wip

1 files changed, 80 insertions, 0 deletions

diff --git a/src/api/endpoints/auth/session/generate.ts b/src/api/endpoints/auth/session/generate.ts
new file mode 100644
index 0000000000..6e730123c1
--- /dev/null
+++ b/src/api/endpoints/auth/session/generate.ts
@@ -0,0 +1,80 @@
+'use strict';
+
+/**
+ * Module dependencies
+ */
+import * as uuid from 'uuid';
+import it from '../../../it';
+import App from '../../../models/app';
+import AuthSess from '../../../models/auth-session';
+import config from '../../../../conf';
+
+/**
+ * @swagger
+ * /auth/session/generate:
+ *   post:
+ *     summary: Generate a session
+ *     parameters:
+ *       -
+ *         name: app_secret
+ *         description: App Secret
+ *         in: formData
+ *         required: true
+ *         type: string
+ *
+ *     responses:
+ *       200:
+ *         description: OK
+ *         schema:
+ *           type: object
+ *           properties:
+ *             token:
+ *               type: string
+ *               description: Session Token
+ *             url:
+ *               type: string
+ *               description: Authentication form's URL
+ *       default:
+ *         description: Failed
+ *         schema:
+ *           $ref: "#/definitions/Error"
+ */
+
+/**
+ * Generate a session
+ *
+ * @param {any} params
+ * @return {Promise<any>}
+ */
+module.exports = (params) =>
+	new Promise(async (res, rej) =>
+{
+	// Get 'app_secret' parameter
+	const [appSecret, appSecretErr] = it(params.app_secret).expect.string().required().qed();
+	if (appSecretErr) return rej('invalid app_secret param');
+
+	// Lookup app
+	const app = await App.findOne({
+		secret: appSecret
+	});
+
+	if (app == null) {
+		return rej('app not found');
+	}
+
+	// Generate token
+	const token = uuid.v4();
+
+	// Create session token document
+	const doc = await AuthSess.insert({
+		created_at: new Date(),
+		app_id: app._id,
+		token: token
+	});
+
+	// Response
+	res({
+		token: doc.token,
+		url: `${config.auth_url}/${doc.token}`
+	});
+});