From d1557bcae8abc45ea655d2fe0cdb6732a0207aa0 Mon Sep 17 00:00:00 2001 From: syuilo Date: Fri, 3 Mar 2017 19:39:41 +0900 Subject: wip --- src/api/endpoints/auth/accept.js | 98 ------------------------ src/api/endpoints/auth/accept.ts | 97 ++++++++++++++++++++++++ src/api/endpoints/auth/session/generate.js | 81 -------------------- src/api/endpoints/auth/session/generate.ts | 80 ++++++++++++++++++++ src/api/endpoints/auth/session/show.js | 76 ------------------- src/api/endpoints/auth/session/show.ts | 75 +++++++++++++++++++ src/api/endpoints/auth/session/userkey.js | 115 ----------------------------- src/api/endpoints/auth/session/userkey.ts | 112 ++++++++++++++++++++++++++++ 8 files changed, 364 insertions(+), 370 deletions(-) delete mode 100644 src/api/endpoints/auth/accept.js create mode 100644 src/api/endpoints/auth/accept.ts delete mode 100644 src/api/endpoints/auth/session/generate.js create mode 100644 src/api/endpoints/auth/session/generate.ts delete mode 100644 src/api/endpoints/auth/session/show.js create mode 100644 src/api/endpoints/auth/session/show.ts delete mode 100644 src/api/endpoints/auth/session/userkey.js create mode 100644 src/api/endpoints/auth/session/userkey.ts (limited to 'src/api') diff --git a/src/api/endpoints/auth/accept.js b/src/api/endpoints/auth/accept.js deleted file mode 100644 index 1c0b100948..0000000000 --- a/src/api/endpoints/auth/accept.js +++ /dev/null @@ -1,98 +0,0 @@ -'use strict'; - -/** - * Module dependencies - */ -import rndstr from 'rndstr'; -const crypto = require('crypto'); -import App from '../../models/app'; -import AuthSess from '../../models/auth-session'; -import AccessToken from '../../models/access-token'; - -/** - * @swagger - * /auth/accept: - * post: - * summary: Accept a session - * parameters: - * - $ref: "#/parameters/NativeToken" - * - - * name: token - * description: Session Token - * in: formData - * required: true - * type: string - * responses: - * 204: - * description: OK - * - * default: - * description: Failed - * schema: - * $ref: "#/definitions/Error" - */ - -/** - * Accept - * - * @param {any} params - * @param {any} user - * @return {Promise} - */ -module.exports = (params, user) => - new Promise(async (res, rej) => -{ - // Get 'token' parameter - const sesstoken = params.token; - if (sesstoken == null) { - return rej('token is required'); - } - - // Fetch token - const session = await AuthSess - .findOne({ token: sesstoken }); - - if (session === null) { - return rej('session not found'); - } - - // Generate access token - const token = rndstr('a-zA-Z0-9', 32); - - // Fetch exist access token - const exist = await AccessToken.findOne({ - app_id: session.app_id, - user_id: user._id, - }); - - if (exist === null) { - // Lookup app - const app = await App.findOne({ - _id: session.app_id - }); - - // Generate Hash - const sha256 = crypto.createHash('sha256'); - sha256.update(token + app.secret); - const hash = sha256.digest('hex'); - - // Insert access token doc - await AccessToken.insert({ - created_at: new Date(), - app_id: session.app_id, - user_id: user._id, - token: token, - hash: hash - }); - } - - // Update session - await AuthSess.update(session._id, { - $set: { - user_id: user._id - } - }); - - // Response - res(); -}); diff --git a/src/api/endpoints/auth/accept.ts b/src/api/endpoints/auth/accept.ts new file mode 100644 index 0000000000..2c104ef1c6 --- /dev/null +++ b/src/api/endpoints/auth/accept.ts @@ -0,0 +1,97 @@ +'use strict'; + +/** + * Module dependencies + */ +import rndstr from 'rndstr'; +const crypto = require('crypto'); +import it from '../../it'; +import App from '../../models/app'; +import AuthSess from '../../models/auth-session'; +import AccessToken from '../../models/access-token'; + +/** + * @swagger + * /auth/accept: + * post: + * summary: Accept a session + * parameters: + * - $ref: "#/parameters/NativeToken" + * - + * name: token + * description: Session Token + * in: formData + * required: true + * type: string + * responses: + * 204: + * description: OK + * + * default: + * description: Failed + * schema: + * $ref: "#/definitions/Error" + */ + +/** + * Accept + * + * @param {any} params + * @param {any} user + * @return {Promise} + */ +module.exports = (params, user) => + new