opt-cc/api/routes/authenticate.js

127 lines
3.1 KiB
JavaScript
Raw Normal View History

2017-05-10 11:04:06 +02:00
"use strict";
// modules
const express = require('express');
const jwt = require('jsonwebtoken');
const bcrypt = require('bcryptjs');
const Q = require('q');
const _ = require('lodash');
const logger = require('debug')('cc:authenticate');
// HTTP status codes by name
const codes = require('./http-codes');
const config = require('../config/config');
2017-05-10 11:04:06 +02:00
const routerHandling = require('../middleware/router-handling');
const AppUserModel = require('../models/app-user');
const authenticate = express.Router();
// routes **********************
authenticate.route('/')
.post((req, res, next) => {
authCheck(req.body.username, req.body.password)
.then((user) => {
if (user) {
// authentication successful
res.send(user);
} else {
// authentication failed
2017-05-11 15:14:57 +02:00
res.status(codes.unauthorized).send('Username or password is incorrect');
2017-05-10 11:04:06 +02:00
}
})
.catch((err) => {
2017-05-11 15:14:57 +02:00
res.status(codes.wrongrequest).send(err);
2017-05-10 11:04:06 +02:00
});
})
.all(
routerHandling.httpMethodNotAllowed
);
let authCheck = (username, password) => {
const deferred = Q.defer();
AppUserModel.findOne({username: username}, (err, user) => {
if (err) deferred.reject(err.name + ': ' + err.message);
2017-05-11 15:14:57 +02:00
const diff = 3 * 60 * 24; // time till expiration [minutes]
2017-05-10 11:04:06 +02:00
if (user && bcrypt.compareSync(password, user.password)) {
// authentication successful
deferred.resolve({
_id: user._id,
username: user.username,
token: jwt.sign({sub: user._id}, config.secret, {expiresIn: diff * 60}),
tokenExpireDate: new Date(Date.now().valueOf() + diff * 60000 - 1000)
});
} else {
// authentication failed
deferred.resolve();
}
});
return deferred.promise;
};
//******************************** SIGNUP ************************
//
// authenticate.route('/signup')
// .post((req, res, next) => {
// create(req.body)
// .then(() => {
// res.sendStatus(200);
// })
// .catch((err) => {
// res.status(400).send(err);
// });
// })
//
// .all(
// routerHandling.httpMethodNotAllowed
// );
//
// let create = (userParam) => {
// const deferred = Q.defer();
//
// // validation
// AppUserModel.findOne(
// {username: userParam.username},
// (err, user) => {
// if (err) deferred.reject(err.name + ': ' + err.message);
//
// if (user) {
// // username already exists
// deferred.reject('Username "' + userParam.username + '" is already taken');
// } else {
// createUser();
// }
// });
//
// let createUser = () => {
// // set user object to userParam without the cleartext password
// const user = _.omit(userParam, 'password');
//
// // add hashed password to user object
// user.password = bcrypt.hashSync(userParam.password, 10);
//
// const newUser = new AppUserModel(user);
// newUser.save((err, doc) => {
// if (err) deferred.reject(err.name + ': ' + err.message);
//
// deferred.resolve();
// });
// };
//
// return deferred.promise;
// };
authenticate.use(routerHandling.emptyResponse);
module.exports = authenticate;