diff options
| author | Tosuke <tasukeprg@gmail.com> | 2017-01-06 14:39:24 +0900 |
|---|---|---|
| committer | Tosuke <tasukeprg@gmail.com> | 2017-01-06 14:39:24 +0900 |
| commit | 0420fee5d2c6a944a7b2cf13307dfadce9796b59 (patch) | |
| tree | d8c361b2c340c03927a5a417e5a91b3ab58db34b /src/api/endpoints/auth | |
| parent | [Swagger]Add /auth/accept (diff) | |
| parent | Update changelog (diff) | |
| download | sharkey-0420fee5d2c6a944a7b2cf13307dfadce9796b59.tar.gz sharkey-0420fee5d2c6a944a7b2cf13307dfadce9796b59.tar.bz2 sharkey-0420fee5d2c6a944a7b2cf13307dfadce9796b59.zip | |
Merge branch 'master' of github.com:syuilo/misskey into swagger
Diffstat (limited to 'src/api/endpoints/auth')
| -rw-r--r-- | src/api/endpoints/auth/accept.js | 35 | ||||
| -rw-r--r-- | src/api/endpoints/auth/session/userkey.js | 8 |
2 files changed, 28 insertions, 15 deletions
diff --git a/src/api/endpoints/auth/accept.js b/src/api/endpoints/auth/accept.js index e584513c05..d60d95aea3 100644 --- a/src/api/endpoints/auth/accept.js +++ b/src/api/endpoints/auth/accept.js @@ -4,8 +4,10 @@ * Module dependencies */ import rndstr from 'rndstr'; +const crypto = require('crypto'); +import App from '../../models/app'; import AuthSess from '../../models/auth-session'; -import Userkey from '../../models/userkey'; +import AccessToken from '../../models/access-token'; /** * @swagger @@ -41,35 +43,46 @@ module.exports = (params, user) => new Promise(async (res, rej) => { // Get 'token' parameter - const token = params.token; - if (token == null) { + const sesstoken = params.token; + if (sesstoken == null) { return rej('token is required'); } // Fetch token const session = await AuthSess - .findOne({ token: token }); + .findOne({ token: sesstoken }); if (session === null) { return rej('session not found'); } - // Generate userkey - const key = rndstr('a-zA-Z0-9', 32); + // Generate access token + const token = rndstr('a-zA-Z0-9', 32); - // Fetch exist userkey - const exist = await Userkey.findOne({ + // Fetch exist access token + const exist = await AccessToken.findOne({ app_id: session.app_id, user_id: user._id, }); if (exist === null) { - // Insert userkey doc - await Userkey.insert({ + // Lookup app + const app = await App.findOne({ + app_id: session.app_id + }); + + // Generate Hash + const sha512 = crypto.createHash('sha512'); + sha512.update(token + app.secret); + const hash = sha512.digest('hex'); + + // Insert access token doc + await AccessToken.insert({ created_at: new Date(), app_id: session.app_id, user_id: user._id, - key: key + token: token, + hash: hash }); } diff --git a/src/api/endpoints/auth/session/userkey.js b/src/api/endpoints/auth/session/userkey.js index 73fa643c9c..9252046e57 100644 --- a/src/api/endpoints/auth/session/userkey.js +++ b/src/api/endpoints/auth/session/userkey.js @@ -5,7 +5,7 @@ */ import App from '../../../models/app'; import AuthSess from '../../../models/auth-session'; -import Userkey from '../../../models/userkey'; +import AccessToken from '../../../models/access-token'; import serialize from '../../../serializers/user'; /** @@ -89,8 +89,8 @@ module.exports = (params) => return rej('this session is not allowed yet'); } - // Lookup userkey - const userkey = await Userkey.findOne({ + // Lookup access token + const accessToken = await AccessToken.findOne({ app_id: app._id, user_id: session.user_id }); @@ -102,7 +102,7 @@ module.exports = (params) => // Response res({ - userkey: userkey.key, + access_token: accessToken.token, user: await serialize(session.user_id, null, { detail: true }) |