Merge branch 'master' of github.com:syuilo/misskey into swagger

3 files changed, 44 insertions, 21 deletions

diff --git a/src/api/endpoints/auth/accept.js b/src/api/endpoints/auth/accept.js
index e584513c05..d60d95aea3 100644
--- a/src/api/endpoints/auth/accept.js
+++ b/src/api/endpoints/auth/accept.js
@@ -4,8 +4,10 @@
  * Module dependencies
  */
 import rndstr from 'rndstr';
+const crypto = require('crypto');
+import App from '../../models/app';
 import AuthSess from '../../models/auth-session';
-import Userkey from '../../models/userkey';
+import AccessToken from '../../models/access-token';
 
 /**
  * @swagger
@@ -41,35 +43,46 @@ module.exports = (params, user) =>
 	new Promise(async (res, rej) =>
 {
 	// Get 'token' parameter
-	const token = params.token;
-	if (token == null) {
+	const sesstoken = params.token;
+	if (sesstoken == null) {
 		return rej('token is required');
 	}
 
 	// Fetch token
 	const session = await AuthSess
-		.findOne({ token: token });
+		.findOne({ token: sesstoken });
 
 	if (session === null) {
 		return rej('session not found');
 	}
 
-	// Generate userkey
-	const key = rndstr('a-zA-Z0-9', 32);
+	// Generate access token
+	const token = rndstr('a-zA-Z0-9', 32);
 
-	// Fetch exist userkey
-	const exist = await Userkey.findOne({
+	// Fetch exist access token
+	const exist = await AccessToken.findOne({
 		app_id: session.app_id,
 		user_id: user._id,
 	});
 
 	if (exist === null) {
-		// Insert userkey doc
-		await Userkey.insert({
+		// Lookup app
+		const app = await App.findOne({
+			app_id: session.app_id
+		});
+
+		// Generate Hash
+		const sha512 = crypto.createHash('sha512');
+		sha512.update(token + app.secret);
+		const hash = sha512.digest('hex');
+
+		// Insert access token doc
+		await AccessToken.insert({
 			created_at: new Date(),
 			app_id: session.app_id,
 			user_id: user._id,
-			key: key
+			token: token,
+			hash: hash
 		});
 	}
 
diff --git a/src/api/endpoints/auth/session/userkey.js b/src/api/endpoints/auth/session/userkey.js
index 73fa643c9c..9252046e57 100644
--- a/src/api/endpoints/auth/session/userkey.js
+++ b/src/api/endpoints/auth/session/userkey.js
@@ -5,7 +5,7 @@
  */
 import App from '../../../models/app';
 import AuthSess from '../../../models/auth-session';
-import Userkey from '../../../models/userkey';
+import AccessToken from '../../../models/access-token';
 import serialize from '../../../serializers/user';
 
 /**
@@ -89,8 +89,8 @@ module.exports = (params) =>
 		return rej('this session is not allowed yet');
 	}
 
-	// Lookup userkey
-	const userkey = await Userkey.findOne({
+	// Lookup access token
+	const accessToken = await AccessToken.findOne({
 		app_id: app._id,
 		user_id: session.user_id
 	});
@@ -102,7 +102,7 @@ module.exports = (params) =>
 
 	// Response
 	res({
-		userkey: userkey.key,
+		access_token: accessToken.token,
 		user: await serialize(session.user_id, null, {
 			detail: true
 		})
diff --git a/src/api/endpoints/users/posts.js b/src/api/endpoints/users/posts.js
index 6d6f8a6904..1b8dfe031b 100644
--- a/src/api/endpoints/users/posts.js
+++ b/src/api/endpoints/users/posts.js
@@ -19,9 +19,19 @@ module.exports = (params, me) =>
 	new Promise(async (res, rej) =>
 {
 	// Get 'user_id' parameter
-	const userId = params.user_id;
-	if (userId === undefined || userId === null) {
-		return rej('user_id is required');
+	let userId = params.user_id;
+	if (userId === undefined || userId === null || userId === '') {
+		userId = null;
+	}
+
+	// Get 'username' parameter
+	let username = params.username;
+	if (username === undefined || username === null || username === '') {
+		username = null;
+	}
+
+	if (userId === null && username === null) {
+		return rej('user_id or username is required');
 	}
 
 	// Get 'with_replies' parameter
@@ -62,9 +72,9 @@ module.exports = (params, me) =>
 	}
 
 	// Lookup user
-	const user = await User.findOne({
-		_id: new mongo.ObjectID(userId)
-	});
+	const user = userId !== null
+		? await User.findOne({ _id: new mongo.ObjectID(userId) })
+		: await User.findOne({ username_lower: username.toLowerCase() });
 
 	if (user === null) {
 		return rej('user not found');