diff options
| author | syuilo <syuilotan@yahoo.co.jp> | 2017-03-03 19:39:41 +0900 |
|---|---|---|
| committer | syuilo <syuilotan@yahoo.co.jp> | 2017-03-03 19:39:41 +0900 |
| commit | d1557bcae8abc45ea655d2fe0cdb6732a0207aa0 (patch) | |
| tree | 56bb4b981df8d00c3d684352f3ee5b5057ee2a7e /src/api/endpoints/auth/session/userkey.ts | |
| parent | wip (diff) | |
| download | sharkey-d1557bcae8abc45ea655d2fe0cdb6732a0207aa0.tar.gz sharkey-d1557bcae8abc45ea655d2fe0cdb6732a0207aa0.tar.bz2 sharkey-d1557bcae8abc45ea655d2fe0cdb6732a0207aa0.zip | |
wip
Diffstat (limited to 'src/api/endpoints/auth/session/userkey.ts')
| -rw-r--r-- | src/api/endpoints/auth/session/userkey.ts | 112 |
1 files changed, 112 insertions, 0 deletions
diff --git a/src/api/endpoints/auth/session/userkey.ts b/src/api/endpoints/auth/session/userkey.ts new file mode 100644 index 0000000000..fdb8c26d4e --- /dev/null +++ b/src/api/endpoints/auth/session/userkey.ts @@ -0,0 +1,112 @@ +'use strict'; + +/** + * Module dependencies + */ +import it from '../../../it'; +import App from '../../../models/app'; +import AuthSess from '../../../models/auth-session'; +import AccessToken from '../../../models/access-token'; +import serialize from '../../../serializers/user'; + +/** + * @swagger + * /auth/session/userkey: + * post: + * summary: Get an access token(userkey) + * parameters: + * - + * name: app_secret + * description: App Secret + * in: formData + * required: true + * type: string + * - + * name: token + * description: Session Token + * in: formData + * required: true + * type: string + * + * responses: + * 200: + * description: OK + * schema: + * type: object + * properties: + * userkey: + * type: string + * description: Access Token + * user: + * $ref: "#/definitions/User" + * default: + * description: Failed + * schema: + * $ref: "#/definitions/Error" + */ + +/** + * Generate a session + * + * @param {any} params + * @return {Promise<any>} + */ +module.exports = (params) => + new Promise(async (res, rej) => { + // Get 'app_secret' parameter + const [appSecret, appSecretErr] = it(params.app_secret).expect.string().required().qed(); + if (appSecretErr) return rej('invalid app_secret param'); + + // Lookup app + const app = await App.findOne({ + secret: appSecret + }); + + if (app == null) { + return rej('app not found'); + } + + // Get 'token' parameter + const [token, tokenErr] = it(params.token).expect.string().required().qed(); + if (tokenErr) return rej('invalid token param'); + + // Fetch token + const session = await AuthSess + .findOne({ + token: token, + app_id: app._id + }); + + if (session === null) { + return rej('session not found'); + } + + if (session.user_id == null) { + return rej('this session is not allowed yet'); + } + + // Lookup access token + const accessToken = await AccessToken.findOne({ + app_id: app._id, + user_id: session.user_id + }); + + // Delete session + + /* https://github.com/Automattic/monk/issues/178 + AuthSess.deleteOne({ + _id: session._id + }); + */ + AuthSess.remove({ + _id: session._id + }); + + // Response + res({ + access_token: accessToken.token, + user: await serialize(session.user_id, null, { + detail: true + }) + }); + }); |