auth.rxbn.de/bin/web/routes/api/redirect.js

let db = global['requireModule']('database');

module.exports = {
	path: "/redirect",
	/**
	 * redirect user to app
	 * @url /api/redirect
	 * @method GET
	 * @GET ['id']
	 */
	get: async (req, res) => {
		// if user is logged in
		if(req.session && req.session.user) {
			// missing query data to retrieve app
			if(!req.query || !req.query.id) {
				return res.type('json').status(500).end(JSON.stringify({
					status: 500,
					message: [
						'msg.request.data.missing'
					]
				}));
			}

			// set auth code
			authCode = await db.setAuthCode({
				aId: req.query.id,
				uId: req.session.user.id
			});

			// database error
			if(typeof authCode.err !== "undefined") {
				global['logs'].debug(authCode.err);
				return res.type('json').status(500).end(JSON.stringify({
					status: 500,
					message: [
						'msg.database.error'
					]
				}));
			}
			else if(typeof authCode.reply !== "undefined") {
				// retrieve apps
				apps = await db.getApps();
				// database error
				if(typeof apps.err !== "undefined") {
					global['logs'].debug(apps.err);
					return res.type('json').status(500).end(JSON.stringify({
						status: 500,
						message: [
							'msg.database.error'
						]
					}));
				}
				// for each app
				apps.reply.forEach((app) => {
					// if app.id is equal to queried app
					if(app.id == req.query.id) {
						// redirect to app
						return res.redirect(app.access+"?uid="+req.session.user.id+"&token="+authCode.reply.token);
					}
				});
			} else {
				// database error
				return res.type('json').status(500).end(JSON.stringify({
					status: 500,
					message: [
						'msg.database.error'
					]
				}));
			}
		// user isnt logged in
		} else {
			return res.type('json').end(JSON.stringify({
				status: 401,
				message: 'msg.auth.login.required'
			}));
		}
	}
};