6 files changed, 76 insertions, 27 deletions

diff --git a/src/api/routes.js b/src/api/routes.js

index b91e7ba..1853b57 100644
--- a/src/api/routes.js
+++ b/src/api/routes.js
@@ -2,34 +2,60 @@ import * as routes from './routes/index.js';
 import * as url from 'node:url';
 import express from 'express';
 
+let dumpHttpEndpoints = false;
+
+function logPrefixed(...args) {
+    console.log('%', ...args);
+}
+
+function logHttpHeader() {
+    if (!dumpHttpEndpoints) return;
+    logPrefixed('@baseUrl=http://localhost:3000');
+    logPrefixed('@username=admin');
+    logPrefixed('@password=admin');
+    logPrefixed('@email=admin@example.com');
+    logPrefixed('@userType=admin');
+    logPrefixed('');
+    logPrefixed('');
+}
+
 function logHttpEntry(method, route, routeMethod) {
-    if (routeMethod.description) console.log('%', '#', routeMethod.description);
+    console.log(
+        'Registering',
+        method.toUpperCase(),
+        route + ':',
+        routeMethod.description || 'No description provided'
+    );
+    if (!dumpHttpEndpoints) return;
+
+    if (routeMethod.description) logPrefixed('#', routeMethod.description);
+
+    logPrefixed(method, '{{baseUrl}}' + route, 'HTTP/1.1');
 
-    console.log('%', method, '{{baseUrl}}' + route, 'HTTP/1.1');
     if (routeMethod.exampleHeaders) {
         for (var key of Object.keys(routeMethod.exampleHeaders)) {
-            console.log('%', `${key}: ${routeMethod.exampleHeaders[key]}`);
+            logPrefixed(`${key}: ${routeMethod.exampleHeaders[key]}`);
         }
     }
+
     if (routeMethod.exampleBody) {
-        console.log('%', 'Content-Type: application/json');
-        console.log('% ');
-        console.log(
-            '%',
+        logPrefixed('Content-Type: application/json');
+        logPrefixed('');
+        logPrefixed(
             JSON.stringify(routeMethod.exampleBody, null, 4).replaceAll(
                 '\n',
                 '\n% '
             )
         );
-        console.log('% ');
+        logPrefixed('');
     }
-    console.log('% ');
-    console.log('%', '###');
+
+    logPrefixed('');
+    logPrefixed('###');
 }
 
 export function registerRoutes(app) {
-    // http file header:
-    console.log('%', '');
+    logHttpHeader();
     let routeCount = 0;
 
     Object.keys(routes).forEach(routeName => {
@@ -46,11 +72,6 @@ export function registerRoutes(app) {
             const routeMethod = route.methods[routeMethodName];
             if (routeMethod === undefined) return;
 
-            console.log(
-                'Registering',
-                routeMethodName.toUpperCase(),
-                route.path
-            );
             logHttpEntry(
                 routeMethodName.toUpperCase(),
                 route.path,
@@ -67,10 +88,12 @@ export function registerRoutes(app) {
     console.log(`Registered ${routeCount} routes.`);
 }
 
+// Check if the script is run directly, to create the routes.html file.
 if (import.meta.url.startsWith('file:')) {
     const modulePath = url.fileURLToPath(import.meta.url);
     if (process.argv[1] === modulePath) {
         const app = express();
+        dumpHttpEndpoints = true;
         registerRoutes(app);
         process.exit(1);
     }
diff --git a/src/api/routes/alarmRoutes.js b/src/api/routes/alarmRoutes.js

index 9739f4f..f62aa6c 100644
--- a/src/api/routes/alarmRoutes.js
+++ b/src/api/routes/alarmRoutes.js
@@ -1,7 +1,7 @@
 import {
     requireMonitor,
     requireUser,
-    validateAuth
+    requireRole
 } from '#api/middlewares/index.js';
 import { UserType } from '#db/schemas/index.js';
 import { RouteMethod } from '#api/RouteDescription.js';
diff --git a/src/api/routes/auth/accountRoutes.js b/src/api/routes/auth/accountRoutes.js

index a2181d1..547110e 100644
--- a/src/api/routes/auth/accountRoutes.js
+++ b/src/api/routes/auth/accountRoutes.js
@@ -1,6 +1,7 @@
 import { deleteUser, loginUser, registerUser } from '#db/index.js';
 import { AuthDto, RegisterDto } from '#dto/index.js';
 import { RouteDescription, RouteMethod } from '#api/RouteDescription.js';
+import { WhoAmIDto } from '#dto/auth/WhoAmIDto.js';
 
