initial work on new turtl api (named server). nodejs-based. sorry l…

…isp =[. somewhat a clone of the lisp app, but with some different data structures ("spaces" as top-level, shareable objects...spaces contain boards and notes and can be thought of as "teams" sort of. also, no more boards owning boards, and probably will enforce 1:1 note:board mapping (no more notes in multiple boards anymore, but not 100% sure on this yet)). so far user join/auth, most of the sync system (maybe 100%?), spaces, and boards are complete. that leaves keychain, notes, files, invites. theres probably a lot else im missing. also, none of this is tested (except user join/auth), so theres probably 1000 bugs.

.gitignore

@@ -0,0 +1,5 @@
+.DS_Store
+node_modules
+npm-debug.log
+/config/config.yaml
+/sess.vim

TODO

@@ -0,0 +1,10 @@
+- keychain validation/sync
+- note/file validation/sync
+  - s3/local file uploads
+- invite validation/sync
+- sync invites
+  - should invites be part of populate_shares?
+  - should invites just be included in the space data next to members?
+    - and removed unless user has permissions.add_space_invite?
+  - should invites just trigger an edit sync on the space?
+    - only synced to permissible members?

controllers/errlog.js

@@ -0,0 +1,3 @@
+exports.route = function(app) {
+};
+

controllers/feedback.js

@@ -0,0 +1,3 @@
+exports.route = function(app) {
+};
+

controllers/files.js

@@ -0,0 +1,3 @@
+exports.route = function(app) {
+};
+

controllers/spaces.js

@@ -0,0 +1,3 @@
+exports.route = function(app) {
+};
+

controllers/sync.js

@@ -0,0 +1,66 @@
+var tres = require('../helpers/tres');
+var model = require('../models/sync');
+
+exports.route = function(app) {
+	app.get('/sync', partial_sync);
+	app.get('/sync/full', full_sync);
+	app.post('/sync', bulk_sync);
+};
+
+/**
+ * Given the current user and a sync-id, spits out all data that has changes in
+ * the user's profile since that sync id. Used by various clients to stay in
+ * sync with the canonical profile (hosted on the server).
+ * 
+ * Unlike the /sync/full call, this is stateful...we are syncing actual profile
+ * changes here and thus depend on syncing the correct data. A mistake here can
+ * put bad data into the profile that will sit there until the app clears its
+ * local data. So we have to be careful to sync exactly what the client needs.
+ * This is easy for tangible things like editing a note or adding a keychain
+ * because there is a 1:1 mapping of sync record -> action. When things get
+ * tricky is for 'share' and 'unshare' sync records: we have to create a bunch
+ * of fake sync records that add the board(s) and their note(s) to the profile
+ * and make sure they are injected at the correct place in the sync result.
+ * 
+ * So in the cases where we're fabricating sync items, we have to be cautious
+ * to add/remove the correct data or the app is going to have a bad time.
+ */
+var partial_sync = function(req, res) {
+	var user_id = req.user.id;
+	var sync_id = req.query.sync_id;
+	return model.sync_from(user_id, sync_id)
+		.spread(function(sync_records, latest_sync_id) {
+		})
+		.catch(tres.err.bind(tres, res));
+}
+
+/**
+ * Called by the client if a user has no local profile data. Returns the profile
+ * data in the same format as a sync call, allowing the client to process it the
+ * same way as regular syncing.
+ * 
+ * It's important to note that this isn't stateful in the sense that we need to
+ * gather the correct sync items and send them...what we're doing is pulling out
+ * all the needed data for the profile and returning it as sync 'add' items. Any
+ * time the app needs a fresh set of *correct* data it can wipe its local data
+ * and grab this.
+ */
+var full_sync = function(req, res) {
+};
+
+/**
+ * Bulk sync API. Accepts any number of sync items and applies the updates to
+ * the profile of the authed user.
+ * 
+ * Note that the items are added in sequence and if any one in the sequence
+ * fails, we abort and send back the successes and failures. This is because
+ * many of the items need to be added in a specific sequence in order to work
+ * correctly (for instance, a keychain entry for a board needs to be synced
+ * before the board itself). Catching a failure in the sequence allows the
+ * client to try again whilst still preserving the original order of the sync
+ * items.
+ */
+var bulk_sync = function(req, res) {
+};
+
+

controllers/users.js

@@ -0,0 +1,36 @@
+var model = require('../models/user');
+var tres = require('../helpers/tres');
+
+exports.route = function(app) {
+	app.post('/users', join);
+	app.post('/auth', authenticate);
+	app.delete('/users/:user_id', delete_account);
+};
+
+/**
+ * create a new user account
+ */
+var join = function(req, res) {
+	var data = req.body;
+	return model.join(data)
+		.then(tres.send.bind(tres, res))
+		.catch(tres.err.bind(tres, res));
+};
+
+/**
+ * a basic endpoint specifically for authentication
+ */
+var authenticate = function(req, res) {
+	return tres.send(res, {ok: true});
+};
+
+/**
+ * removes a user's account and all data owned by only that user
+ */
+var delete_account = function(req, res) {
+	var cur_user_id = req.user.id;
+	var user_id = req.params.user_id;
+	return model.delete(cur_user_id, user_id)
+		.then(tres.send.bind(tres, res))
+		.catch(tres.err.bind(tres, res));
+};

helpers/auth.js

@@ -0,0 +1,22 @@
+var user_model = require('../models/user');
+var tres = require('./tres');
+
+var public_routes = [
+	'get /',
+	'post /users',
+];
+
+module.exports = function(req, res, next) {
+	var auth = req.headers.authorization;
+	var method_url = req.method.toLowerCase()+' '+req.url;
+	if(public_routes.indexOf(method_url) >= 0) return next();
+	return user_model.check_auth(auth)
+		.then(function(user) {
+			req.user = user;
+			next();
+		})
+		.catch(function(err) {
+			tres.err(res, err);
+		});
+};
+

helpers/config.js

@@ -0,0 +1,6 @@
+var yaml = require('js-yaml');
+var fs = require('fs');
+
+var config_str = fs.readFileSync(__dirname+'/../config/config.yaml', 'utf8');
+module.exports = yaml.safeLoad(config_str);
+