summaryrefslogtreecommitdiff
path: root/src/server/api/endpoints/auth/session/userkey.ts
diff options
context:
space:
mode:
Diffstat (limited to 'src/server/api/endpoints/auth/session/userkey.ts')
-rw-r--r--src/server/api/endpoints/auth/session/userkey.ts109
1 files changed, 109 insertions, 0 deletions
diff --git a/src/server/api/endpoints/auth/session/userkey.ts b/src/server/api/endpoints/auth/session/userkey.ts
new file mode 100644
index 0000000000..fc989bf8c2
--- /dev/null
+++ b/src/server/api/endpoints/auth/session/userkey.ts
@@ -0,0 +1,109 @@
+/**
+ * Module dependencies
+ */
+import $ from 'cafy';
+import App from '../../../models/app';
+import AuthSess from '../../../models/auth-session';
+import AccessToken from '../../../models/access-token';
+import { pack } from '../../../models/user';
+
+/**
+ * @swagger
+ * /auth/session/userkey:
+ * post:
+ * summary: Get an access token(userkey)
+ * parameters:
+ * -
+ * name: app_secret
+ * description: App Secret
+ * in: formData
+ * required: true
+ * type: string
+ * -
+ * name: token
+ * description: Session Token
+ * in: formData
+ * required: true
+ * type: string
+ *
+ * responses:
+ * 200:
+ * description: OK
+ * schema:
+ * type: object
+ * properties:
+ * userkey:
+ * type: string
+ * description: Access Token
+ * user:
+ * $ref: "#/definitions/User"
+ * default:
+ * description: Failed
+ * schema:
+ * $ref: "#/definitions/Error"
+ */
+
+/**
+ * Generate a session
+ *
+ * @param {any} params
+ * @return {Promise<any>}
+ */
+module.exports = (params) => new Promise(async (res, rej) => {
+ // Get 'app_secret' parameter
+ const [appSecret, appSecretErr] = $(params.app_secret).string().$;
+ if (appSecretErr) return rej('invalid app_secret param');
+
+ // Lookup app
+ const app = await App.findOne({
+ secret: appSecret
+ });
+
+ if (app == null) {
+ return rej('app not found');
+ }
+
+ // Get 'token' parameter
+ const [token, tokenErr] = $(params.token).string().$;
+ if (tokenErr) return rej('invalid token param');
+
+ // Fetch token
+ const session = await AuthSess
+ .findOne({
+ token: token,
+ app_id: app._id
+ });
+
+ if (session === null) {
+ return rej('session not found');
+ }
+
+ if (session.user_id == null) {
+ return rej('this session is not allowed yet');
+ }
+
+ // Lookup access token
+ const accessToken = await AccessToken.findOne({
+ app_id: app._id,
+ user_id: session.user_id
+ });
+
+ // Delete session
+
+ /* https://github.com/Automattic/monk/issues/178
+ AuthSess.deleteOne({
+ _id: session._id
+ });
+ */
+ AuthSess.remove({
+ _id: session._id
+ });
+
+ // Response
+ res({
+ access_token: accessToken.token,
+ user: await pack(session.user_id, null, {
+ detail: true
+ })
+ });
+});
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-03 15:55:14 +0000