Initial commit :four_leaf_clover:

3 files changed, 161 insertions, 0 deletions

diff --git a/src/api/endpoints/auth/session/generate.js b/src/api/endpoints/auth/session/generate.js
new file mode 100644
index 0000000000..bb49cf090d
--- /dev/null
+++ b/src/api/endpoints/auth/session/generate.js
@@ -0,0 +1,51 @@
+'use strict';
+
+/**
+ * Module dependencies
+ */
+import * as uuid from 'uuid';
+import App from '../../../models/app';
+import AuthSess from '../../../models/auth-session';
+
+/**
+ * Generate a session
+ *
+ * @param {Object} params
+ * @return {Promise<object>}
+ */
+module.exports = (params) =>
+	new Promise(async (res, rej) =>
+{
+	// Get 'app_secret' parameter
+	const appSecret = params.app_secret;
+	if (appSecret == null) {
+		return rej('app_secret is required');
+	}
+
+	// Lookup app
+	const app = await App.findOne({
+		secret: appSecret
+	});
+
+	if (app == null) {
+		return rej('app not found');
+	}
+
+	// Generate token
+	const token = uuid.v4();
+
+	// Create session token document
+	const inserted = await AuthSess.insert({
+		created_at: new Date(),
+		app_id: app._id,
+		token: token
+	});
+
+	const doc = inserted.ops[0];
+
+	// Response
+	res({
+		token: doc.token,
+		url: `${config.auth_url}/${doc.token}`
+	});
+});
diff --git a/src/api/endpoints/auth/session/show.js b/src/api/endpoints/auth/session/show.js
new file mode 100644
index 0000000000..67160c6993
--- /dev/null
+++ b/src/api/endpoints/auth/session/show.js
@@ -0,0 +1,36 @@
+'use strict';
+
+/**
+ * Module dependencies
+ */
+import AuthSess from '../../../models/auth-session';
+import serialize from '../../../serializers/auth-session';
+
+/**
+ * Show a session
+ *
+ * @param {Object} params
+ * @param {Object} user
+ * @return {Promise<object>}
+ */
+module.exports = (params, user) =>
+	new Promise(async (res, rej) =>
+{
+	// Get 'token' parameter
+	const token = params.token;
+	if (token == null) {
+		return rej('token is required');
+	}
+
+	// Lookup session
+	const session = await AuthSess.findOne({
+		token: token
+	});
+
+	if (session == null) {
+		return rej('session not found');
+	}
+
+	// Response
+	res(await serialize(session, user));
+});
diff --git a/src/api/endpoints/auth/session/userkey.js b/src/api/endpoints/auth/session/userkey.js
new file mode 100644
index 0000000000..2626e4ce39
--- /dev/null
+++ b/src/api/endpoints/auth/session/userkey.js
@@ -0,0 +1,74 @@
+'use strict';
+
+/**
+ * Module dependencies
+ */
+import App from '../../../models/app';
+import AuthSess from '../../../models/auth-session';
+import Userkey from '../../../models/userkey';
+import serialize from '../../../serializers/user';
+
+/**
+ * Generate a session
+ *
+ * @param {Object} params
+ * @return {Promise<object>}
+ */
+module.exports = (params) =>
+	new Promise(async (res, rej) =>
+{
+	// Get 'app_secret' parameter
+	const appSecret = params.app_secret;
+	if (appSecret == null) {
+		return rej('app_secret is required');
+	}
+
+	// Lookup app
+	const app = await App.findOne({
+		secret: appSecret
+	});
+
+	if (app == null) {
+		return rej('app not found');
+	}
+
+	// Get 'token' parameter
+	const token = params.token;
+	if (token == null) {
+		return rej('token is required');
+	}
+
+	// Fetch token
+	const session = await AuthSess
+		.findOne({
+			token: token,
+			app_id: app._id
+		});
+
+	if (session === null) {
+		return rej('session not found');
+	}
+
+	if (session.user_id == null) {
+		return rej('this session is not allowed yet');
+	}
+
+	// Lookup userkey
+	const userkey = await Userkey.findOne({
+		app_id: app._id,
+		user_id: session.user_id
+	});
+
+	// Delete session
+	AuthSess.deleteOne({
+		_id: session._id
+	});
+
+	// Response
+	res({
+		userkey: userkey.key,
+		user: await serialize(session.user_id, null, {
+			detail: true
+		})
+	});
+});