backend register & activation route
parent
9b8bcd0722
commit
b5bcc676ed
|
@ -5,7 +5,6 @@ let check = (requiredPermission, actualPermission, res, next) => {
|
||||||
if (actualPermission >= requiredPermission) {
|
if (actualPermission >= requiredPermission) {
|
||||||
return next();
|
return next();
|
||||||
}
|
}
|
||||||
|
|
||||||
return res.status(403).send({
|
return res.status(403).send({
|
||||||
success: false,
|
success: false,
|
||||||
message: 'permission denied'
|
message: 'permission denied'
|
||||||
|
|
|
@ -20,6 +20,14 @@ const AppUserSchema = new Schema({
|
||||||
min: 0,
|
min: 0,
|
||||||
max: 4,
|
max: 4,
|
||||||
default: 0
|
default: 0
|
||||||
|
},
|
||||||
|
secret: {
|
||||||
|
type: String,
|
||||||
|
required: true
|
||||||
|
},
|
||||||
|
activated: {
|
||||||
|
type: Boolean,
|
||||||
|
default: false
|
||||||
}
|
}
|
||||||
}, {
|
}, {
|
||||||
collection: 'app_user',
|
collection: 'app_user',
|
||||||
|
|
|
@ -8,6 +8,9 @@ const Q = require('q');
|
||||||
const _ = require('lodash');
|
const _ = require('lodash');
|
||||||
const logger = require('debug')('cc:authenticate');
|
const logger = require('debug')('cc:authenticate');
|
||||||
|
|
||||||
|
const apiAuthenticationMiddleware = require('../middleware/auth-middleware');
|
||||||
|
const checkAdmin = require('../middleware/permission-check').checkAdmin;
|
||||||
|
|
||||||
// HTTP status codes by name
|
// HTTP status codes by name
|
||||||
const codes = require('./http-codes');
|
const codes = require('./http-codes');
|
||||||
|
|
||||||
|
@ -49,11 +52,12 @@ let authCheck = (username, password) => {
|
||||||
|
|
||||||
const diff = 3 * 60 * 24; // time till expiration [minutes]
|
const diff = 3 * 60 * 24; // time till expiration [minutes]
|
||||||
|
|
||||||
if (user && bcrypt.compareSync(password, user.password)) {
|
if (user && user.activated && bcrypt.compareSync(password, user.password)) {
|
||||||
// authentication successful
|
// authentication successful
|
||||||
deferred.resolve({
|
deferred.resolve({
|
||||||
_id: user._id,
|
_id: user._id,
|
||||||
username: user.username,
|
username: user.username,
|
||||||
|
permission: user.permission,
|
||||||
token: jwt.sign({sub: user._id}, config.secret, {expiresIn: diff * 60}),
|
token: jwt.sign({sub: user._id}, config.secret, {expiresIn: diff * 60}),
|
||||||
tokenExpireDate: new Date(Date.now().valueOf() + diff * 60000 - 1000)
|
tokenExpireDate: new Date(Date.now().valueOf() + diff * 60000 - 1000)
|
||||||
});
|
});
|
||||||
|
@ -67,57 +71,94 @@ let authCheck = (username, password) => {
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
//******************************** SIGNUP ************************
|
// ******************************** EDITING USING ADMIN PANEL ************************
|
||||||
//
|
|
||||||
// authenticate.route('/signup')
|
authenticate.route('/editUser/:id')
|
||||||
// .post((req, res, next) => {
|
.patch(apiAuthenticationMiddleware, checkAdmin, (req, res, next) => {
|
||||||
// create(req.body)
|
if (!req.body || (req.body._id && req.body._id !== req.params.id)) {
|
||||||
// .then(() => {
|
// little bit different as in PUT. :id does not need to be in data, but if the _id and url id must match
|
||||||
// res.sendStatus(200);
|
const err = new Error('id of PATCH resource and send JSON body are not equal ' + req.params.id + " " + req.body._id);
|
||||||
// })
|
err.status = codes.notfound;
|
||||||
// .catch((err) => {
|
next(err);
|
||||||
// res.status(400).send(err);
|
return; // prevent node to process this function further after next() has finished.
