278			}
279			});
280			}
281
282	11		req.user = {};
283	11		req.user.api_key = decoded.api_key;
284	11		req.user.email = decoded.email;
285
286	11		next();
287
288	11		return undefined;
289			});
			0 ignored issues – show Best Practice introduced 2019-02-13 10:24 UTC by Report Bug Copy Issue Report There is no `return` statement in this branch, but you do return something in other branches. Did you maybe miss it? If you do not want to return anything, consider adding `return undefined;` explicitly. Loading history...
290			} else {
291	3		return res.status(401).json({
292			errors: {
293			status: 401,
294			source: req.path,
295			title: "No token",
296			detail: "No token provided in request headers"
297			}
298			});
299			}
300			}
301			};
302
303			module.exports = auth;
304

emilfolino / order_api

Push — master ( 6f3ec2...7ccabd )

auth.getNewAPIKey A

Complexity

Size

Duplication

Code Coverage

Importance

1 Function

Duplication Side-by-Side

Filter issues like