web - authenticate user,app combination

bin/web/routes/api/authenticate.js

@@ -1,3 +1,6 @@
+var sanitize = require('mongo-sanitize');
+let db = global['requireModule']('database');
+
 module.exports = {
 	path: "/authenticate",
 	/**
@@ -5,9 +8,57 @@ module.exports = {
 	 * @url /api/authenticate
 	 * @method POST
 	 * @POST ['applicationId', 'applicationSecret', 'userId', 'token']
-	 * @TODO add implementation
 	 */
 	post: async (req, res) => {
-		return res.end();
+		// check body variables
+		if(!req.body.applicationId || !req.body.applicationSecret || !req.body.userId || !req.body.token) {
+			return res.type('json').status(401).end(JSON.stringify({
+				status: 401,
+				message: [
+					'msg.request.data.missing'
+				]
+			}));
+		}
+
+		let applicationId = sanitize(req.body.applicationId);
+		let applicationSecret = sanitize(req.body.applicationSecret);
+		let userId = sanitize(req.body.userId);
+		let token = sanitize(req.body.token);
+
+		let auth = await db.getAuth({
+			aId: applicationId,
+			aSecret: applicationSecret,
+			uId: userId,
+			token: token
+		});
+
+		// if database error
+		if(auth.err) {
+			// log error while debugging
+			global['logs'].debug(auth.err);
+
+			// database error
+			return res.type('json').status(500).end(JSON.stringify({
+				status: 500,
+				message: [
+					'msg.database.error'
+				]
+			}));
+		}
+
+		// no reply (user does not exist) or password is wrong
+		if(!auth.reply || auth.reply === null || auth.reply.length == 0) {
+			return res.type('json').status(401).end(JSON.stringify({
+				status: 401,
+				message: 'msg.auth.authentication.failed'
+			}));
+		// authentication granted
+		} else {
+			// no authorization, the clients are also resource servers and therefore handle data requests for themself
+			return res.type('json').status(200).end(JSON.stringify({
+				status: 200,
+				message: 'msg.auth.authentication.successful'
+			}));
+		}
 	}
 };