opt-cc/api/routes/authenticate.js

133 lines
3.7 KiB
JavaScript
Raw Normal View History

2018-03-12 09:26:44 +01:00
'use strict';
2017-05-10 11:04:06 +02:00
// modules
const express = require('express');
const jwt = require('jsonwebtoken');
const bcrypt = require('bcryptjs');
const Q = require('q');
const _ = require('lodash');
// HTTP status codes by name
const codes = require('./http-codes');
const config = require('../config/config');
2017-05-10 11:04:06 +02:00
const routerHandling = require('../middleware/router-handling');
const AppUserModel = require('../models/app-user');
const authenticate = new express.Router();
2017-05-10 11:04:06 +02:00
// routes **********************
authenticate.route('/')
2018-02-26 09:04:27 +01:00
.post((req, res, next) => {
authCheck(req.body.username, req.body.password, res)
.then((user) => {
if (user) {
// authentication successful
res.send(user);
} else {
// authentication failed
res.status(codes.unauthorized).send('Username or password is incorrect');
}
})
.catch((err) => {
res.status(codes.wrongrequest).send(err);
});
})
.all(
routerHandling.httpMethodNotAllowed
);
2017-05-10 11:04:06 +02:00
2017-06-08 19:46:36 +02:00
let authCheck = (username, password, res) => {
2017-05-10 11:04:06 +02:00
const deferred = Q.defer();
AppUserModel.findOne({username: username.toLowerCase()}).populate('squad').exec((err, user) => {
2017-05-10 11:04:06 +02:00
if (err) deferred.reject(err.name + ': ' + err.message);
2018-04-01 16:01:43 +02:00
const diff = 28 * 60 * 24; // time till expiration [minutes]
2017-05-10 11:04:06 +02:00
2017-06-08 19:46:36 +02:00
if (user && !user.activated) {
res.status(codes.unauthorized).send('Account is not yet activated');
}
2017-06-08 16:03:20 +02:00
if (user && user.activated && bcrypt.compareSync(password, user.password)) {
2017-05-10 11:04:06 +02:00
// authentication successful
const secret = process.env.NODE_ENV === config.prod.env ? process.env.JWS_SECRET : 'dev-secret';
2017-05-10 11:04:06 +02:00
deferred.resolve({
_id: user._id,
username: user.username,
2017-06-08 16:03:20 +02:00
permission: user.permission,
2017-06-09 18:30:35 +02:00
squad: user.squad,
2018-02-03 21:41:38 +01:00
token: jwt.sign({sub: user._id}, secret, {expiresIn: diff * 60}),
2018-03-12 09:26:44 +01:00
tokenExpireDate: new Date(Date.now().valueOf() + diff * 60000 - 1000),
2017-05-10 11:04:06 +02:00
});
} else {
// authentication failed
deferred.resolve();
}
});
return deferred.promise;
};
2017-06-08 16:03:20 +02:00
// ******************************** SIGNUP ************************
authenticate.route('/signup')
2018-02-26 09:04:27 +01:00
.post((req, res, next) => {
create(req.body)
.then(() => {
2018-04-01 15:12:24 +02:00
res.send(201, {message: 'User successfully created'});
2018-02-26 09:04:27 +01:00
})
.catch((err) => {
res.status(400).send(err);
});
})
.all(
routerHandling.httpMethodNotAllowed
);
2017-06-08 16:03:20 +02:00
let create = (userParam) => {
const deferred = Q.defer();
// validation
AppUserModel.findOne(
{username: userParam.username.toLowerCase()},
2017-06-08 16:03:20 +02:00
(err, user) => {
if (err) deferred.reject(err.name + ': ' + err.message);
if (user) {
// username already exists
2018-03-12 09:26:44 +01:00
deferred.reject(new Error('Username already exists'));
2017-06-08 16:03:20 +02:00
} else {
createUser();
}
});
let createUser = () => {
// set user object to userParam without the cleartext password
const user = _.omit(userParam, 'password');
// add hashed password to user object
user.password = bcrypt.hashSync(userParam.password, 10);
user.username = user.username.toLowerCase();
2017-06-08 16:03:20 +02:00
const newUser = new AppUserModel(user);
newUser.save((err, doc) => {
if (err) deferred.reject(err.name + ': ' + err.message);
deferred.resolve();
});
};
return deferred.promise;
};
2017-05-10 11:04:06 +02:00
authenticate.use(routerHandling.emptyResponse);
module.exports = authenticate;