1
0
mirror of https://github.com/Foltik/Shimapan synced 2024-11-15 01:06:32 -05:00
shimapan/app/routes/api/auth.js

126 lines
4.0 KiB
JavaScript
Raw Normal View History

2018-07-25 01:45:05 -04:00
const express = require('express');
const router = express.Router();
const config = require('config');
2018-08-01 11:54:35 -04:00
const ModelPath = '../../models/';
const User = require(ModelPath + 'User.js');
const Invite = require(ModelPath + 'Invite.js');
const passport = require('passport');
2018-08-01 11:54:35 -04:00
const canonicalizeRequest = require('../../util/canonicalize').canonicalizeRequest;
const requireAuth = require('../../util/auth').requireAuth;
const wrap = require('../../util/wrap.js');
const verifyBody = require('../../util/verifyBody');
2018-07-25 01:45:05 -04:00
2018-07-25 18:45:38 -04:00
// Wraps passport.authenticate to return a promise
const authenticate = (req, res, next) => {
2018-07-25 18:45:38 -04:00
return new Promise((resolve) => {
passport.authenticate('local', (err, user) => {
resolve(user);
})(req, res, next);
});
};
2018-07-25 01:45:05 -04:00
2018-07-25 18:45:38 -04:00
// Wraps passport session creation for async usage
const login = (user, req) => {
2018-07-25 18:45:38 -04:00
return new Promise((resolve) => {
req.login(user, resolve);
});
};
2017-10-12 12:50:02 -04:00
2018-07-25 01:45:05 -04:00
// Query the database for a valid invite code. An error message property is set if invalid.
const validateInvite = wrap(async (req, res, next) => {
const invite = await Invite.findOne({code: req.body.invite}).catch(next);
2018-07-25 01:45:05 -04:00
if (!invite)
return res.status(422).json({message: 'Invalid invite code.'});
2018-07-25 01:45:05 -04:00
if (invite.used)
return res.status(422).json({message: 'Invite already used.'});
2018-07-25 01:45:05 -04:00
2018-07-27 14:23:23 -04:00
if (invite.expires != null && invite.expires < Date.now())
return res.status(422).json({message: 'Invite expired.'});
2017-10-11 12:55:46 -04:00
req.invite = invite;
next();
});
2018-07-25 01:45:05 -04:00
// Check if the requested username is valid
const validateUsername = wrap(async (req, res, next) => {
const username = req.body.username;
if (username.length > config.get('User.Username.maxLength'))
return res.status(422).json({message: 'Username too long.'});
const restrictedRegex = new RegExp(config.get('User.Username.restrictedChars'), 'g');
if (username !== req.sanitize(username).replace(restrictedRegex, ''))
return res.status(422).json({message: 'Username contains invalid characters.'});
const count = await User.countDocuments({username: username}).catch(next);
if (count !== 0)
return res.status(422).json({message: 'Username in use.'});
2018-07-25 01:45:05 -04:00
next();
});
2018-07-25 01:45:05 -04:00
const registerProps = [
{name: 'displayname', type: 'string'},
{name: 'password', type: 'string'},
{name: 'invite', type: 'string'}];
router.post('/register',
verifyBody(registerProps), canonicalizeRequest,
validateInvite, validateUsername,
wrap(async (req, res, next) => {
2018-07-25 18:45:38 -04:00
// Update the database
await Promise.all([
User.register({
username: req.body.username,
displayname: req.body.displayname,
scope: req.invite.scope,
2018-07-25 18:45:38 -04:00
date: Date.now()
}, req.body.password).catch(next),
Invite.updateOne({code: req.invite.code}, {recipient: req.body.username, used: Date.now()}).catch(next)
2018-07-25 18:45:38 -04:00
]);
2018-07-25 01:45:05 -04:00
res.status(200).json({'message': 'Registration successful.'});
}));
2017-10-11 10:15:19 -04:00
2018-07-29 11:00:14 -04:00
const loginProps = [
{name: 'username', type: 'string', optional: true},
{name: 'displayname', type: 'string', optional: true},
{name: 'password', type: 'string'}];
router.post('/login', verifyBody(loginProps), canonicalizeRequest, wrap(async (req, res, next) => {
2018-07-25 18:45:38 -04:00
// Authenticate
const user = await authenticate(req, res, next);
if (!user)
return res.status(401).json({'message': 'Unauthorized.'});
// Create session
await login(user, req);
// Set session vars
req.session.passport.displayname = user.displayname;
2018-07-25 18:45:38 -04:00
req.session.passport.scope = user.scope;
res.status(200).json({'message': 'Logged in.'});
}));
2017-10-11 10:15:19 -04:00
router.post('/logout', function (req, res) {
if (!req.isAuthenticated())
return res.status(400).json({message: 'Not logged in.'});
2017-10-18 13:31:08 -04:00
req.logout();
res.status(200).json({'message': 'Logged out.'});
2017-10-14 17:49:11 -04:00
});
router.get('/whoami', requireAuth(), (req, res) => {
2018-07-25 18:45:38 -04:00
res.status(200).json({
user: req.username,
display: req.displayname,
scope: req.scope,
key: req.key
2018-07-25 18:45:38 -04:00
});
2017-10-18 13:31:08 -04:00
});
2017-10-11 10:15:19 -04:00
module.exports = router;