|
||||||
// });
|
}
|
||||||
// })
|
|
||||||
//
|
// increment version manually as we do not use .save(.)
|
||||||
// .all(
|
req.body.updatedAt = new Date();
|
||||||
// routerHandling.httpMethodNotAllowed
|
req.body.$inc = {__v: 1};
|
||||||
// );
|
|
||||||
//
|
// PATCH is easier with mongoose than PUT. You simply update by all data that comes from outside. no need to reset attributes that are missing.
|
||||||
// let create = (userParam) => {
|
AppUserModel.findByIdAndUpdate(req.params.id, req.body, {new: true}, (err, item) => {
|
||||||
// const deferred = Q.defer();
|
if (err) {
|
||||||
//
|
err.status = codes.wrongrequest;
|
||||||
// // validation
|
}
|
||||||
// AppUserModel.findOne(
|
else if (!item) {
|
||||||
// {username: userParam.username},
|
err = new Error("appUser not found");
|
||||||
// (err, user) => {
|
err.status = codes.notfound;
|
||||||
// if (err) deferred.reject(err.name + ': ' + err.message);
|
}
|
||||||
//
|
else {
|
||||||
// if (user) {
|
res.locals.items = item;
|
||||||
// // username already exists
|
}
|
||||||
// deferred.reject('Username "' + userParam.username + '" is already taken');
|
next(err);
|
||||||
// } else {
|
})
|
||||||
// createUser();
|
})
|
||||||
// }
|
|
||||||
// });
|
.all(
|
||||||
//
|
routerHandling.httpMethodNotAllowed
|
||||||
// let createUser = () => {
|
);
|
||||||
// // set user object to userParam without the cleartext password
|
|
||||||
// const user = _.omit(userParam, 'password');
|
|
||||||
//
|
// ******************************** SIGNUP ************************
|
||||||
// // add hashed password to user object
|
|
||||||
// user.password = bcrypt.hashSync(userParam.password, 10);
|
authenticate.route('/signup')
|
||||||
//
|
.post((req, res, next) => {
|
||||||
// const newUser = new AppUserModel(user);
|
create(req.body)
|
||||||
// newUser.save((err, doc) => {
|
.then(() => {
|
||||||
// if (err) deferred.reject(err.name + ': ' + err.message);
|
res.sendStatus(200);
|
||||||
//
|
})
|
||||||
// deferred.resolve();
|
.catch((err) => {
|
||||||
// });
|
res.status(400).send(err);
|
||||||
// };
|
});
|
||||||
//
|
})
|
||||||
// return deferred.promise;
|
|
||||||
// };
|
.all(
|
||||||
|
routerHandling.httpMethodNotAllowed
|
||||||
|
);
|
||||||
|
|
||||||
|
let create = (userParam) => {
|
||||||
|
const deferred = Q.defer();
|
||||||
|
|
||||||
|
// validation
|
||||||
|
AppUserModel.findOne(
|
||||||
|
{username: userParam.username},
|
||||||
|
(err, user) => {
|
||||||
|
if (err) deferred.reject(err.name + ': ' + err.message);
|
||||||
|
|
||||||
|
if (user) {
|
||||||
|
// username already exists
|
||||||
|
deferred.reject('Username "' + userParam.username + '" is already taken');
|
||||||
|
} else {
|
||||||
|
createUser();
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
let createUser = () => {
|
||||||
|
// set user object to userParam without the cleartext password
|
||||||
|
const user = _.omit(userParam, 'password');
|
||||||
|
|
||||||
|
// add hashed password to user object
|
||||||
|
user.password = bcrypt.hashSync(userParam.password, 10);
|
||||||
|
|
||||||
|
const newUser = new AppUserModel(user);
|
||||||
|
newUser.save((err, doc) => {
|
||||||
|
if (err) deferred.reject(err.name + ': ' + err.message);
|
||||||
|
|
||||||
|
deferred.resolve();
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
|
return deferred.promise;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
authenticate.use(routerHandling.emptyResponse);
|
authenticate.use(routerHandling.emptyResponse);
|
||||||
|
|
Loading…
Reference in New Issue