diff options
| author | syuilo <Syuilotan@yahoo.co.jp> | 2018-03-29 14:51:06 +0900 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-03-29 14:51:06 +0900 |
| commit | 0b5597c873d2d9d45be94a18e1b74f44d9925185 (patch) | |
| tree | 8b4dac3a56cf703650c8207f9279028a8560a96b /src/server/api/endpoints/auth/session/userkey.ts | |
| parent | oops (diff) | |
| parent | Resolve conflicts (diff) | |
| download | sharkey-0b5597c873d2d9d45be94a18e1b74f44d9925185.tar.gz sharkey-0b5597c873d2d9d45be94a18e1b74f44d9925185.tar.bz2 sharkey-0b5597c873d2d9d45be94a18e1b74f44d9925185.zip | |
Merge pull request #1332 from syuilo/pr/1327
Pr/1327
Diffstat (limited to 'src/server/api/endpoints/auth/session/userkey.ts')
| -rw-r--r-- | src/server/api/endpoints/auth/session/userkey.ts | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/src/server/api/endpoints/auth/session/userkey.ts b/src/server/api/endpoints/auth/session/userkey.ts new file mode 100644 index 0000000000..5d9983af67 --- /dev/null +++ b/src/server/api/endpoints/auth/session/userkey.ts @@ -0,0 +1,109 @@ +/** + * Module dependencies + */ +import $ from 'cafy'; +import App from '../../../models/app'; +import AuthSess from '../../../models/auth-session'; +import AccessToken from '../../../models/access-token'; +import { pack } from '../../../models/user'; + +/** + * @swagger + * /auth/session/userkey: + * post: + * summary: Get an access token(userkey) + * parameters: + * - + * name: appSecret + * description: App Secret + * in: formData + * required: true + * type: string + * - + * name: token + * description: Session Token + * in: formData + * required: true + * type: string + * + * responses: + * 200: + * description: OK + * schema: + * type: object + * properties: + * userkey: + * type: string + * description: Access Token + * user: + * $ref: "#/definitions/User" + * default: + * description: Failed + * schema: + * $ref: "#/definitions/Error" + */ + +/** + * Generate a session + * + * @param {any} params + * @return {Promise<any>} + */ +module.exports = (params) => new Promise(async (res, rej) => { + // Get 'appSecret' parameter + const [appSecret, appSecretErr] = $(params.appSecret).string().$; + if (appSecretErr) return rej('invalid appSecret param'); + + // Lookup app + const app = await App.findOne({ + secret: appSecret + }); + + if (app == null) { + return rej('app not found'); + } + + // Get 'token' parameter + const [token, tokenErr] = $(params.token).string().$; + if (tokenErr) return rej('invalid token param'); + + // Fetch token + const session = await AuthSess + .findOne({ + token: token, + appId: app._id + }); + + if (session === null) { + return rej('session not found'); + } + + if (session.userId == null) { + return rej('this session is not allowed yet'); + } + + // Lookup access token + const accessToken = await AccessToken.findOne({ + appId: app._id, + userId: session.userId + }); + + // Delete session + + /* https://github.com/Automattic/monk/issues/178 + AuthSess.deleteOne({ + _id: session._id + }); + */ + AuthSess.remove({ + _id: session._id + }); + + // Response + res({ + accessToken: accessToken.token, + user: await pack(session.userId, null, { + detail: true + }) + }); +}); |