export default (request, response) => { const db = require('kvstore');

1. export default (request, response) => {
2.  
3. const db = require('kvstore');
4. const pubnub = require('pubnub');
5. const xhr = require('xhr');
6. const crypto = require('crypto');
7. const queryStringCodec = require('codec/query_string');
8. const base64Codec = require('codec/base64');
9. const vault = require('vault');
10.  
11. response.headers['Access-Control-Allow-Origin'] = '*';
12. response.headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, Content-Type, Accept';
13. response.headers['Access-Control-Allow-Methods'] = 'GET, POST, OPTIONS, PUT, DELETE';
14.  
15. // Choose route based on request.params and request.method
16. // Execute the controller function in the controllers object
17. const route = request.params.route;
18. const method = request.method.toLowerCase();
19.  
20. const body = JSON.parse(request.body);
21.  
22. let controllers = {
23. index: {},
24. chat_state: {},
25. get_auth_key: {}
26. };
27.  
28. // Response helpers
29. let allow = () => {
30. response.status = 200;
31. return response.send();
32. };
33.  
34. let unauthorized = () => {
35. response.status = 401;
36. return response.send();
37. };
38.  
39. let badRequest = () => {
40. response.status = 400;
41. return response.send();
42. };
43.  
44. let serverError = (error) => {
45. console.error(error);
46. response.status = 500;
47. return response.send();
48. };
49.  
50. let authPolicy = () => {
51. return new Promise((resolve) => {
52. let [username, password] = ['',''];
53.  
54. if (
55. request.headers &&
56. request.headers.authorization &&
57. typeof request.headers.authorization === 'string'
58. ) {
59. let basicHeader = request.headers.authorization;
60. let basicToken = basicHeader.split(' ');
61. let basicEncoded = basicToken.length === 2 ? basicToken[1] : '';
62. let basicConcatenation = base64Codec.atob(basicEncoded);
63. let userPassArray = basicConcatenation.split(':');
64. userPassArray = userPassArray.length === 2 ? userPassArray : ['',''];
65. [username, password] = userPassArray;
66. }
67.  
68. // You can do this more elegantly using the PubNub Functions Vault
69. // Vault securely stores keys and removes them from source code
70. if (username === 'support' && password === 'sesame') {
71. resolve(true);
72. } else {
73. resolve(false);
74. }
75. }).catch(serverError);
76. };
77.  
78. // Unprotected route, always returns 200
79. controllers.index.get = () => {
80. return allow();
81. };
82.  
83. controllers.chat_state.get = () => {
84. return authPolicy().then((isAuthorized) => {
85. if (!isAuthorized) {
86. return unauthorized();
87. }
88. return db.get('support_user_state').then((supportStateObject) => {
89. if (!supportStateObject) {
90. response.status = 200;
91. return response.send({
92. name: 'support',
93. uuid: 'support',
94. chats: {},
95. });
96. } else {
97. response.status = 200;
98. return response.send(supportStateObject);
99. }
100. });
101. }).catch((error) => {
102. return serverError(error);
103. });
104. };
105.  
106. controllers.chat_state.post = () => {
107. return authPolicy().then((isAuthorized) => {
108. if (!isAuthorized) {
109. return unauthorized();
110. }
111.  
112. // Check for bad request body
113. if (
114. !body ||
115. typeof body !== 'object' ||
116. !body.chats ||
117. typeof body.chats !== 'object' ||
118. Array.isArray(body.chats)
119. ) {
120. return badRequest();
121. }
122.  
123. let chatKeys = Object.keys(body.chats);
124. return db.get('support_user_state').then((supportStateObject) => {
125. if (!supportStateObject) {
126. db.set('support_user_state', body);
127. response.status = 200;
128. return response.send(body);
129. } else {
130. chatKeys.forEach((key) => {
131. supportStateObject.chats[key] = body.chats[key];
132. });
133.  
134. db.set('support_user_state', supportStateObject);
135.  
136. response.status = 200;
137. return response.send(supportStateObject);
138. }
139. });
140. });
141. };
142.  
143. controllers.get_auth_key.get = () => {
144. return authPolicy().then((isAuthorized) => {
145. if (!isAuthorized) {
146. return unauthorized();
147. } else {
148. // The secret auth key for the ChatEngine support user.
149. // Store the key in the Functions Vault, not source code.
150. response.status = 200;
151. return response.send('support-secret-auth-key');
152. }
153. });
154. };
155.  
156. controllers.chat_state.put = () => {
157. if (
158. !body ||
159. !body.key ||
160. typeof body.key !== 'string' ||
161. !body.name ||
162. typeof body.name !== 'string'
163. ) {
164. return badRequest();
165. } else {
166. let time = new Date();
167. return db.get('support_user_state').then((supportStateObject) => {
168. if (!supportStateObject) {
169. db.set('support_user_state', {
170. name: 'support',
171. uuid: 'support',
172. chats: {
173. [body.key]: {
174. key: body.key,
175. name: body.name,
176. time,
177. }
178. }
179. });
180. response.status = 200;
181. return response.send();
182. } else {
183. supportStateObject.chats[body.key] = {
184. key: body.key,
185. name: body.name,
186. time: body.time,
187. };
188.  
189. db.set('support_user_state', supportStateObject);
190.  
191. response.status = 200;
192. return response.send();
193. }
194. });
195. }
196. };
197.  
198. // GET request with empty route returns the homepage
199. // If a requested route or method for a route does not exist, return 404
200. if (!route && method === 'get') {
201. return controllers.index.get();
202. } else if (controllers[route] && controllers[route][method]) {
203. return controllers[route][method]();
204. } else {
205. response.status = 404;
206. return response.send();
207. }
208. };