diff --git a/app/controllers/devices.js b/app/controllers/devices.js index fabc6e65..30c320b2 100644 --- a/app/controllers/devices.js +++ b/app/controllers/devices.js @@ -1,6 +1,9 @@ var mongojs = require('mongojs'); var devicesDb = require('../database').collection('devices'); +var jwt = require('jsonwebtoken'); +var config = require('../../config/config'); + /** createDevice() */ exports.createDevice = function(req, res, next) { @@ -9,9 +12,17 @@ exports.createDevice = function(req, res, next) { /** Save the device and check for errors */ devicesDb.insert(req.body, function(err, device) { if (err) - res.send(err); + return next(err); - res.json(device); + var token = jwt.sign(device, config.tokenSecret, { + expiresInMinutes: config.userTokenExpirePeriod + }); + + res.json({ + status: 200, + message: 'Device created', + token: token + }); }); return next(); @@ -24,7 +35,7 @@ exports.getAllDevices = function(req, res, next) { devicesDb.find(req.body, function(err, devices) { if (err) - res.send(err); + return next(err); res.json(devices); return next(); @@ -63,7 +74,7 @@ exports.updateDevice = function(req, res, next) { /** deleteDevice() */ exports.deleteDevice = function(req, res, next) { - deviceDb.remove({ + devicesDb.remove({ _id: mongojs.ObjectId(req.params.device_id) }, function(err, device) { if (err) diff --git a/config/development.json b/config/development.json index 557670c1..b8d39ace 100644 --- a/config/development.json +++ b/config/development.json @@ -6,7 +6,7 @@ "name" : "test" }, "port" : "8080", - "secretToken": "VelikaSrbija", + "tokenSecret": "Pariz-Beograd", "userTokenExpirePeriod": "10080", "limiter" : { "defaultBurstRate": 50, diff --git a/package.json b/package.json index 310e3e2e..64d7039b 100644 --- a/package.json +++ b/package.json @@ -27,6 +27,7 @@ "gulp-nodemon": "^2.0.3", "jshint-stylish": "^2.0.1", "mocha": "^2.3.3", + "restify-jwt": "^0.4.0", "supertest": "^1.1.0" } } diff --git a/server.js b/server.js index 04d53595..20a0b009 100644 --- a/server.js +++ b/server.js @@ -6,6 +6,7 @@ * See the included LICENSE file for more details. */ var restify = require('restify'); +var jwt = require('restify-jwt'); var domain = require('domain'); var config = require('./config/config'); @@ -29,7 +30,25 @@ console.log('Enabling CORS'); server.use(restify.CORS()); server.use(restify.fullResponse()); -//Global error handler +/** JWT */ +server.use(jwt({ + secret: config.tokenSecret, + requestProperty: 'token', + getToken: function fromHeaderOrQuerystring(req) { + var token = (req.body && req.body.access_token) || + (req.query && req.query.access_token) || + req.headers['x-auth-token']; + + return token; + } +}).unless({ + path: [ + '/status', + {url: '/devices', methods: ['POST']} + ] +})); + +/** Global error handler */ server.use(function(req, res, next) { var domainHandler = domain.create(); diff --git a/swagger.yaml b/swagger.yaml index da705462..42043c6b 100644 --- a/swagger.yaml +++ b/swagger.yaml @@ -1,293 +1,144 @@ swagger: '2.0' - -# Document metadata info: - version: "0.0.1" - title: Mainflux - termsOfService: http://swagger.io/terms/ - contact: - name: API Support - url: http://wwww.mainflux.com/support - email: support@mainflux.com - license: - name: MIT - url: http://opensource.org/licenses/MIT - + version: 0.0.1 + title: Mainflux + termsOfService: 'http://mainflux.com/tos' + contact: + name: Mainflux + url: 'http://wwww.mainflux.com' + email: info@mainflux.com + license: + name: Apache-2.0 + url: 'http://opensource.org/licenses/Apache-2.0' paths: - /status: - # This is a HTTP operation - get: - # Describe this verb here. Note: you can use markdown - description: | - Gets Mainflux server status. - - # Expected responses for this operation: - responses: - # Response code - 200: - description: Server is running - - # A schema describing your response object. - # Use JSON Schema format - schema: - title: Status - type: string - - /things: - # This is a HTTP operation - get: - # Describe this verb here. Note: you can use markdown - description: | - Gets all of the existing `Thing` objects. - - # This is array of GET operation parameters: - parameters: - # An example parameter that is in query and is required - - - name: authUuid - in: query - description: authentification UUID - required: true - type: string - - - - name: authToken - in: query - description: authentification token - required: true - type: number - format: double - - - # Expected responses for this operation: - responses: - # Response code - 200: - description: Successful response - - # A schema describing your response object. - # Use JSON Schema format - schema: - title: ArrayOfThings - type: array - items: - title: Thing - type: object - properties: - uuid: - type: number - name: - type: string - type: - type: string - manufacturer: - type: string - post: - # Describe this verb here. Note: you can use markdown - description: | - Creates `Thing` object. - Returns newly created Thing object. - - # This is array of GET operation parameters: - parameters: - # An example parameter that is in query and is required - - - name: authUuid - in: query - description: authentification UUID - required: true - type: string - - - - name: authToken - in: query - description: authentification token - required: true - type: number - format: double - - - # Expected responses for this operation: - responses: - # Response code - 200: - description: Successful response - - # A schema