From b3f42e62af698a67c2250533c437569559f1fdf9 Mon Sep 17 00:00:00 2001 From: syuilo Date: Thu, 29 Dec 2016 07:49:51 +0900 Subject: Initial commit :four_leaf_clover: --- src/api/endpoints/auth/accept.js | 64 ++++++++++++++++++++++++++ src/api/endpoints/auth/session/generate.js | 51 ++++++++++++++++++++ src/api/endpoints/auth/session/show.js | 36 +++++++++++++++ src/api/endpoints/auth/session/userkey.js | 74 ++++++++++++++++++++++++++++++ 4 files changed, 225 insertions(+) create mode 100644 src/api/endpoints/auth/accept.js create mode 100644 src/api/endpoints/auth/session/generate.js create mode 100644 src/api/endpoints/auth/session/show.js create mode 100644 src/api/endpoints/auth/session/userkey.js (limited to 'src/api/endpoints/auth') diff --git a/src/api/endpoints/auth/accept.js b/src/api/endpoints/auth/accept.js new file mode 100644 index 0000000000..7c45650c6b --- /dev/null +++ b/src/api/endpoints/auth/accept.js @@ -0,0 +1,64 @@ +'use strict'; + +/** + * Module dependencies + */ +import rndstr from 'rndstr'; +import AuthSess from '../../models/auth-session'; +import Userkey from '../../models/userkey'; + +/** + * Accept + * + * @param {Object} params + * @param {Object} user + * @return {Promise} + */ +module.exports = (params, user) => + new Promise(async (res, rej) => +{ + // Get 'token' parameter + const token = params.token; + if (token == null) { + return rej('token is required'); + } + + // Fetch token + const session = await AuthSess + .findOne({ token: token }); + + if (session === null) { + return rej('session not found'); + } + + // Generate userkey + const key = rndstr('a-zA-Z0-9', 32); + + // Fetch exist userkey + const exist = await Userkey.findOne({ + app_id: session.app_id, + user_id: user._id, + }); + + if (exist === null) { + // Insert userkey doc + await Userkey.insert({ + created_at: new Date(), + app_id: session.app_id, + user_id: user._id, + key: key + }); + } + + // Update session + await AuthSess.updateOne({ + _id: session._id + }, { + $set: { + user_id: user._id + } + }); + + // Response + res(); +}); diff --git a/src/api/endpoints/auth/session/generate.js b/src/api/endpoints/auth/session/generate.js new file mode 100644 index 0000000000..bb49cf090d --- /dev/null +++ b/src/api/endpoints/auth/session/generate.js @@ -0,0 +1,51 @@ +'use strict'; + +/** + * Module dependencies + */ +import * as uuid from 'uuid'; +import App from '../../../models/app'; +import AuthSess from '../../../models/auth-session'; + +/** + * Generate a session + * + * @param {Object} params + * @return {Promise} + */ +module.exports = (params) => + new Promise(async (res, rej) => +{ + // Get 'app_secret' parameter + const appSecret = params.app_secret; + if (appSecret == null) { + return rej('app_secret is required'); + } + + // Lookup app + const app = await App.findOne({ + secret: appSecret + }); + + if (app == null) { + return rej('app not found'); + } + + // Generate token + const token = uuid.v4(); + + // Create session token document + const inserted = await AuthSess.insert({ + created_at: new Date(), + app_id: app._id, + token: token + }); + + const doc = inserted.ops[0]; + + // Response + res({ + token: doc.token, + url: `${config.auth_url}/${doc.token}` + }); +}); diff --git a/src/api/endpoints/auth/session/show.js b/src/api/endpoints/auth/session/show.js new file mode 100644 index 0000000000..67160c6993 --- /dev/null +++ b/src/api/endpoints/auth/session/show.js @@ -0,0 +1,36 @@ +'use strict'; + +/** + * Module dependencies + */ +import AuthSess from '../../../models/auth-session'; +import serialize from '../../../serializers/auth-session'; + +/** + * Show a session + * + * @param {Object} params + * @param {Object} user + * @return {Promise} + */ +module.exports = (params, user) => + new Promise(async (res, rej) => +{ + // Get 'token' parameter + const token = params.token; + if (token == null) { + return rej('token is required'); + } + + // Lookup session + const session = await AuthSess.findOne({ + token: token + }); + + if (session == null) { + return rej('session not found'); + } + + // Response + res(await serialize(session, user)); +}); diff --git a/src/api/endpoints/auth/session/userkey.js b/src/api/endpoints/auth/session/userkey.js new file mode 100644 index 0000000000..2626e4ce39 --- /dev/null +++ b/src/api/endpoints/auth/session/userkey.js @@ -0,0 +1,74 @@ +'use strict'; + +/** + * Module dependencies + */ +import App from '../../../models/app'; +import AuthSess from '../../../models/auth-session'; +import Userkey from '../../../models/userkey'; +import serialize from '../../../serializers/user'; + +/** + * Generate a session + * + * @param {Object} params + * @return {Promise} + */ +module.exports = (params) => + new Promise(async (res, rej) => +{ + // Get 'app_secret' parameter + const appSecret = params.app_secret; + if (appSecret == null) { + return rej('app_secret is required'); + } + + // Lookup app + const app = await App.findOne({ + secret: appSecret + }); + + if (app == null) { + return rej('app not found'); + } + + // Get 'token' parameter + const token = params.token; + if (token == null) { + return rej('token is required'); + } + + // Fetch token + const session = await AuthSess + .findOne({ + token: token, + app_id: app._id + }); + + if (session === null) { + return rej('session not found'); + } + + if (session.user_id == null) { + return rej('this session is not allowed yet'); + } + + // Lookup userkey + const userkey = await Userkey.findOne({ + app_id: app._id, + user_id: session.user_id + }); + + // Delete session + AuthSess.deleteOne({ + _id: session._id + }); + + // Response + res({ + userkey: userkey.key, + user: await serialize(session.user_id, null, { + detail: true + }) + }); +}); -- cgit v1.2.3-freya