2016-12-29 00:49:51 +02:00
|
|
|
import * as express from 'express';
|
2017-01-18 07:19:50 +02:00
|
|
|
import * as bcrypt from 'bcryptjs';
|
2016-12-29 00:49:51 +02:00
|
|
|
import User from '../models/user';
|
|
|
|
import Signin from '../models/signin';
|
|
|
|
import serialize from '../serializers/signin';
|
|
|
|
import event from '../event';
|
2017-01-17 02:17:52 +02:00
|
|
|
import config from '../../conf';
|
2016-12-29 00:49:51 +02:00
|
|
|
|
|
|
|
export default async (req: express.Request, res: express.Response) => {
|
|
|
|
res.header('Access-Control-Allow-Credentials', 'true');
|
|
|
|
|
|
|
|
const username = req.body['username'];
|
|
|
|
const password = req.body['password'];
|
|
|
|
|
2017-02-22 12:39:34 +02:00
|
|
|
if (typeof username != 'string') {
|
|
|
|
res.sendStatus(400);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (typeof password != 'string') {
|
|
|
|
res.sendStatus(400);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2016-12-29 00:49:51 +02:00
|
|
|
// Fetch user
|
|
|
|
const user = await User.findOne({
|
|
|
|
username_lower: username.toLowerCase()
|
2017-02-22 06:08:33 +02:00
|
|
|
}, {
|
|
|
|
fields: {
|
|
|
|
data: false,
|
|
|
|
profile: false
|
|
|
|
}
|
2016-12-29 00:49:51 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
if (user === null) {
|
|
|
|
res.status(404).send('user not found');
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Compare password
|
2017-01-18 07:19:50 +02:00
|
|
|
const same = bcrypt.compareSync(password, user.password);
|
2016-12-29 00:49:51 +02:00
|
|
|
|
|
|
|
if (same) {
|
|
|
|
const expires = 1000 * 60 * 60 * 24 * 365; // One Year
|
|
|
|
res.cookie('i', user.token, {
|
|
|
|
path: '/',
|
|
|
|
domain: `.${config.host}`,
|
|
|
|
secure: config.url.substr(0, 5) === 'https',
|
|
|
|
httpOnly: false,
|
|
|
|
expires: new Date(Date.now() + expires),
|
|
|
|
maxAge: expires
|
|
|
|
});
|
|
|
|
|
|
|
|
res.sendStatus(204);
|
|
|
|
} else {
|
|
|
|
res.status(400).send('incorrect password');
|
|
|
|
}
|
|
|
|
|
|
|
|
// Append signin history
|
2017-01-17 03:49:27 +02:00
|
|
|
const record = await Signin.insert({
|
2016-12-29 00:49:51 +02:00
|
|
|
created_at: new Date(),
|
|
|
|
user_id: user._id,
|
|
|
|
ip: req.ip,
|
|
|
|
headers: req.headers,
|
|
|
|
success: same
|
|
|
|
});
|
|
|
|
|
|
|
|
// Publish signin event
|
|
|
|
event(user._id, 'signin', await serialize(record));
|
|
|
|
};
|