describing your response object. - # Use JSON Schema format - schema: - title: Thing - type: object - properties: - uuid: - type: number - name: - type: string - type: - type: string - manufacturer: - type: string - /things/{thingUuid}: - # This is a HTTP operation - get: - # Describe this verb here. Note: you can use markdown - description: | - Gets Thing object from the database by thingUuid. - - # This is array of GET operation parameters: - parameters: - # An example parameter that is in query and is required - - - name: thingUuid - in: path - description: thing UUID - required: true - type: string - - - name: authUuid - in: query - description: authentification UUID - required: true - type: string - - - - name: authToken - in: query - description: authentification token - required: true - type: number - format: double - - - # Expected responses for this operation: - responses: - # Response code - 200: - description: Successful response - - # A schema describing your response object. - # Use JSON Schema format - schema: - title: Thing - type: object - properties: - uuid: - type: number - name: - type: string - type: - type: string - manufacturer: - type: string - - put: - # Describe this verb here. Note: you can use markdown - description: | - Updates Thing object from the database. - - # This is array of GET operation parameters: - parameters: - # An example parameter that is in query and is required - - - name: thingUuid - in: path - description: thing UUID - required: true - type: string - - - name: params - in: query - description: thing parameters - required: true - type: string - - - name: authUuid - in: query - description: authentification UUID - required: true - type: string - - - - name: authToken - in: query - description: authentification token - required: true - type: number - format: double - - - # Expected responses for this operation: - responses: - # Response code - 200: - description: Successful response - - # A schema describing your response object. - # Use JSON Schema format - schema: - title: Thing - type: object - properties: - uuid: - type: number - name: - type: string - type: - type: string - manufacturer: - type: string - - delete: - # Describe this verb here. Note: you can use markdown - description: | - Deletes Thing object from the database. - - # This is array of GET operation parameters: - parameters: - # An example parameter that is in query and is required - - - name: thingUuid - in: path - description: thing UUID - required: true - type: string - - - name: authUuid - in: query - description: authentification UUID - required: true - type: string - - - - name: authToken - in: query - description: authentification token - required: true - type: number - format: double - - - # Expected responses for this operation: - responses: - # Response code - 200: - description: Successful response - - # A schema describing your response object. - # Use JSON Schema format - schema: - title: Thing - type: object - properties: - uuid: - type: number - name: - type: string - type: - type: string - manufacturer: - type: string - - - - + /status: + get: + description: | + Gets Mainflux server status. + responses: + '200': + description: Server is running + schema: + title: Status + type: string + /devices: + get: + description: | + Gets all of the existing `Device` objects. + parameters: + - name: X-Auth-Token + in: header + description: authentification token + required: true + type: number + format: double + responses: + '200': + description: Successful response + schema: + title: ArrayOfDevices + type: array + items: + title: Device + type: object + properties: + uuid: + type: number + post: + description: | + Creates `Device` object. + Returns newly created Device object. + parameters: + - name: X-Auth-Token + in: header + description: authentification token + required: true + type: number + format: double + responses: + '200': + description: Successful response + schema: + title: Device + type: object + properties: + uuid: + type: number + '/devices/{device_id}': + get: + description: | + Gets `Device` object from the database by `deviceUuid`. + parameters: + - name: X-Auth-Token + in: header + description: authentification token + required: true + type: number + format: double + - name: device_id + in: path + description: Device UUID + required: true + type: string + responses: + '200': + description: Successful response + schema: + title: Thing + type: object + properties: + uuid: + type: number + put: + description: | + Updates Thing object from the database. + parameters: + - name: X-Auth-Token + in: header + description: authentification token + required: true + type: number + format: double + - name: device_id + in: path + description: Device UUID + required: true + type: string + - name: params + in: query + description: Device parameters + required: true + type: string + responses: + '200': + description: Successful response + schema: + title: Thing + type: object + properties: + uuid: + type: number + delete: + description: | + Deletes Thing object from the database. + parameters: + - name: X-Auth-Token + in: header + description: authentification token + required: true + type: number + format: double + - name: device_id + in: path + description: Device UUID + required: true + type: string + responses: + '200': + description: Successful response + schema: + title: Thing + type: object + properties: + uuid: + type: number