Add admin API

Readme.md

@@ -60,3 +60,6 @@ This fixes the causes of lint warnings (where possible).
 - STATUS_MESSAGE
   - a message which is shown to all users in the overview screen
   - default: null/ no shown message
+- ADMIN_TOKEN
+  - a password which allows to use some APIs
+  - admin APIs are disabled when this is not set

package-lock.json

@@ -51,6 +51,15 @@
         "@types/babel-types": "*"
       }
     },
+    "@types/basic-auth": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/@types/basic-auth/-/basic-auth-1.1.2.tgz",
+      "integrity": "sha512-NzkkcC+gkkILWaBi3+/z/3do6Ybk6TWeTqV5zCVXmG2KaBoT5YqlJvfqP44HCyDA+Cu58pp7uKAxy/G58se/TA==",
+      "dev": true,
+      "requires": {
+        "@types/node": "*"
+      }
+    },
     "@types/bluebird": {
       "version": "3.5.23",
       "resolved": "https://registry.npmjs.org/@types/bluebird/-/bluebird-3.5.23.tgz",
@@ -655,6 +664,14 @@
       "resolved": "https://registry.npmjs.org/base64id/-/base64id-1.0.0.tgz",
       "integrity": "sha1-R2iMuZu2gE8OBtPnY7HDLlfY5rY="
     },
+    "basic-auth": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.1.tgz",
+      "integrity": "sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg==",
+      "requires": {
+        "safe-buffer": "5.1.2"
+      }
+    },
     "bcrypt-pbkdf": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz",

package.json

@@ -24,6 +24,7 @@
   },
   "homepage": "https://gitlab.com/timelimit.io/timelimit-server-2018#README",
   "devDependencies": {
+    "@types/basic-auth": "^1.1.2",
     "@types/body-parser": "^1.17.0",
     "@types/email-templates": "^3.5.0",
     "@types/express": "^4.16.0",
@@ -41,6 +42,7 @@
   },
   "dependencies": {
     "ajv": "^6.5.2",
+    "basic-auth": "^2.0.1",
     "body-parser": "^1.18.3",
     "ejs": "^2.6.1",
     "email-templates": "^5.0.4",

src/api/admin.ts

@@ -0,0 +1,24 @@
+/*
+ * server component for the TimeLimit App
+ * Copyright (C) 2019 Jonas Lochmann
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+ import { Router } from 'express'
+
+export const createAdminRouter = () => {
+  const router = Router()
+
+  return router
+}

src/api/index.ts

@@ -24,6 +24,10 @@ import { createChildRouter } from './child'
 import { createParentRouter } from './parent'
 import { createPurchaseRouter } from './purchase'
 import { createSyncRouter } from './sync'
+import { createAdminRouter } from './admin'
+import * as basicAuth from 'basic-auth'
+
+const adminToken = process.env.ADMIN_TOKEN || ''
 
 export const createApi = ({ database, websocket, connectedDevicesManager }: {
   database: Database
@@ -46,5 +50,22 @@ export const createApi = ({ database, websocket, connectedDevicesManager }: {
   app.use('/purchase', createPurchaseRouter({ database, websocket }))
   app.use('/sync', createSyncRouter({ database, websocket, connectedDevicesManager }))
 
+  if (adminToken !== '') {
+    app.use(
+      '/admin',
+      (req, res, next) => {
+        const user = basicAuth(req)
+
+        if (user && user.pass === adminToken) {
+          next()
+        } else {
+          res.setHeader('WWW-Authenticate', 'Basic realm="login"')
+          res.sendStatus(401)
+        }
+      },
+      createAdminRouter()
+    )
+  }
+
   return app
 }