diff --git a/bin/web/routes/api/authenticate.js b/bin/web/routes/api/authenticate.js index 486b95c..08b6d36 100644 --- a/bin/web/routes/api/authenticate.js +++ b/bin/web/routes/api/authenticate.js @@ -1,3 +1,6 @@ +var sanitize = require('mongo-sanitize'); +let db = global['requireModule']('database'); + module.exports = { path: "/authenticate", /** @@ -5,9 +8,57 @@ module.exports = { * @url /api/authenticate * @method POST * @POST ['applicationId', 'applicationSecret', 'userId', 'token'] - * @TODO add implementation */ post: async (req, res) => { - return res.end(); + // check body variables + if(!req.body.applicationId || !req.body.applicationSecret || !req.body.userId || !req.body.token) { + return res.type('json').status(401).end(JSON.stringify({ + status: 401, + message: [ + 'msg.request.data.missing' + ] + })); + } + + let applicationId = sanitize(req.body.applicationId); + let applicationSecret = sanitize(req.body.applicationSecret); + let userId = sanitize(req.body.userId); + let token = sanitize(req.body.token); + + let auth = await db.getAuth({ + aId: applicationId, + aSecret: applicationSecret, + uId: userId, + token: token + }); + + // if database error + if(auth.err) { + // log error while debugging + global['logs'].debug(auth.err); + + // database error + return res.type('json').status(500).end(JSON.stringify({ + status: 500, + message: [ + 'msg.database.error' + ] + })); + } + + // no reply (user does not exist) or password is wrong + if(!auth.reply || auth.reply === null || auth.reply.length == 0) { + return res.type('json').status(401).end(JSON.stringify({ + status: 401, + message: 'msg.auth.authentication.failed' + })); + // authentication granted + } else { + // no authorization, the clients are also resource servers and therefore handle data requests for themself + return res.type('json').status(200).end(JSON.stringify({ + status: 200, + message: 'msg.auth.authentication.successful' + })); + } } };