Promise(async (res, rej) => +{ + // Get 'token' parameter + const [token, tokenErr] = it(params.token).expect.string().required().qed(); + if (tokenErr) return rej('invalid token param'); + + // Fetch token + const session = await AuthSess + .findOne({ token: token }); + + if (session === null) { + return rej('session not found'); + } + + // Generate access token + const accessToken = rndstr('a-zA-Z0-9', 32); + + // Fetch exist access token + const exist = await AccessToken.findOne({ + app_id: session.app_id, + user_id: user._id, + }); + + if (exist === null) { + // Lookup app + const app = await App.findOne({ + _id: session.app_id + }); + + // Generate Hash + const sha256 = crypto.createHash('sha256'); + sha256.update(accessToken + app.secret); + const hash = sha256.digest('hex'); + + // Insert access token doc + await AccessToken.insert({ + created_at: new Date(), + app_id: session.app_id, + user_id: user._id, + token: accessToken, + hash: hash + }); + } + + // Update session + await AuthSess.update(session._id, { + $set: { + user_id: user._id + } + }); + + // Response + res(); +}); diff --git a/src/api/endpoints/auth/session/generate.js b/src/api/endpoints/auth/session/generate.js deleted file mode 100644 index cf75b83e2d..0000000000 --- a/src/api/endpoints/auth/session/generate.js +++ /dev/null @@ -1,81 +0,0 @@ -'use strict'; - -/** - * Module dependencies - */ -import * as uuid from 'uuid'; -import App from '../../../models/app'; -import AuthSess from '../../../models/auth-session'; -import config from '../../../../conf'; - -/** - * @swagger - * /auth/session/generate: - * post: - * summary: Generate a session - * parameters: - * - - * name: app_secret - * description: App Secret - * in: formData - * required: true - * type: string - * - * responses: - * 200: - * description: OK - * schema: - * type: object - * properties: - * token: - * type: string - * description: Session Token - * url: - * type: string - * description: Authentication form's URL - * default: - * description: Failed - * schema: - * $ref: "#/definitions/Error" - */ - -/** - * Generate a session - * - * @param {any} params - * @return {Promise} - */ -module.exports = (params) => - new Promise(async (res, rej) => -{ - // Get 'app_secret' parameter - const appSecret = params.app_secret; - if (appSecret == null) { - return rej('app_secret is required'); - } - - // Lookup app - const app = await App.findOne({ - secret: appSecret - }); - - if (app == null) { - return rej('app not found'); - } - - // Generate token - const token = uuid.v4(); - - // Create session token document - const doc = await AuthSess.insert({ - created_at: new Date(), - app_id: app._id, - token: token - }); - - // Response - res({ - token: doc.token, - url: `${config.auth_url}/${doc.token}` - }); -}); diff --git a/src/api/endpoints/auth/session/generate.ts b/src/api/endpoints/auth/session/generate.ts new file mode 100644 index 0000000000..6e730123c1 --- /dev/null +++ b/src/api/endpoints/auth/session/generate.ts @@ -0,0 +1,80 @@ +'use strict'; + +/** + * Module dependencies + */ +import * as uuid from 'uuid'; +import it from '../../../it'; +import App from '../../../models/app'; +import AuthSess from '../../../models/auth-session'; +import config from '../../../../conf'; + +/** + * @swagger + * /auth/session/generate: + * post: + * summary: Generate a session + * parameters: + * - + * name: app_secret + * description: App Secret + * in: formData + * required: true + * type: string + * + * responses: + * 200: + * description: OK + * schema: + * type: object + * properties: + * token: + * type: string + * description: Session Token + * url: + * type: string + * description: Authentication form's URL + * default: + * description: Failed + * schema: + * $ref: "#/definitions/Error" + */ + +/** + * Generate a session + * + * @param {any} params + * @return {Promise} + */ +module.exports = (params) => + new Promise(async (res, rej) => +{ + // Get 'app_secret' parameter + const [appSecret, appSecretErr] = it(params.app_secret).expect.string().required().qed(); + if (appSecretErr) return rej('invalid app_secret param'); + + // Lookup app + const app = await App.findOne({ + secret: appSecret + }); + + if (app == null) { + return