datasquirel/package-shared/functions/backend/api-cred.js

// @ts-check

const fs = require("fs");
const decrypt = require("../dsql/decrypt");

/** @type {import("../../types").CheckApiCredentialsFn} */
const grabApiCred = ({ key, database, table, user_id, media }) => {
    if (!key) return null;
    if (!user_id) return null;

    try {
        const allowedKeysPath = process.env.DSQL_API_KEYS_PATH;

        if (!allowedKeysPath)
            throw new Error(
                "process.env.DSQL_API_KEYS_PATH variable not found"
            );

        const ApiJSON = decrypt({ encryptedString: key });
        /** @type {import("../../types").ApiKeyObject} */
        const ApiObject = JSON.parse(ApiJSON || "");
        const isApiKeyValid = fs.existsSync(
            `${allowedKeysPath}/${ApiObject.sign}`
        );

        if (String(ApiObject.user_id) !== String(user_id)) return null;

        if (!isApiKeyValid) return null;
        if (!ApiObject.target_database) return ApiObject;
        if (media) return ApiObject;

        if (!database && ApiObject.target_database) return null;
        const isDatabaseAllowed = ApiObject.target_database
            ?.split(",")
            .includes(String(database));

        if (isDatabaseAllowed && !ApiObject.target_table) return ApiObject;
        if (isDatabaseAllowed && !table && ApiObject.target_table) return null;
        const isTableAllowed = ApiObject.target_table
            ?.split(",")
            .includes(String(table));
        if (isTableAllowed) return ApiObject;
        return null;
    } catch (/** @type {any} */ error) {
        console.log(`api-cred ERROR: ${error.message}`);
        return { error: `api-cred ERROR: ${error.message}` };
    }
};

module.exports = grabApiCred;
Updates 2024-11-06 06:26:23 +00:00			`// @ts-check`

			`const fs = require("fs");`
Updates 2024-12-06 10:31:24 +00:00			`const decrypt = require("../dsql/decrypt");`
Updates 2024-11-06 06:26:23 +00:00
			`/** @type {import("../../types").CheckApiCredentialsFn} */`
Updates 2024-12-17 17:39:50 +00:00			`const grabApiCred = ({ key, database, table, user_id, media }) => {`
Updates 2024-11-06 11:58:41 +00:00			`if (!key) return null;`
Major refactoring: Add user id to API routes 2024-11-27 10:02:03 +00:00			`if (!user_id) return null;`
Updates 2024-11-06 11:58:41 +00:00
Updates 2024-11-06 06:26:23 +00:00			`try {`
			`const allowedKeysPath = process.env.DSQL_API_KEYS_PATH;`

			`if (!allowedKeysPath)`
			`throw new Error(`
			`"process.env.DSQL_API_KEYS_PATH variable not found"`
			`);`

Updates 2024-12-06 10:31:24 +00:00			`const ApiJSON = decrypt({ encryptedString: key });`
Updates 2024-11-06 06:26:23 +00:00			`/** @type {import("../../types").ApiKeyObject} */`
			`const ApiObject = JSON.parse(ApiJSON \|\| "");`
			`const isApiKeyValid = fs.existsSync(`
			`${allowedKeysPath}/${ApiObject.sign}`
			`);`

Major refactoring: Add user id to API routes 2024-11-27 10:02:03 +00:00			`if (String(ApiObject.user_id) !== String(user_id)) return null;`

Updates 2024-11-06 06:26:23 +00:00			`if (!isApiKeyValid) return null;`
			`if (!ApiObject.target_database) return ApiObject;`
Updates 2024-12-17 17:39:50 +00:00			`if (media) return ApiObject;`

Updates 2024-11-06 06:26:23 +00:00			`if (!database && ApiObject.target_database) return null;`
			`const isDatabaseAllowed = ApiObject.target_database`
			`?.split(",")`
			`.includes(String(database));`

			`if (isDatabaseAllowed && !ApiObject.target_table) return ApiObject;`
			`if (isDatabaseAllowed && !table && ApiObject.target_table) return null;`
			`const isTableAllowed = ApiObject.target_table`
			`?.split(",")`
			`.includes(String(table));`
			`if (isTableAllowed) return ApiObject;`
			`return null;`
			`} catch (/** @type {any} */ error) {`
			console.log(`api-cred ERROR: ${error.message}`);
Updates 2024-12-17 17:39:50 +00:00			return { error: `api-cred ERROR: ${error.message}` };
Updates 2024-11-06 06:26:23 +00:00			`}`
			`};`

			`module.exports = grabApiCred;`