diff --git a/bin/web/routes/api.js b/bin/web/routes/api.js index b4a4def..96c4fe5 100644 --- a/bin/web/routes/api.js +++ b/bin/web/routes/api.js @@ -7,23 +7,30 @@ var express = require('express'); var route = express.Router(); +/** + * register a user; currently not implemented + * @url /register + * @method POST + */ route.post('/register', (req, res) => { + // if registration is disabled if(!global['app'].cfg.web.registration) { return res.type('json').status(400).end(JSON.stringify({status: 400, message: "msg.auth.registration.deactivated"})); } else { - // TODO: register + // am i rite? return res.type('json').status(200).end(JSON.stringify({})); } }); +/** + * login a user + * @url /api/login + * @method POST + * @POST ['email', 'password'] + * @TODO add new activity 'action.user.login' + */ route.post('/login', (req, res) => { - /* - * done - check body vars -> else ERR 401 'msg.auth.login.failed' - * done - get users by mail / nickname -> else ERR 401 'msg.auth.login.failed' OR ERR 500 'msg.database.error' - * done - validate password hash -> else ERR 401 'msg.auth.login.failed' - * TODO - add new activity 'action.user.login' - */ - + // if user is logged in (existing session); FAIL if(req.session.user) { return res.type('json').end(JSON.stringify({ status: 401, @@ -32,7 +39,7 @@ route.post('/login', (req, res) => { } // check body variables - if(!req.body.email && !req.body.password) { + if(!req.body.email || !req.body.password) { return res.type('json').status(401).end(JSON.stringify({ status: 401, message: [ @@ -44,10 +51,14 @@ route.post('/login', (req, res) => { let email = req.body.email; let pass = req.body.password; + // database query: get user by email global['modules'].database.getUser(email, (err, rep) => { - console.log(err, rep); + // if database error if(err) { + // log error while debugging global['logs'].debug(err); + + // login failed because of database error return res.type('json').status(500).end(JSON.stringify({ status: 500, message: [ @@ -56,11 +67,14 @@ route.post('/login', (req, res) => { ] })); } + + // no reply (user does not exist) or password is wrong if(!rep || rep === null || rep.length == 0 || rep.length > 1 || !global['modules'].auth.validateHash(rep[0].passhash, pass)) { return res.type('json').status(401).end(JSON.stringify({ status: 401, message: 'msg.auth.login.failed' })); + // do login } else { // add cookies; login // new activity 'action.user.login' @@ -80,12 +94,27 @@ route.post('/login', (req, res) => { }); }); +/** + * apps verify token + * @url /api/authenticate + * @method POST + * @POST ['applicationId', 'applicationSecret', 'userId', 'token'] + * @TODO add implementation + */ route.post('/authenticate', (req, res) => { // TODO: authenticate }); +/** + * redirect user to app + * @url /api/redirect + * @method GET + * @GET ['id'] + */ route.get('/redirect', (req, res) => { + // if user is logged in if(req.session && req.session.user) { + // missing query data to retrieve app if(!req.query || !req.query.id) { return res.type('json').status(500).end(JSON.stringify({ status: 500, @@ -94,10 +123,13 @@ route.get('/redirect', (req, res) => { ] })); } + + // set auth code global['modules'].database.setAuthCode({ aId: req.query.id, uId: req.session.user.id }, (err, rep) => { + // database error if(err) { global['logs'].debug(err); return res.type('json').status(500).end(JSON.stringify({ @@ -108,7 +140,9 @@ route.get('/redirect', (req, res) => { })); } else if(rep) { + // retrieve apps global['modules'].database.getApps((err2, rep2) => { + // database error if(err2) { global['logs'].debug(err2); return res.type('json').status(500).end(JSON.stringify({ @@ -118,13 +152,17 @@ route.get('/redirect', (req, res) => { ] })); } + // for each app rep2.forEach((app) => { + // if app.id is equal to queried app if(app.id == req.query.id) { + // redirect to app return res.redirect(app.access+"?uid="+req.session.user.id+"&token="+rep.token); } }); }); } else { + // database error return res.type('json').status(500).end(JSON.stringify({ status: 500, message: [ @@ -133,6 +171,7 @@ route.get('/redirect', (req, res) => { })); } }); + // user isnt logged in } else { return res.type('json').end(JSON.stringify({ status: 401, @@ -141,12 +180,19 @@ route.get('/redirect', (req, res) => { } }); +/** + * logout user + * @url /api/logout + * @method GET + */ route.get('/logout', (req, res) => { + // user needs to be logged in if(!req.session || !req.session.user) { return res.type('json').end(JSON.stringify({ status: 401, message: 'msg.auth.login.required' })); + // logout user } else { res.clearCookie('RememberMe'); req.session.destroy(); diff --git a/bin/web/routes/static.js b/bin/web/routes/static.js index 64d79a3..953bc03 100644 --- a/bin/web/routes/static.js +++ b/bin/web/routes/static.js @@ -29,6 +29,11 @@ var fileCheck = (file) => { } }; +/** + * main page + * @url / + * @method all + */ route.all('/', function(req, res, next) { // TODO: show login page or dashboard // res.end('login or dashboard'); @@ -40,12 +45,22 @@ route.all('/', function(req, res, next) { }) }); -// login page or app request +/** + * login page or apprequest page + * @url / + * @method all + */ route.get('/authenticate', (req, res) => { - req.session.appRequest = {}; // TODO: data + if(req.session) { + // if there isnt an apprequest + if(!req.session.appRequest) + req.session.appRequest = {}; // TODO: data + } + // query apps global['modules'].database.getApps((err, rep) => { + // set appId in appRequest if(req.query.appId) { if(req.query.appId && typeof req.query.appId == "string") { // req.query.appId @@ -57,12 +72,14 @@ route.get('/authenticate', (req, res) => { } } + // if user is logged in, show request page if(req.session && req.session.user) { res.render('request', { session: req.session, appRequest: req.session.appRequest, apps: rep }); + // if user isnt logged in, show login page } else { res.render('login', { session: req.session, @@ -73,6 +90,12 @@ route.get('/authenticate', (req, res) => { }); }); +/** + * all other routes + * @url /* + * @method all + * @TODO comments + */ route.all('/*', (req, res, next) => { // passthrough to next route if(req.path.startsWith('/api'))