diff options
| author | Akihiko Odaki <nekomanma@pixiv.co.jp> | 2018-03-29 01:20:40 +0900 |
|---|---|---|
| committer | Akihiko Odaki <nekomanma@pixiv.co.jp> | 2018-03-29 01:54:41 +0900 |
| commit | 90f8fe7e538bb7e52d2558152a0390e693f39b11 (patch) | |
| tree | 0f830887053c8f352b1cd0c13ca715fd14c1f030 /src/server/api/endpoints/auth/session/userkey.ts | |
| parent | Implement remote account resolution (diff) | |
| download | sharkey-90f8fe7e538bb7e52d2558152a0390e693f39b11.tar.gz sharkey-90f8fe7e538bb7e52d2558152a0390e693f39b11.tar.bz2 sharkey-90f8fe7e538bb7e52d2558152a0390e693f39b11.zip | |
Introduce processor
Diffstat (limited to 'src/server/api/endpoints/auth/session/userkey.ts')
| -rw-r--r-- | src/server/api/endpoints/auth/session/userkey.ts | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/src/server/api/endpoints/auth/session/userkey.ts b/src/server/api/endpoints/auth/session/userkey.ts new file mode 100644 index 0000000000..fc989bf8c2 --- /dev/null +++ b/src/server/api/endpoints/auth/session/userkey.ts @@ -0,0 +1,109 @@ +/** + * Module dependencies + */ +import $ from 'cafy'; +import App from '../../../models/app'; +import AuthSess from '../../../models/auth-session'; +import AccessToken from '../../../models/access-token'; +import { pack } from '../../../models/user'; + +/** + * @swagger + * /auth/session/userkey: + * post: + * summary: Get an access token(userkey) + * parameters: + * - + * name: app_secret + * description: App Secret + * in: formData + * required: true + * type: string + * - + * name: token + * description: Session Token + * in: formData + * required: true + * type: string + * + * responses: + * 200: + * description: OK + * schema: + * type: object + * properties: + * userkey: + * type: string + * description: Access Token + * user: + * $ref: "#/definitions/User" + * default: + * description: Failed + * schema: + * $ref: "#/definitions/Error" + */ + +/** + * Generate a session + * + * @param {any} params + * @return {Promise<any>} + */ +module.exports = (params) => new Promise(async (res, rej) => { + // Get 'app_secret' parameter + const [appSecret, appSecretErr] = $(params.app_secret).string().$; + if (appSecretErr) return rej('invalid app_secret param'); + + // Lookup app + const app = await App.findOne({ + secret: appSecret + }); + + if (app == null) { + return rej('app not found'); + } + + // Get 'token' parameter + const [token, tokenErr] = $(params.token).string().$; + if (tokenErr) return rej('invalid token param'); + + // Fetch token + const session = await AuthSess + .findOne({ + token: token, + app_id: app._id + }); + + if (session === null) { + return rej('session not found'); + } + + if (session.user_id == null) { + return rej('this session is not allowed yet'); + } + + // Lookup access token + const accessToken = await AccessToken.findOne({ + app_id: app._id, + user_id: session.user_id + }); + + // Delete session + + /* https://github.com/Automattic/monk/issues/178 + AuthSess.deleteOne({ + _id: session._id + }); + */ + AuthSess.remove({ + _id: session._id + }); + + // Response + res({ + access_token: accessToken.token, + user: await pack(session.user_id, null, { + detail: true + }) + }); +}); |