rej('app not found'); + } + + // Generate token + const token = uuid.v4(); + + // Create session token document + const doc = await AuthSess.insert({ + created_at: new Date(), + app_id: app._id, + token: token + }); + + // Response + res({ + token: doc.token, + url: `${config.auth_url}/${doc.token}` + }); +}); diff --git a/src/api/endpoints/auth/session/show.js b/src/api/endpoints/auth/session/show.js deleted file mode 100644 index 425c980d9d..0000000000 --- a/src/api/endpoints/auth/session/show.js +++ /dev/null @@ -1,76 +0,0 @@ -'use strict'; - -/** - * Module dependencies - */ -import AuthSess from '../../../models/auth-session'; -import serialize from '../../../serializers/auth-session'; - -/** - * @swagger - * /auth/session/show: - * post: - * summary: Show a session information - * parameters: - * - - * name: token - * description: Session Token - * in: formData - * required: true - * type: string - * - * responses: - * 200: - * description: OK - * schema: - * type: object - * properties: - * created_at: - * type: string - * format: date-time - * description: Date and time of the session creation - * app_id: - * type: string - * description: Application ID - * token: - * type: string - * description: Session Token - * user_id: - * type: string - * description: ID of user who create the session - * app: - * $ref: "#/definitions/Application" - * default: - * description: Failed - * schema: - * $ref: "#/definitions/Error" - */ - -/** - * Show a session - * - * @param {any} params - * @param {any} user - * @return {Promise} - */ -module.exports = (params, user) => - new Promise(async (res, rej) => -{ - // Get 'token' parameter - const token = params.token; - if (token == null) { - return rej('token is required'); - } - - // Lookup session - const session = await AuthSess.findOne({ - token: token - }); - - if (session == null) { - return rej('session not found'); - } - - // Response - res(await serialize(session, user)); -}); diff --git a/src/api/endpoints/auth/session/show.ts b/src/api/endpoints/auth/session/show.ts new file mode 100644 index 0000000000..55641929d8 --- /dev/null +++ b/src/api/endpoints/auth/session/show.ts @@ -0,0 +1,75 @@ +'use strict'; + +/** + * Module dependencies + */ +import it from '../../../it'; +import AuthSess from '../../../models/auth-session'; +import serialize from '../../../serializers/auth-session'; + +/** + * @swagger + * /auth/session/show: + * post: + * summary: Show a session information + * parameters: + * - + * name: token + * description: Session Token + * in: formData + * required: true + * type: string + * + * responses: + * 200: + * description: OK + * schema: + * type: object + * properties: + * created_at: + * type: string + * format: date-time + * description: Date and time of the session creation + * app_id: + * type: string + * description: Application ID + * token: + * type: string + * description: Session Token + * user_id: + * type: string + * description: ID of user who create the session + * app: + * $ref: "#/definitions/Application" + * default: + * description: Failed + * schema: + * $ref: "#/definitions/Error" + */ + +/** + * Show a session + * + * @param {any} params + * @param {any} user + * @return {Promise} + */ +module.exports = (params, user) => + new Promise(async (res, rej) => +{ + // Get 'token' parameter + const [token, tokenErr] = it(params.token).expect.string().required().qed(); + if (tokenErr) return rej('invalid token param'); + + // Lookup session + const session = await AuthSess.findOne({ + token: token + }); + + if (session == null) { + return rej('session not found'); + } + + // Response + res(await serialize(session, user)); +}); diff --git a/src/api/endpoints/auth/session/userkey.js b/src/api/endpoints/auth/session/userkey.js deleted file mode 100644 index 2c34304a5e..0000000000 --- a/src/api/endpoints/auth/session/userkey.js +++ /dev/null @@ -1,115 +0,0 @@ -'use strict'; - -/** - * Module dependencies - */ -import App from '../../../models/app'; -import AuthSess from '../../../models/auth-session'; -import AccessToken from '../../../models/access-token'; -import serialize from '../../../serializers/user'; - -/** - * @swagger - * /auth/session/userkey: - * post: - * summary: Get an access