2018-04-13 16:20:57 +00:00
|
|
|
const config = require('./../config')
|
2018-01-23 20:06:30 +00:00
|
|
|
const db = require('knex')(config.database)
|
2019-09-08 01:56:29 +00:00
|
|
|
const logger = require('./../logger')
|
2018-10-13 11:06:58 +00:00
|
|
|
const perms = require('./permissionController')
|
2018-01-23 20:06:30 +00:00
|
|
|
const randomstring = require('randomstring')
|
2018-04-13 16:20:57 +00:00
|
|
|
const utils = require('./utilsController')
|
2017-01-17 19:54:25 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
const self = {
|
|
|
|
|
tokenLength: 64,
|
|
|
|
|
tokenMaxTries: 3,
|
|
|
|
|
onHold: new Set()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
self.generateUniqueToken = async () => {
|
|
|
|
|
for (let i = 0; i < self.tokenMaxTries; i++) {
|
|
|
|
|
const token = randomstring.generate(self.tokenLength)
|
|
|
|
|
if (self.onHold.has(token))
|
|
|
|
|
continue
|
2019-06-18 21:04:14 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
// Put token on-hold (wait for it to be inserted to DB)
|
|
|
|
|
self.onHold.add(token)
|
2017-01-17 19:54:25 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
const user = await db.table('users')
|
|
|
|
|
.where('token', token)
|
|
|
|
|
.select('id')
|
|
|
|
|
.first()
|
|
|
|
|
if (user) {
|
|
|
|
|
self.onHold.delete(token)
|
|
|
|
|
continue
|
2019-06-18 21:04:14 +00:00
|
|
|
}
|
2019-09-08 01:56:29 +00:00
|
|
|
|
|
|
|
|
return token
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return null
|
2019-06-18 21:04:14 +00:00
|
|
|
}
|
|
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
self.verify = async (req, res, next) => {
|
|
|
|
|
const token = typeof req.body.token === 'string'
|
|
|
|
|
? req.body.token.trim()
|
|
|
|
|
: ''
|
2017-01-17 19:54:25 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
if (!token)
|
|
|
|
|
return res.status(401).json({ success: false, description: 'No token provided.' })
|
2018-10-09 19:52:41 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
try {
|
|
|
|
|
const user = await db.table('users')
|
|
|
|
|
.where('token', token)
|
|
|
|
|
.select('username', 'permission')
|
|
|
|
|
.first()
|
|
|
|
|
|
|
|
|
|
if (!user)
|
|
|
|
|
return res.status(401).json({ success: false, description: 'Invalid token.' })
|
|
|
|
|
|
|
|
|
|
return res.json({
|
|
|
|
|
success: true,
|
|
|
|
|
username: user.username,
|
|
|
|
|
permissions: perms.mapPermissions(user)
|
|
|
|
|
})
|
|
|
|
|
} catch (error) {
|
|
|
|
|
logger.error(error)
|
|
|
|
|
return res.status(500).json({ success: false, description: 'An unexpected error occurred. Try again?' })
|
|
|
|
|
}
|
2018-01-23 20:06:30 +00:00
|
|
|
}
|
2017-01-17 19:54:25 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
self.list = async (req, res, next) => {
|
2018-01-23 20:06:30 +00:00
|
|
|
const user = await utils.authorize(req, res)
|
2018-12-18 17:01:28 +00:00
|
|
|
if (!user) return
|
2019-09-08 01:56:29 +00:00
|
|
|
return res.json({ success: true, token: user.token })
|
2018-01-23 20:06:30 +00:00
|
|
|
}
|
2017-01-17 19:54:25 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
self.change = async (req, res, next) => {
|
2018-01-23 20:06:30 +00:00
|
|
|
const user = await utils.authorize(req, res)
|
2018-12-18 17:01:28 +00:00
|
|
|
if (!user) return
|
2017-01-18 07:51:42 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
const newToken = await self.generateUniqueToken()
|
|
|
|
|
if (!newToken)
|
|
|
|
|
return res.json({ success: false, description: 'Sorry, we could not allocate a unique token. Try again?' })
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
await db.table('users')
|
|
|
|
|
.where('token', user.token)
|
|
|
|
|
.update({
|
|
|
|
|
token: newToken,
|
|
|
|
|
timestamp: Math.floor(Date.now() / 1000)
|
|
|
|
|
})
|
|
|
|
|
self.onHold.delete(newToken)
|
|
|
|
|
|
|
|
|
|
return res.json({
|
|
|
|
|
success: true,
|
|
|
|
|
token: newToken
|
|
|
|
|
})
|
|
|
|
|
} catch (error) {
|
|
|
|
|
logger.error(error)
|
|
|
|
|
return res.status(500).json({ success: false, description: 'An unexpected error occurred. Try again?' })
|
|
|
|
|
}
|
2018-01-23 20:06:30 +00:00
|
|
|
}
|
2017-01-18 07:51:42 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
module.exports = self
|
