spacedeck-open/routes/api/sessions.js

80 lines
2.1 KiB
JavaScript

"use strict";
var config = require('config');
const db = require('../../models/db');
var bcrypt = require('bcryptjs');
var crypto = require('crypto');
var URL = require('url').URL;
var express = require('express');
var router = express.Router();
router.post('/', function(req, res) {
var data = req.body;
if (!data.email || !data.password) {
res.status(400).json({});
return;
}
var email = req.body.email.toLowerCase();
var password = req.body["password"];
db.User.findOne({where: {email: email}})
.error(err => {
res.sendStatus(404);
//res.status(400).json({"error":"session.users"});
})
.then(user => {
if (!user) {
res.sendStatus(404);
}
else if (bcrypt.compareSync(password, user.password_hash)) {
crypto.randomBytes(48, function(ex, buf) {
var token = buf.toString('hex');
console.log("!!! token: ",token);
var session = {
user_id: user._id,
token: token,
ip: req.ip,
device: "web",
created_at: new Date()
};
db.Session.create(session)
.error(err => {
console.error("Error creating Session:",err);
res.sendStatus(500);
})
.then(() => {
var domain = (process.env.NODE_ENV == "production") ? new URL(config.get('endpoint')).hostname : "localhost";
res.cookie('sdsession', token, { domain: domain, httpOnly: true });
res.status(201).json(session);
});
});
} else {
res.sendStatus(403);
}
});
});
router.delete('/current', function(req, res, next) {
if (req.user) {
/*var user = req.user;
var newSessions = user.sessions.filter( function(session){
return session.token != req.token;
});*/
//user.sessions = newSessions;
//user.save(function(err, result) {
var domain = new URL(config.get('endpoint')).hostname;
res.clearCookie('sdsession', { domain: domain });
res.sendStatus(204);
//});
} else {
res.sendStatus(404);
}
});
module.exports = router;