rxbn_/auth.rxbn.de
1
0
Fork 0
Code Releases Activity

web - routes -> comments

Browse Source
This commit is contained in:
Ruben Meyer 2019-12-01 00:56:33 +01:00
parent 8c2d8a6920
commit f895af3890
2 changed files with 81 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
bin/web/routes/api.js
View File

@ -7,23 +7,30 @@
var express = require('express');
var route = express.Router();
/**
* register a user; currently not implemented
* @url /register
* @method POST
*/
route.post('/register', (req, res) => {
// if registration is disabled
if(!global['app'].cfg.web.registration) {
return res.type('json').status(400).end(JSON.stringify({status: 400, message: "msg.auth.registration.deactivated"}));
} else {
// TODO: register
// am i rite?
return res.type('json').status(200).end(JSON.stringify({}));
}
});
route.post('/login', (req, res) => {
/*
* done - check body vars -> else ERR 401 'msg.auth.login.failed'
* done - get users by mail / nickname -> else ERR 401 'msg.auth.login.failed' OR ERR 500 'msg.database.error'
* done - validate password hash -> else ERR 401 'msg.auth.login.failed'
* TODO - add new activity 'action.user.login'
/**
* login a user
* @url /api/login
* @method POST
* @POST ['email', 'password']
* @TODO add new activity 'action.user.login'
*/
route.post('/login', (req, res) => {
// if user is logged in (existing session); FAIL
if(req.session.user) {
return res.type('json').end(JSON.stringify({
status: 401,
@ -32,7 +39,7 @@ route.post('/login', (req, res) => {
}
// check body variables
if(!req.body.email && !req.body.password) {
if(!req.body.email || !req.body.password) {
return res.type('json').status(401).end(JSON.stringify({
status: 401,
message: [
@ -44,10 +51,14 @@ route.post('/login', (req, res) => {
let email = req.body.email;
let pass = req.body.password;
// database query: get user by email
global['modules'].database.getUser(email, (err, rep) => {
console.log(err, rep);
// if database error
if(err) {
// log error while debugging
global['logs'].debug(err);
// login failed because of database error
return res.type('json').status(500).end(JSON.stringify({
status: 500,
message: [
@ -56,11 +67,14 @@ route.post('/login', (req, res) => {
]
}));
}
// no reply (user does not exist) or password is wrong
if(!rep || rep === null || rep.length == 0 || rep.length > 1 || !global['modules'].auth.validateHash(rep[0].passhash, pass)) {
return res.type('json').status(401).end(JSON.stringify({
status: 401,
message: 'msg.auth.login.failed'
}));
// do login
} else {
// add cookies; login
// new activity 'action.user.login'
@ -80,12 +94,27 @@ route.post('/login', (req, res) => {
});
});
/**
* apps verify token
* @url /api/authenticate
* @method POST
* @POST ['applicationId', 'applicationSecret', 'userId', 'token']
* @TODO add implementation
*/
route.post('/authenticate', (req, res) => {
// TODO: authenticate
});
/**
* redirect user to app
* @url /api/redirect
* @method GET
* @GET ['id']
*/
route.get('/redirect', (req, res) => {
// if user is logged in
if(req.session && req.session.user) {
// missing query data to retrieve app
if(!req.query || !req.query.id) {
return res.type('json').status(500).end(JSON.stringify({
status: 500,
@ -94,10 +123,13 @@ route.get('/redirect', (req, res) => {
]
}));
}
// set auth code
global['modules'].database.setAuthCode({
aId: req.query.id,
uId: req.session.user.id
}, (err, rep) => {
// database error
if(err) {
global['logs'].debug(err);
return res.type('json').status(500).end(JSON.stringify({
@ -108,7 +140,9 @@ route.get('/redirect', (req, res) => {
}));
}
else if(rep) {
// retrieve apps
global['modules'].database.getApps((err2, rep2) => {
// database error
if(err2) {
global['logs'].debug(err2);
return res.type('json').status(500).end(JSON.stringify({
@ -118,13 +152,17 @@ route.get('/redirect', (req, res) => {
]
}));
}
// for each app
rep2.forEach((app) => {
// if app.id is equal to queried app
if(app.id == req.query.id) {
// redirect to app
return res.redirect(app.access+"?uid="+req.session.user.id+"&token="+rep.token);
}
});
});
} else {
// database error
return res.type('json').status(500).end(JSON.stringify({
status: 500,
message: [
@ -133,6 +171,7 @@ route.get('/redirect', (req, res) => {
}));
}
});
// user isnt logged in
} else {
return res.type('json').end(JSON.stringify({
status: 401,
@ -141,12 +180,19 @@ route.get('/redirect', (req, res) => {
}
});
/**
* logout user
* @url /api/logout
* @method GET
*/
route.get('/logout', (req, res) => {
// user needs to be logged in
if(!req.session || !req.session.user) {
return res.type('json').end(JSON.stringify({
status: 401,
message: 'msg.auth.login.required'
}));
// logout user
} else {
res.clearCookie('RememberMe');
req.session.destroy();

25
bin/web/routes/static.js
View File

@ -29,6 +29,11 @@ var fileCheck = (file) => {
}
};
/**
* main page
* @url /
* @method all
*/
route.all('/', function(req, res, next) {
// TODO: show login page or dashboard
// res.end('login or dashboard');
@ -40,12 +45,22 @@ route.all('/', function(req, res, next) {
})
});
// login page or app request
/**
* login page or apprequest page
* @url /
* @method all
*/
route.get('/authenticate', (req, res) => {
if(req.session) {
// if there isnt an apprequest
if(!req.session.appRequest)
req.session.appRequest = {}; // TODO: data
}
// query apps
global['modules'].database.getApps((err, rep) => {
// set appId in appRequest
if(req.query.appId) {
if(req.query.appId && typeof req.query.appId == "string") {
// req.query.appId
@ -57,12 +72,14 @@ route.get('/authenticate', (req, res) => {
}
}
// if user is logged in, show request page
if(req.session && req.session.user) {
res.render('request', {
session: req.session,
appRequest: req.session.appRequest,
apps: rep
});
// if user isnt logged in, show login page
} else {
res.render('login', {
session: req.session,
@ -73,6 +90,12 @@ route.get('/authenticate', (req, res) => {
});
});
/**
* all other routes
* @url /*
* @method all
* @TODO comments
*/
route.all('/*', (req, res, next) => {
// passthrough to next route
if(req.path.startsWith('/api'))