web - authenticate user,app combination
This commit is contained in:
parent
6e15aa5fe9
commit
ff55932d44
@ -1,3 +1,6 @@
|
|||||||
|
var sanitize = require('mongo-sanitize');
|
||||||
|
let db = global['requireModule']('database');
|
||||||
|
|
||||||
module.exports = {
|
module.exports = {
|
||||||
path: "/authenticate",
|
path: "/authenticate",
|
||||||
/**
|
/**
|
||||||
@ -5,9 +8,57 @@ module.exports = {
|
|||||||
* @url /api/authenticate
|
* @url /api/authenticate
|
||||||
* @method POST
|
* @method POST
|
||||||
* @POST ['applicationId', 'applicationSecret', 'userId', 'token']
|
* @POST ['applicationId', 'applicationSecret', 'userId', 'token']
|
||||||
* @TODO add implementation
|
|
||||||
*/
|
*/
|
||||||
post: async (req, res) => {
|
post: async (req, res) => {
|
||||||
return res.end();
|
// check body variables
|
||||||
|
if(!req.body.applicationId || !req.body.applicationSecret || !req.body.userId || !req.body.token) {
|
||||||
|
return res.type('json').status(401).end(JSON.stringify({
|
||||||
|
status: 401,
|
||||||
|
message: [
|
||||||
|
'msg.request.data.missing'
|
||||||
|
]
|
||||||
|
}));
|
||||||
|
}
|
||||||
|
|
||||||
|
let applicationId = sanitize(req.body.applicationId);
|
||||||
|
let applicationSecret = sanitize(req.body.applicationSecret);
|
||||||
|
let userId = sanitize(req.body.userId);
|
||||||
|
let token = sanitize(req.body.token);
|
||||||
|
|
||||||
|
let auth = await db.getAuth({
|
||||||
|
aId: applicationId,
|
||||||
|
aSecret: applicationSecret,
|
||||||
|
uId: userId,
|
||||||
|
token: token
|
||||||
|
});
|
||||||
|
|
||||||
|
// if database error
|
||||||
|
if(auth.err) {
|
||||||
|
// log error while debugging
|
||||||
|
global['logs'].debug(auth.err);
|
||||||
|
|
||||||
|
// database error
|
||||||
|
return res.type('json').status(500).end(JSON.stringify({
|
||||||
|
status: 500,
|
||||||
|
message: [
|
||||||
|
'msg.database.error'
|
||||||
|
]
|
||||||
|
}));
|
||||||
|
}
|
||||||
|
|
||||||
|
// no reply (user does not exist) or password is wrong
|
||||||
|
if(!auth.reply || auth.reply === null || auth.reply.length == 0) {
|
||||||
|
return res.type('json').status(401).end(JSON.stringify({
|
||||||
|
status: 401,
|
||||||
|
message: 'msg.auth.authentication.failed'
|
||||||
|
}));
|
||||||
|
// authentication granted
|
||||||
|
} else {
|
||||||
|
// no authorization, the clients are also resource servers and therefore handle data requests for themself
|
||||||
|
return res.type('json').status(200).end(JSON.stringify({
|
||||||
|
status: 200,
|
||||||
|
message: 'msg.auth.authentication.successful'
|
||||||
|
}));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
Loading…
x
Reference in New Issue
Block a user