2017-05-10 11:04:06 +02:00
|
|
|
"use strict";
|
|
|
|
|
|
|
|
// modules
|
|
|
|
const express = require('express');
|
|
|
|
const jwt = require('jsonwebtoken');
|
|
|
|
const bcrypt = require('bcryptjs');
|
|
|
|
const Q = require('q');
|
|
|
|
const _ = require('lodash');
|
|
|
|
const logger = require('debug')('cc:authenticate');
|
|
|
|
|
|
|
|
// HTTP status codes by name
|
|
|
|
const codes = require('./http-codes');
|
|
|
|
|
2017-05-11 18:36:32 +02:00
|
|
|
const config = require('../config/config');
|
2017-05-10 11:04:06 +02:00
|
|
|
|
|
|
|
const routerHandling = require('../middleware/router-handling');
|
|
|
|
|
|
|
|
const AppUserModel = require('../models/app-user');
|
|
|
|
|
|
|
|
const authenticate = express.Router();
|
|
|
|
|
|
|
|
// routes **********************
|
|
|
|
authenticate.route('/')
|
|
|
|
.post((req, res, next) => {
|
2017-06-08 19:46:36 +02:00
|
|
|
authCheck(req.body.username, req.body.password, res)
|
2017-05-10 11:04:06 +02:00
|
|
|
.then((user) => {
|
|
|
|
if (user) {
|
|
|
|
// authentication successful
|
|
|
|
res.send(user);
|
|
|
|
} else {
|
|
|
|
// authentication failed
|
2017-05-11 15:14:57 +02:00
|
|
|
res.status(codes.unauthorized).send('Username or password is incorrect');
|
2017-05-10 11:04:06 +02:00
|
|
|
}
|
|
|
|
})
|
|
|
|
.catch((err) => {
|
2017-05-11 15:14:57 +02:00
|
|
|
res.status(codes.wrongrequest).send(err);
|
2017-05-10 11:04:06 +02:00
|
|
|
});
|
|
|
|
})
|
|
|
|
|
|
|
|
.all(
|
|
|
|
routerHandling.httpMethodNotAllowed
|
|
|
|
);
|
|
|
|
|
2017-06-08 19:46:36 +02:00
|
|
|
let authCheck = (username, password, res) => {
|
2017-05-10 11:04:06 +02:00
|
|
|
const deferred = Q.defer();
|
|
|
|
|
2017-06-11 17:12:28 +02:00
|
|
|
AppUserModel.findOne({username: username.toLowerCase()}).populate('squad').exec((err, user) => {
|
2017-05-10 11:04:06 +02:00
|
|
|
if (err) deferred.reject(err.name + ': ' + err.message);
|
|
|
|
|
2017-06-11 16:54:02 +02:00
|
|
|
const diff = 7 * 60 * 24; // time till expiration [minutes]
|
2017-05-10 11:04:06 +02:00
|
|
|
|
2017-06-08 19:46:36 +02:00
|
|
|
if (user && !user.activated) {
|
|
|
|
res.status(codes.unauthorized).send('Account is not yet activated');
|
|
|
|
}
|
2017-06-08 16:03:20 +02:00
|
|
|
if (user && user.activated && bcrypt.compareSync(password, user.password)) {
|
2017-05-10 11:04:06 +02:00
|
|
|
// authentication successful
|
|
|
|
deferred.resolve({
|
|
|
|
_id: user._id,
|
|
|
|
username: user.username,
|
2017-09-09 13:24:36 +02:00
|
|
|
display_name: user.display_name,
|
2017-06-08 16:03:20 +02:00
|
|
|
permission: user.permission,
|
2017-06-09 18:30:35 +02:00
|
|
|
squad: user.squad,
|
2017-05-10 11:04:06 +02:00
|
|
|
token: jwt.sign({sub: user._id}, config.secret, {expiresIn: diff * 60}),
|
|
|
|
tokenExpireDate: new Date(Date.now().valueOf() + diff * 60000 - 1000)
|
|
|
|
});
|
|
|
|
} else {
|
|
|
|
// authentication failed
|
|
|
|
deferred.resolve();
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
return deferred.promise;
|
|
|
|
};
|
|
|
|
|
2017-06-08 16:03:20 +02:00
|
|
|
// ******************************** SIGNUP ************************
|
|
|
|
|
|
|
|
authenticate.route('/signup')
|
|
|
|
.post((req, res, next) => {
|
|
|
|
create(req.body)
|
|
|
|
.then(() => {
|
|
|
|
res.sendStatus(200);
|
|
|
|
})
|
|
|
|
.catch((err) => {
|
|
|
|
res.status(400).send(err);
|
|
|
|
});
|
|
|
|
})
|
|
|
|
|
|
|
|
.all(
|
|
|
|
routerHandling.httpMethodNotAllowed
|
|
|
|
);
|
|
|
|
|
|
|
|
let create = (userParam) => {
|
|
|
|
const deferred = Q.defer();
|
|
|
|
|
|
|
|
// validation
|
|
|
|
AppUserModel.findOne(
|
2017-06-11 17:12:28 +02:00
|
|
|
{username: userParam.username.toLowerCase()},
|
2017-06-08 16:03:20 +02:00
|
|
|
(err, user) => {
|
|
|
|
if (err) deferred.reject(err.name + ': ' + err.message);
|
|
|
|
|
|
|
|
if (user) {
|
|
|
|
// username already exists
|
2017-06-11 13:18:03 +02:00
|
|
|
deferred.reject(new Error("Username already exists"));
|
2017-06-08 16:03:20 +02:00
|
|
|
} else {
|
|
|
|
createUser();
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
let createUser = () => {
|
|
|
|
// set user object to userParam without the cleartext password
|
|
|
|
const user = _.omit(userParam, 'password');
|
|
|
|
|
|
|
|
// add hashed password to user object
|
|
|
|
user.password = bcrypt.hashSync(userParam.password, 10);
|
2017-06-11 17:12:28 +02:00
|
|
|
user.username = user.username.toLowerCase();
|
2017-09-09 13:24:36 +02:00
|
|
|
user.display_name = user.username;
|
2017-06-08 16:03:20 +02:00
|
|
|
|
|
|
|
const newUser = new AppUserModel(user);
|
|
|
|
newUser.save((err, doc) => {
|
|
|
|
if (err) deferred.reject(err.name + ': ' + err.message);
|
|
|
|
|
|
|
|
deferred.resolve();
|
|
|
|
});
|
|
|
|
};
|
|
|
|
|
|
|
|
return deferred.promise;
|
|
|
|
};
|
2017-05-10 11:04:06 +02:00
|
|
|
|
|
|
|
|
|
|
|
authenticate.use(routerHandling.emptyResponse);
|
|
|
|
|
|
|
|
|
|
|
|
module.exports = authenticate;
|