Cleanup REST api and use 'op' query param for verbs

This commit is contained in:
Tankred Hase 2016-06-14 12:10:53 +02:00
parent b29c8308a8
commit a60d8b86a9
6 changed files with 43 additions and 76 deletions

View File

@ -131,27 +131,19 @@ POST /api/v1/key
### Verify uploaded key
```
GET /api/v1/verify?keyId=b8e4105cc9dedc77&nonce=6a314915c09368224b11df0feedbc53c
GET /api/v1/key?op=verify&keyId=b8e4105cc9dedc77&nonce=6a314915c09368224b11df0feedbc53c
```
### Request key removal
#### Via delete request
```
DELETE /api/v1/key?keyId=b8e4105cc9dedc77 OR ?email=user@example.com
```
#### Via link
```
GET /api/v1/removeKey?keyId=b8e4105cc9dedc77 OR ?email=user@example.com
GET /api/v1/key?op=remove&keyId=b8e4105cc9dedc77 OR ?email=user@example.com
```
### Verify key removal
```
GET /api/v1/verifyRemove?keyId=b8e4105cc9dedc77&nonce=6a314915c09368224b11df0feedbc53c
GET /api/v1/key?op=verifyRemove&keyId=b8e4105cc9dedc77&nonce=6a314915c09368224b11df0feedbc53c
```

View File

@ -49,21 +49,7 @@ router.post('/api/v1/key', function *() {
yield rest.create(this);
});
router.get('/api/v1/key', function *() {
yield rest.read(this);
});
router.del('/api/v1/key', function *() {
yield rest.remove(this);
});
// links for verification, removal and sharing
router.get('/api/v1/verify', function *() {
yield rest.verify(this);
});
router.get('/api/v1/removeKey', function *() {
yield rest.remove(this);
});
router.get('/api/v1/verifyRemove', function *() {
yield rest.verifyRemove(this);
yield rest.query(this);
});
// Redirect all http traffic to https

View File

@ -1,12 +1,12 @@
{
"verifyKey": {
"subject": "Verify Your Key",
"text": "Hello {{name}},\n\nplease click here to verify your key:\n\n{{baseUrl}}/api/v1/verify?keyId={{keyId}}&nonce={{nonce}}",
"html": "<p>Hello {{name}},</p><p>please <a href=\"{{baseUrl}}/api/v1/verify?keyId={{keyId}}&nonce={{nonce}}\">click here to verify</a> your key.</p>"
"text": "Hello {{name}},\n\nplease click here to verify your key:\n\n{{baseUrl}}/api/v1/key?op=verify&keyId={{keyId}}&nonce={{nonce}}",
"html": "<p>Hello {{name}},</p><p>please <a href=\"{{baseUrl}}/api/v1/key?op=verify&keyId={{keyId}}&nonce={{nonce}}\">click here to verify</a> your key.</p>"
},
"verifyRemove": {
"subject": "Verify Key Removal",
"text": "Hello {{name}},\n\nplease click here to verify the removal of your key:\n\n{{baseUrl}}/api/v1/verifyRemove?keyId={{keyId}}&nonce={{nonce}}",
"html": "<p>Hello {{name}},</p><p>please <a href=\"{{baseUrl}}/api/v1/verifyRemove?keyId={{keyId}}&nonce={{nonce}}\">click here to verify</a> the removal of your key.</p>"
"text": "Hello {{name}},\n\nplease click here to verify the removal of your key:\n\n{{baseUrl}}/api/v1/key?op=verifyRemove&keyId={{keyId}}&nonce={{nonce}}",
"html": "<p>Hello {{name}},</p><p>please <a href=\"{{baseUrl}}/api/v1/key?op=verifyRemove&keyId={{keyId}}&nonce={{nonce}}\">click here to verify</a> the removal of your key.</p>"
}
}

View File

@ -50,6 +50,23 @@ class REST {
ctx.status = 201;
}
/**
* Public key query via http GET
* @param {Object} ctx The koa request/response context
*/
*query(ctx) {
let op = ctx.query.op;
if (this[op]) {
return yield this[op](ctx); // delegate operation
}
// do READ if no 'op' provided
let q = { keyId:ctx.query.keyId, fingerprint:ctx.query.fingerprint, email:ctx.query.email };
if (!util.isKeyId(q.keyId) && !util.isFingerPrint(q.fingerprint) && !util.isEmail(q.email)) {
ctx.throw(400, 'Invalid request!');
}
ctx.body = yield this._publicKey.get(q);
}
/**
* Verify a public key's user id via http GET
* @param {Object} ctx The koa request/response context
@ -66,18 +83,6 @@ class REST {
ctx.set('Content-Type', 'text/html; charset=utf-8');
}
/**
* Public key fetch via http GET
* @param {Object} ctx The koa request/response context
*/
*read(ctx) {
let q = { keyId:ctx.query.keyId, fingerprint:ctx.query.fingerprint, email:ctx.query.email };
if (!util.isKeyId(q.keyId) && !util.isFingerPrint(q.fingerprint) && !util.isEmail(q.email)) {
ctx.throw(400, 'Invalid request!');
}
ctx.body = yield this._publicKey.get(q);
}
/**
* Request public key removal via http DELETE
* @param {Object} ctx The koa request/response context

View File

@ -53,7 +53,8 @@
<div class="col-lg-12">
<h2>OpenPGP key removal</h2>
<form action="/api/v1/removeKey" method="get">
<form action="/api/v1/key" method="get">
<input class="hidden" type="radio" name="op" value="remove" checked="checked">
<div class="input-group input-group-lg">
<input class="form-control" name="email" type="email" spellcheck="false" placeholder="Email address" required>
<span class="input-group-btn">

