1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
import * as Koa from 'koa';
import * as bcrypt from 'bcryptjs';
import * as speakeasy from 'speakeasy';
import User, { ILocalUser } from '../../../models/user';
import Signin, { pack } from '../../../models/signin';
import event from '../../../publishers/stream';
import signin from '../common/signin';
import config from '../../../config';
export default async (ctx: Koa.Context) => {
ctx.set('Access-Control-Allow-Origin', config.url);
ctx.set('Access-Control-Allow-Credentials', 'true');
const username = ctx.request.body['username'];
const password = ctx.request.body['password'];
const token = ctx.request.body['token'];
if (typeof username != 'string') {
ctx.status = 400;
return;
}
if (typeof password != 'string') {
ctx.status = 400;
return;
}
if (token != null && typeof token != 'string') {
ctx.status = 400;
return;
}
// Fetch user
const user = await User.findOne({
usernameLower: username.toLowerCase(),
host: null
}, {
fields: {
data: false,
profile: false
}
}) as ILocalUser;
if (user === null) {
ctx.throw(404, {
error: 'user not found'
});
return;
}
// Compare password
const same = await bcrypt.compare(password, user.password);
if (same) {
if (user.twoFactorEnabled) {
const verified = (speakeasy as any).totp.verify({
secret: user.twoFactorSecret,
encoding: 'base32',
token: token
});
if (verified) {
signin(ctx, user);
} else {
ctx.throw(400, {
error: 'invalid token'
});
}
} else {
signin(ctx, user);
}
} else {
ctx.throw(400, {
error: 'incorrect password'
});
}
// Append signin history
const record = await Signin.insert({
createdAt: new Date(),
userId: user._id,
ip: ctx.ip,
headers: ctx.headers,
success: same
});
// Publish signin event
event(user._id, 'signin', await pack(record));
};
|