 /**
  * @type {RouteDescription}
@@ -91,3 +92,23 @@ export const deleteRoute = {
         })
     }
 };
+
+/**
+ * @type {RouteDescription}
+ */
+export const whoAmI = {
+    path: '/auth/whoami',
+    methods: {
+        get: new RouteMethod({
+            description: 'Get current user',
+            async method(req, res) {
+                const data = await WhoAmIDto.create({
+                    userId: req.auth.sub,
+                    deviceId: req.auth.deviceId,
+                    type: req.auth.type
+                });
+                res.send(data);
+            }
+        })
+    }
+};
diff --git a/src/api/routes/auth/adminAccountRoutes.js b/src/api/routes/auth/adminAccountRoutes.js

index 2153945..13cca53 100644
--- a/src/api/routes/auth/adminAccountRoutes.js
+++ b/src/api/routes/auth/adminAccountRoutes.js
@@ -1,6 +1,6 @@
 import { deleteUser, loginUser, registerUser, UserType } from '#db/index.js';
 import { AuthDto, RegisterDto } from '#dto/index.js';
-import { requireAdmin, validateAuth } from '#api/middlewares/index.js';
+import { requireAdmin, requireRole } from '#api/middlewares/index.js';
 import { RouteDescription, RouteMethod } from '#api/RouteDescription.js';
 
 /**
diff --git a/src/api/routes/auth/deviceRoutes.js b/src/api/routes/auth/deviceRoutes.js

index 849a48c..40090e8 100644
--- a/src/api/routes/auth/deviceRoutes.js
+++ b/src/api/routes/auth/deviceRoutes.js
@@ -1,6 +1,6 @@
 import { registerUser } from '#db/index.js';
 import { RegisterDto } from '#dto/index.js';
-import { validateAuth } from '#api/middlewares/index.js';
+import { requireRole } from '#api/middlewares/index.js';
 import { RouteDescription, RouteMethod } from '#api/RouteDescription.js';
 
 /**
@@ -10,7 +10,7 @@ export const getDevicesRoute = {
     path: '/auth/devices',
     methods: {
         get: new RouteMethod({
-            middlewares: [validateAuth({})],
+            middlewares: [requireRole({})],
             async method(req, res) {
                 const data = await RegisterDto.create(req.body);
                 const registerResult = await registerUser(data);
diff --git a/src/api/routes/budgetRoutes.js b/src/api/routes/budgetRoutes.js

index d7ebde4..4ad4897 100644
--- a/src/api/routes/budgetRoutes.js
+++ b/src/api/routes/budgetRoutes.js
@@ -1,7 +1,7 @@
 import {
     requireMonitor,
     requireUser,
-    validateAuth
+    requireRole
 } from '#api/middlewares/index.js';
 import { UserType } from '#db/schemas/index.js';
 import {
@@ -10,25 +10,30 @@ import {
     RouteMethodList
 } from '#api/RouteDescription.js';
 import { getUserById } from '#db/dbAccess/index.js';
+import { SafeNSoundError } from '#util/error.js';
 
 /**
  * @type {RouteDescription}
  */
 export const getBudgetByUserRoute = {
     path: '/budget/:id',
-    methods: new RouteMethodList({
+    methods: {
         get: new RouteMethod({
             middlewares: [requireMonitor],
             async method(req, res) {
                 if (req.user.type !== UserType.ADMIN) {
                     if (!req.user.monitoredUsers.includes(req.params.id))
-                        throw new Error('meow');
+                        throw new SafeNSoundError({
+                            errCode: 'UNAUTHORIZED',
+                            message:
+                                "You do not have permission to access this user's budget."
+                        });
                 }
-                //if (!req.)
-                //                const user = await getUserById(req.);
+                const user = await getUserById(req.params.id);
+                res.send({ balance: user.balance });
             }
         })
-    })
+    }
 };
 
 /**