View File

@ -97,7 +97,7 @@ describe('Koa App (HTTP Server) Integration Tests', function() {
});
});
describe('GET /api/v1/verify', () => {
describe('GET /api/v1/key?op=verify', () => {
beforeEach(done => {
request(app.listen())
.post('/api/v1/key')
@ -108,21 +108,21 @@ describe('Koa App (HTTP Server) Integration Tests', function() {
it('should return 200 for valid params', done => {
request(app.listen())
.get('/api/v1/verify?keyId=' + emailParams.keyId + '&nonce=' + emailParams.nonce)
.get('/api/v1/key?op=verify&keyId=' + emailParams.keyId + '&nonce=' + emailParams.nonce)
.expect(200)
.end(done);
});
it('should return 400 for missing keyid and', done => {
request(app.listen())
.get('/api/v1/verify?nonce=' + emailParams.nonce)
.get('/api/v1/key?op=verify&nonce=' + emailParams.nonce)
.expect(400)
.end(done);
});
it('should return 400 for missing nonce', done => {
request(app.listen())
.get('/api/v1/verify?keyId=' + emailParams.keyId)
.get('/api/v1/key?op=verify&keyId=' + emailParams.keyId)
.expect(400)
.end(done);
});
@ -148,7 +148,7 @@ describe('Koa App (HTTP Server) Integration Tests', function() {
describe('Verified', () => {
beforeEach(done => {
request(app.listen())
.get('/api/v1/verify?keyId=' + emailParams.keyId + '&nonce=' + emailParams.nonce)
.get('/api/v1/key?op=verify&keyId=' + emailParams.keyId + '&nonce=' + emailParams.nonce)
.expect(200)
.end(done);
});
@ -190,7 +190,7 @@ describe('Koa App (HTTP Server) Integration Tests', function() {
});
});
describe('DELETE /api/v1/key', () => {
describe('GET /api/v1/key?op=remove', () => {
beforeEach(done => {
request(app.listen())
.post('/api/v1/key')
@ -201,51 +201,34 @@ describe('Koa App (HTTP Server) Integration Tests', function() {
it('should return 202 for key id', done => {
request(app.listen())
.del('/api/v1/key?keyId=' + emailParams.keyId)
.get('/api/v1/key?op=remove&keyId=' + emailParams.keyId)
.expect(202)
.end(done);
});
it('should return 202 for email address', done => {
request(app.listen())
.del('/api/v1/key?email=' + primaryEmail)
.get('/api/v1/key?op=remove&email=' + primaryEmail)
.expect(202)
.end(done);
});
it('should return 400 for invalid params', done => {
request(app.listen())
.del('/api/v1/key')
.get('/api/v1/key?op=remove')
.expect(400)
.end(done);
});
it('should return 404 for unknown email address', done => {
request(app.listen())
.del('/api/v1/key?email=a@foo.com')
.get('/api/v1/key?op=remove&email=a@foo.com')
.expect(404)
.end(done);
});
});
describe('GET /api/v1/removeKey', () => {
beforeEach(done => {
request(app.listen())
.post('/api/v1/key')
.send({ publicKeyArmored, primaryEmail })
.expect(201)
.end(done);
});
it('should return 202 for key id', done => {
request(app.listen())
.get('/api/v1/removeKey?keyId=' + emailParams.keyId)
.expect(202)
.end(done);
});
});
describe('GET /api/v1/verifyRemove', () => {
describe('GET /api/v1/key?op=verifyRemove', () => {
beforeEach(done => {
request(app.listen())
.post('/api/v1/key')
@ -253,7 +236,7 @@ describe('Koa App (HTTP Server) Integration Tests', function() {
.expect(201)
.end(function() {
request(app.listen())
.del('/api/v1/key?keyId=' + emailParams.keyId)
.get('/api/v1/key?op=remove&keyId=' + emailParams.keyId)
.expect(202)
.end(done);
});
@ -261,21 +244,21 @@ describe('Koa App (HTTP Server) Integration Tests', function() {
it('should return 200 for key id', done => {
request(app.listen())
.get('/api/v1/verifyRemove?keyId=' + emailParams.keyId + '&nonce=' + emailParams.nonce)
.get('/api/v1/key?op=verifyRemove&keyId=' + emailParams.keyId + '&nonce=' + emailParams.nonce)
.expect(200)
.end(done);
});
it('should return 400 for invalid params', done => {
request(app.listen())
.get('/api/v1/verifyRemove')
.get('/api/v1/key?op=verifyRemove')
.expect(400)
.end(done);
});
it('should return 404 for unknown key id', done => {
request(app.listen())
.get('/api/v1/verifyRemove?keyId=0123456789ABCDEF&nonce=' + emailParams.nonce)
.get('/api/v1/key?op=verifyRemove&keyId=0123456789ABCDEF&nonce=' + emailParams.nonce)
.expect(404)
.end(done);
});
@ -325,7 +308,7 @@ describe('Koa App (HTTP Server) Integration Tests', function() {
describe('Verified', () => {
beforeEach(done => {
request(app.listen())
.get('/api/v1/verify?keyId=' + emailParams.keyId + '&nonce=' + emailParams.nonce)
.get('/api/v1/key?op=verify&keyId=' + emailParams.keyId + '&nonce=' + emailParams.nonce)
.expect(200)
.end(done);
});