foltik
/
shimapan
ミラー元 https://github.com/Foltik/Shimapan
1
0
フォーク 0
コード 課題 0 リリース 0 Wiki アクティビティ
A simple file sharing site with an easy to use API and online panel.
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。
242 コミット
2 ブランチ
29MB
ツリー: 19d8d026fe
ブランチ タグ
${ item.name }
ブランチ ${ searchTerm } を作成
'19d8d026fe' から
${ noResults }
shimapan/app/routes/api/auth.js

132 行
4.2KB
Raw Blame 履歴 

  1. const express = require('express');

  2. const router = express.Router();

  3. const config = require('config');

  4. const fs = require('fs').promises;

  5. 

  6. const ModelPath = '../../models/';

  7. const User = require(ModelPath + 'User.js');

  8. const Invite = require(ModelPath + 'Invite.js');

  9. 

  10. const passport = require('passport');

  11. 

  12. const canonicalizeRequest = require('../../util/canonicalize').canonicalizeRequest;

  13. const requireAuth = require('../../util/auth').requireAuth;

  14. const wrap = require('../../util/wrap.js');

  15. const bodyVerifier = require('../../util/verifyBody').bodyVerifier;

  16. 

  17. // Wraps passport.authenticate to return a promise

  18. const authenticate = (req, res, next) => {

  19.     return new Promise((resolve) => {

  20.         passport.authenticate('local', (err, user) => {

  21.             resolve(user);

  22.         })(req, res, next);

  23.     });

  24. };

  25. 

  26. // Wraps passport session creation for async usage

  27. const login = (user, req) => {

  28.     return new Promise((resolve) => {

  29.         req.login(user, resolve);

  30.     });

  31. };

  32. 

  33. // Query the database for a valid invite code. An error message property is set if invalid.

  34. const validateInvite = wrap(async (req, res, next) => {

  35.     const invite = await Invite.findOne({code: req.body.invite}).catch(next);

  36. 

  37.     if (!invite) {

  38.         // Log failure

  39.         await fs.appendFile('auth.log', `${new Date().toISOString()} register ${req.connection.remoteAddress}`);

  40.         return res.status(422).json({message: 'Invalid invite code.'});

  41.     }

  42. 

  43.     if (invite.used)

  44.         return res.status(422).json({message: 'Invite already used.'});

  45. 

  46.     if (invite.expires != null && invite.expires < Date.now())

  47.         return res.status(422).json({message: 'Invite expired.'});

  48. 

  49.     req.invite = invite;

  50.     next();

  51. });

  52. 

  53. // Check if the requested username is valid

  54. const validateUsername = wrap(async (req, res, next) => {

  55.     const username = req.body.username;

  56. 

  57.     const count = await User.countDocuments({username: username}).catch(next);

  58.     if (count !== 0)

  59.         return res.status(422).json({message: 'Username in use.'});

  60. 

  61.     next();

  62. });

  63. 

  64. const registerProps = [

  65.     {

  66.         name: 'displayname',

  67.         type: 'string',

  68.         maxLength: config.get('User.Username.maxLength'),

  69.         sanitize: true,

  70.         restrict: new RegExp(config.get('User.Username.restrictedChars')),

  71.     },

  72.     {name: 'password', type: 'string'},

  73.     {name: 'invite', type: 'string'}];

  74. router.post('/register',

  75.     bodyVerifier(registerProps), canonicalizeRequest,

  76.     validateInvite, validateUsername,

  77.     wrap(async (req, res, next) => {

  78.     // Update the database

  79.     await Promise.all([

  80.         User.register({

  81.             username: req.body.username,

  82.             displayname: req.body.displayname,

  83.             scope: req.invite.scope,

  84.             date: Date.now()

  85.         }, req.body.password).catch(next),

  86.         Invite.updateOne({code: req.invite.code}, {recipient: req.body.username, used: Date.now()}).catch(next)

  87.     ]);

  88. 

  89.     res.status(200).json({'message': 'Registration successful.'});

  90. }));

  91. 

  92. const loginProps = [

  93.     {name: 'username', type: 'string', optional: true},

  94.     {name: 'displayname', type: 'string', optional: true},

  95.     {name: 'password', type: 'string'}];

  96. router.post('/login', bodyVerifier(loginProps), canonicalizeRequest, wrap(async (req, res, next) => {

  97.     // Authenticate

  98.     const user = await authenticate(req, res, next);

  99.     if (!user) {

  100.         // Log failure

  101.         await fs.appendFile('auth.log', `${new Date().toISOString()} login ${req.connection.remoteAddress}`);

  102.         return res.status(401).json({'message': 'Unauthorized.'});

  103.     }

  104. 

  105.     // Create session

  106.     await login(user, req);

  107. 

  108.     // Set session vars

  109.     req.session.passport.displayname = user.displayname;

  110.     req.session.passport.scope = user.scope;

  111. 

  112.     res.status(200).json({'message': 'Logged in.'});

  113. }));

  114. 

  115. router.post('/logout', function (req, res) {

  116.     if (!req.isAuthenticated())

  117.         return res.status(400).json({message: 'Not logged in.'});

  118. 

  119.     req.logout();

  120.     res.status(200).json({'message': 'Logged out.'});

  121. });

  122. 

  123. router.get('/whoami', requireAuth(), (req, res) => {

  124.     res.status(200).json({

  125.         username: req.username,

  126.         displayname: req.displayname,

  127.         scope: req.scope,

  128.         key: req.key

  129.     });

  130. });

  131. 

  132. module.exports = router;