2017-04-07 01:29:05 +02:00
|
|
|
"use strict";
|
|
|
|
|
|
|
|
var config = require('config');
|
|
|
|
require('../../models/schema');
|
|
|
|
|
2017-04-07 10:39:35 +02:00
|
|
|
var bcrypt = require('bcryptjs');
|
2017-04-07 01:29:05 +02:00
|
|
|
var crypo = require('crypto');
|
2018-03-30 22:34:27 +02:00
|
|
|
var URL = require('url').URL;
|
2017-04-07 01:29:05 +02:00
|
|
|
|
|
|
|
var express = require('express');
|
|
|
|
var router = express.Router();
|
|
|
|
|
|
|
|
router.post('/', function(req, res) {
|
|
|
|
var data = req.body;
|
|
|
|
if (data.email && data.password) {
|
|
|
|
var email = req.body.email.toLowerCase();
|
|
|
|
var password = req.body["password"];
|
|
|
|
|
|
|
|
User.find({email: email, account_type: "email"}, (function (err, users) {
|
|
|
|
if (err) {
|
|
|
|
res.status(400).json({"error":"session.users"});
|
|
|
|
} else {
|
|
|
|
|
|
|
|
if (users.length == 1) {
|
|
|
|
var user = users[0];
|
|
|
|
|
|
|
|
if (bcrypt.compareSync(password, user.password_hash)) {
|
|
|
|
crypo.randomBytes(48, function(ex, buf) {
|
|
|
|
var token = buf.toString('hex');
|
|
|
|
|
|
|
|
var session = {
|
|
|
|
token: token,
|
|
|
|
ip: req.ip,
|
|
|
|
device: "web",
|
|
|
|
created_at: new Date()
|
|
|
|
};
|
|
|
|
|
|
|
|
if (!user.sessions)
|
|
|
|
user.sessions = [];
|
|
|
|
|
|
|
|
user.sessions.push(session);
|
|
|
|
|
|
|
|
user.save(function(err, result) {
|
2018-03-30 22:34:27 +02:00
|
|
|
if (err) console.error("Error saving user:",err);
|
|
|
|
|
|
|
|
var domain = (process.env.NODE_ENV == "production") ? new URL(config.get('endpoint')).hostname : "localhost";
|
2017-04-07 01:29:05 +02:00
|
|
|
|
2018-03-30 22:34:27 +02:00
|
|
|
res.cookie('sdsession', token, { domain: domain, httpOnly: true });
|
2017-04-07 01:29:05 +02:00
|
|
|
res.status(201).json(session);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
}else{
|
|
|
|
res.sendStatus(403);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
res.sendStatus(404);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}));
|
|
|
|
} else {
|
|
|
|
res.status(400).json({});
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
router.delete('/current', function(req, res, next) {
|
|
|
|
if (req.user) {
|
|
|
|
var user = req.user;
|
|
|
|
var newSessions = user.sessions.filter( function(session){
|
|
|
|
return session.token != req.token;
|
|
|
|
});
|
|
|
|
user.sessions = newSessions;
|
|
|
|
user.save(function(err, result) {
|
2018-03-30 22:34:27 +02:00
|
|
|
var domain = new URL(config.get('endpoint')).hostname;
|
2017-04-07 01:29:05 +02:00
|
|
|
res.clearCookie('sdsession', { domain: domain });
|
|
|
|
res.sendStatus(204);
|
|
|
|
});
|
|
|
|
} else {
|
|
|
|
res.sendStatus(404);
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
module.exports = router;
|