-
Notifications
You must be signed in to change notification settings - Fork 45
/
Copy pathserver.js
77 lines (67 loc) · 3.1 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
// Declare our dependencies
var express = require('express');
var request = require('superagent');
var backendHost = process.env.BACK_HOST || 'localhost';
// Create our express app
var app = express();
// Set the view engine to use EJS as well as set the default views directory
app.set('view engine', 'ejs');
app.set('views', __dirname + '/public/views/');
// This tells Express out of which directory to serve static assets like CSS and images
app.use(express.static(__dirname + '/public'));
// The homepage route of our application does not interface with the MovieAnalyst API and is always accessible. We won’t use the getAccessToken middleware here. We’ll simply render the index.ejs view.
app.get('/', function(req, res){
res.render('index');
})
// For the movies route, we’ll call the getAccessToken middleware to ensure we have an access token. If we do have a valid access_token, we’ll make a request with the superagent library and we’ll be sure to add our access_token in an Authorization header before making the request to our API.
// Once the request is sent out, our API will validate that the access_token has the right scope to request the /movies resource and if it does, will return the movie data. We’ll take this movie data, and pass it alongside our movies.ejs template for rendering
app.get('/movies', function(req, res){
request
.get('http://'+backendHost+':3000/movies')
.end(function(err, data) {
if(data.status == 403){
res.send(403, '403 Forbidden');
} else {
var movies = data.body;
res.render('movies', { movies: movies} );
}
})
})
// The process will be the same for the remaining routes. We’ll make sure to get the acess_token first and then make the request to our API to get the data.
// The key difference on the authors route, is that for our client, we’re naming the route /authors, but our API endpoint is /reviewers. Our route on the client does not have to match the API endpoint route.
app.get('/authors', function(req, res){
request
.get('http://'+backendHost+':3000/reviewers')
.set('Authorization', 'Bearer ' + req.access_token)
.end(function(err, data) {
if(data.status == 403){
res.send(403, '403 Forbidden');
} else {
var authors = data.body;
res.render('authors', {authors : authors});
}
})
})
app.get('/publications', function(req, res){
request
.get('http://'+backendHost+':3000/publications')
.end(function(err, data) {
if(data.status == 403){
res.send(403, '403 Forbidden');
} else {
var publications = data.body;
res.render('publications', {publications : publications});
}
})
})
// We’ve added the pending route, but calling this route from the MovieAnalyst Website will always result in a 403 Forbidden error as this client does not have the admin scope required to get the data.
app.get('/pending', function(req, res){
request
.get('http://'+backendHost+':3000/pending')
.end(function(err, data) {
if(data.status == 403){
res.send(403, '403 Forbidden');
}
})
})
app.listen(3030);