Add validator to avoid access to default routes when auth is set to off

src/constants/api.js

@@ -0,0 +1,3 @@
+module.exports = {
+  defaultRoutes: ['_users', '_roles', '_roles_permissions', '_users_roles'],
+};

src/constants/index.js

@@ -1,3 +1,4 @@
 const dbTables = require('./dbTables');
+const apiConstants = require('./api');
 
-module.exports = { dbTables };
+module.exports = { dbTables, apiConstants };

src/middlewares/api.js

@@ -1,11 +1,20 @@
+const config = require('../config');
 const { registerUser } = require('../controllers/auth');
+const { apiConstants } = require('../constants/');
 
 const processRequest = async (req, res, next) => {
   const resource = req.params.name;
   const method = req.method;
 
+  // If the user sends a request when auth is set to false, throw an error
+  if (apiConstants.defaultRoutes.includes(resource) && !config.auth) {
+    return res.status(401).send({
+      message: 'You can not access this endpoint while AUTH is set to false',
+    });
+  }
+
   // Execute user registration function
-  if (resource === '_users' && method === 'POST') {
+  if (resource === '_users' && method === 'POST' && config.auth) {
     return registerUser(req, res);
   }
 

src/swagger/swagger.json

@@ -241,6 +241,9 @@
         "responses": {
           "400": {
             "description": "Bad Request"
+          },
+          "401": {
+            "description": "Unauthorized"
           }
         }
       },
@@ -277,6 +280,9 @@
             "schema": {
               "$ref": "#/definitions/InsertRowErrorResponse"
             }
+          },
+          "401": {
+            "description": "Unauthorized"
           }
         }
       }