2017-04-07 01:29:05 +02:00
|
|
|
"use strict";
|
|
|
|
|
|
|
|
|
|
var config = require('config');
|
2018-04-12 18:40:58 +02:00
|
|
|
const db = require('../../models/db');
|
2017-04-07 01:29:05 +02:00
|
|
|
|
2017-04-07 10:39:35 +02:00
|
|
|
var bcrypt = require('bcryptjs');
|
2018-04-12 18:40:58 +02:00
|
|
|
var crypto = require('crypto');
|
2018-03-30 22:34:27 +02:00
|
|
|
var URL = require('url').URL;
|
2017-04-07 01:29:05 +02:00
|
|
|
|
|
|
|
|
var express = require('express');
|
|
|
|
|
var router = express.Router();
|
|
|
|
|
|
|
|
|
|
router.post('/', function(req, res) {
|
|
|
|
|
var data = req.body;
|
2018-04-12 18:40:58 +02:00
|
|
|
if (!data.email || !data.password) {
|
|
|
|
|
res.status(400).json({});
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var email = req.body.email.toLowerCase();
|
|
|
|
|
var password = req.body["password"];
|
2017-04-07 01:29:05 +02:00
|
|
|
|
2018-04-12 18:40:58 +02:00
|
|
|
db.User.findOne({where: {email: email}})
|
|
|
|
|
.error(err => {
|
|
|
|
|
res.sendStatus(404);
|
|
|
|
|
})
|
|
|
|
|
.then(user => {
|
2018-04-15 00:23:52 +02:00
|
|
|
if (!user) {
|
|
|
|
|
res.sendStatus(404);
|
|
|
|
|
}
|
|
|
|
|
else if (bcrypt.compareSync(password, user.password_hash)) {
|
2018-04-12 18:40:58 +02:00
|
|
|
crypto.randomBytes(48, function(ex, buf) {
|
|
|
|
|
var token = buf.toString('hex');
|
2017-04-07 01:29:05 +02:00
|
|
|
|
2018-04-12 18:40:58 +02:00
|
|
|
var session = {
|
|
|
|
|
user_id: user._id,
|
|
|
|
|
token: token,
|
|
|
|
|
ip: req.ip,
|
|
|
|
|
device: "web",
|
|
|
|
|
created_at: new Date()
|
|
|
|
|
};
|
2017-04-07 01:29:05 +02:00
|
|
|
|
2018-04-12 18:40:58 +02:00
|
|
|
db.Session.create(session)
|
|
|
|
|
.error(err => {
|
|
|
|
|
console.error("Error creating Session:",err);
|
|
|
|
|
res.sendStatus(500);
|
|
|
|
|
})
|
|
|
|
|
.then(() => {
|
2018-05-01 17:04:08 +02:00
|
|
|
var domain = (process.env.NODE_ENV == "production") ? new URL(config.get('endpoint')).hostname : req.headers.hostname;
|
2018-04-12 18:40:58 +02:00
|
|
|
res.cookie('sdsession', token, { domain: domain, httpOnly: true });
|
|
|
|
|
res.status(201).json(session);
|
2017-04-07 01:29:05 +02:00
|
|
|
});
|
2018-04-12 18:40:58 +02:00
|
|
|
});
|
|
|
|
|
} else {
|
|
|
|
|
res.sendStatus(403);
|
2017-04-07 01:29:05 +02:00
|
|
|
}
|
2018-04-12 18:40:58 +02:00
|
|
|
});
|
2017-04-07 01:29:05 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
router.delete('/current', function(req, res, next) {
|
|
|
|
|
if (req.user) {
|
2018-05-01 17:04:08 +02:00
|
|
|
var token = req.cookies['sdsession'];
|
|
|
|
|
db.Session.findOne({where: {token: token}})
|
|
|
|
|
.then(session => {
|
|
|
|
|
session.destroy();
|
|
|
|
|
});
|
|
|
|
|
var domain = (process.env.NODE_ENV == "production") ? new URL(config.get('endpoint')).hostname : req.headers.hostname;
|
|
|
|
|
res.clearCookie('sdsession', { domain: domain });
|
|
|
|
|
res.sendStatus(204);
|
2017-04-07 01:29:05 +02:00
|
|
|
} else {
|
|
|
|
|
res.sendStatus(404);
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
module.exports = router;
|
