wip

1 files changed, 7 insertions, 8 deletions

diff --git a/src/api/endpoints/auth/accept.js b/src/api/endpoints/auth/accept.ts
index 1c0b100948..2c104ef1c6 100644
--- a/src/api/endpoints/auth/accept.js
+++ b/src/api/endpoints/auth/accept.ts
@@ -5,6 +5,7 @@
  */
 import rndstr from 'rndstr';
 const crypto = require('crypto');
+import it from '../../it';
 import App from '../../models/app';
 import AuthSess from '../../models/auth-session';
 import AccessToken from '../../models/access-token';
@@ -43,21 +44,19 @@ module.exports = (params, user) =>
 	new Promise(async (res, rej) =>
 {
 	// Get 'token' parameter
-	const sesstoken = params.token;
-	if (sesstoken == null) {
-		return rej('token is required');
-	}
+	const [token, tokenErr] = it(params.token).expect.string().required().qed();
+	if (tokenErr) return rej('invalid token param');
 
 	// Fetch token
 	const session = await AuthSess
-		.findOne({ token: sesstoken });
+		.findOne({ token: token });
 
 	if (session === null) {
 		return rej('session not found');
 	}
 
 	// Generate access token
-	const token = rndstr('a-zA-Z0-9', 32);
+	const accessToken = rndstr('a-zA-Z0-9', 32);
 
 	// Fetch exist access token
 	const exist = await AccessToken.findOne({
@@ -73,7 +72,7 @@ module.exports = (params, user) =>
 
 		// Generate Hash
 		const sha256 = crypto.createHash('sha256');
-		sha256.update(token + app.secret);
+		sha256.update(accessToken + app.secret);
 		const hash = sha256.digest('hex');
 
 		// Insert access token doc
@@ -81,7 +80,7 @@ module.exports = (params, user) =>
 			created_at: new Date(),
 			app_id: session.app_id,
 			user_id: user._id,
-			token: token,
+			token: accessToken,
 			hash: hash
 		});
 	}