token(userkey) - * parameters: - * - - * name: app_secret - * description: App Secret - * in: formData - * required: true - * type: string - * - - * name: token - * description: Session Token - * in: formData - * required: true - * type: string - * - * responses: - * 200: - * description: OK - * schema: - * type: object - * properties: - * userkey: - * type: string - * description: Access Token - * user: - * $ref: "#/definitions/User" - * default: - * description: Failed - * schema: - * $ref: "#/definitions/Error" - */ - -/** - * Generate a session - * - * @param {any} params - * @return {Promise} - */ -module.exports = (params) => - new Promise(async (res, rej) => { - // Get 'app_secret' parameter - const appSecret = params.app_secret; - if (appSecret == null) { - return rej('app_secret is required'); - } - - // Lookup app - const app = await App.findOne({ - secret: appSecret - }); - - if (app == null) { - return rej('app not found'); - } - - // Get 'token' parameter - const token = params.token; - if (token == null) { - return rej('token is required'); - } - - // Fetch token - const session = await AuthSess - .findOne({ - token: token, - app_id: app._id - }); - - if (session === null) { - return rej('session not found'); - } - - if (session.user_id == null) { - return rej('this session is not allowed yet'); - } - - // Lookup access token - const accessToken = await AccessToken.findOne({ - app_id: app._id, - user_id: session.user_id - }); - - // Delete session - - /* https://github.com/Automattic/monk/issues/178 - AuthSess.deleteOne({ - _id: session._id - }); - */ - AuthSess.remove({ - _id: session._id - }); - - // Response - res({ - access_token: accessToken.token, - user: await serialize(session.user_id, null, { - detail: true - }) - }); - }); diff --git a/src/api/endpoints/auth/session/userkey.ts b/src/api/endpoints/auth/session/userkey.ts new file mode 100644 index 0000000000..fdb8c26d4e --- /dev/null +++ b/src/api/endpoints/auth/session/userkey.ts @@ -0,0 +1,112 @@ +'use strict'; + +/** + * Module dependencies + */ +import it from '../../../it'; +import App from '../../../models/app'; +import AuthSess from '../../../models/auth-session'; +import AccessToken from '../../../models/access-token'; +import serialize from '../../../serializers/user'; + +/** + * @swagger + * /auth/session/userkey: + * post: + * summary: Get an access token(userkey) + * parameters: + * - + * name: app_secret + * description: App Secret + * in: formData + * required: true + * type: string + * - + * name: token + * description: Session Token + * in: formData + * required: true + * type: string + * + * responses: + * 200: + * description: OK + * schema: + * type: object + * properties: + * userkey: + * type: string + * description: Access Token + * user: + * $ref: "#/definitions/User" + * default: + * description: Failed + * schema: + * $ref: "#/definitions/Error" + */ + +/** + * Generate a session + * + * @param {any} params + * @return {Promise} + */ +module.exports = (params) => + new Promise(async (res, rej) => { + // Get 'app_secret' parameter + const [appSecret, appSecretErr] = it(params.app_secret).expect.string().required().qed(); + if (appSecretErr) return rej('invalid app_secret param'); + + // Lookup app + const app = await App.findOne({ + secret: appSecret + }); + + if (app == null) { + return rej('app not found'); + } + + // Get 'token' parameter + const [token, tokenErr] = it(params.token).expect.string().required().qed(); + if (tokenErr) return rej('invalid token param'); + + // Fetch token + const session = await AuthSess + .findOne({ + token: token, + app_id: app._id + }); + + if (session === null) { + return rej('session not found'); + } + + if (session.user_id == null) { + return rej('this session is not allowed yet'); + } + + // Lookup access token + const accessToken = await AccessToken.findOne({ + app_id: app._id, + user_id: session.user_id + }); + + // Delete session + + /* https://github.com/Automattic/monk/issues/178 + AuthSess.deleteOne({ + _id: session._id + }); + */ + AuthSess.remove({ + _id: session._id + }); + + // Response + res({ + access_token: accessToken.token, + user: await serialize(session.user_id, null, { + detail: true + }) + }); + }); -- cgit v1.2.3-freya