iceshrimp-legacy/src/server/api/endpoints/auth/session/userkey.ts

/**
 * Module dependencies
 */
import $ from 'cafy';
import App from '../../../../../models/app';
import AuthSess from '../../../../../models/auth-session';
import AccessToken from '../../../../../models/access-token';
import { pack } from '../../../../../models/user';

/**
 * @swagger
 * /auth/session/userkey:
 *   note:
 *     summary: Get an access token(userkey)
 *     parameters:
 *       -
 *         name: appSecret
 *         description: App Secret
 *         in: formData
 *         required: true
 *         type: string
 *       -
 *         name: token
 *         description: Session Token
 *         in: formData
 *         required: true
 *         type: string
 *
 *     responses:
 *       200:
 *         description: OK
 *         schema:
 *           type: object
 *           properties:
 *             userkey:
 *               type: string
 *               description: Access Token
 *             user:
 *               $ref: "#/definitions/User"
 *       default:
 *         description: Failed
 *         schema:
 *           $ref: "#/definitions/Error"
 */

/**
 * Generate a session
 *
 * @param {any} params
 * @return {Promise<any>}
 */
export default (params: any) => new Promise(async (res, rej) => {
	// Get 'appSecret' parameter
	const [appSecret, appSecretErr] = $.str.get(params.appSecret);
	if (appSecretErr) return rej('invalid appSecret param');

	// Lookup app
	const app = await App.findOne({
		secret: appSecret
	});

	if (app == null) {
		return rej('app not found');
	}

	// Get 'token' parameter
	const [token, tokenErr] = $.str.get(params.token);
	if (tokenErr) return rej('invalid token param');

	// Fetch token
	const session = await AuthSess
		.findOne({
			token: token,
			appId: app._id
		});

	if (session === null) {
		return rej('session not found');
	}

	if (session.userId == null) {
		return rej('this session is not allowed yet');
	}

	// Lookup access token
	const accessToken = await AccessToken.findOne({
		appId: app._id,
		userId: session.userId
	});

	// Delete session

	/* https://github.com/Automattic/monk/issues/178
	AuthSess.deleteOne({
		_id: session._id
	});
	*/
	AuthSess.remove({
		_id: session._id
	});

	// Response
	res({
		accessToken: accessToken.token,
		user: await pack(session.userId, null, {
			detail: true
		})
	});
});
Initial commit :four_leaf_clover: 2016-12-28 23:49:51 +01:00			`/**`
			`* Module dependencies`
			`*/`
:v: 2017-03-08 19:50:09 +01:00			`import $ from 'cafy';`
整理した 2018-03-29 13:32:18 +02:00			`import App from '../../../../../models/app';`
			`import AuthSess from '../../../../../models/auth-session';`
			`import AccessToken from '../../../../../models/access-token';`
			`import { pack } from '../../../../../models/user';`
Initial commit :four_leaf_clover: 2016-12-28 23:49:51 +01:00
[WIP][Swagger]Add swagger definition - /auth/session/userkey - User entity 2017-01-04 07:04:54 +01:00			`/**`
			`* @swagger`
			`* /auth/session/userkey:`
Post --> Note Closes #1411 2018-04-07 19:30:37 +02:00			`* note:`
Fix typo 2017-02-23 16:28:43 +01:00			`* summary: Get an access token(userkey)`
[WIP][Swagger]Add swagger definition - /auth/session/userkey - User entity 2017-01-04 07:04:54 +01:00			`* parameters:`
			`* -`
Resolve conflicts 2018-03-29 07:48:47 +02:00			`* name: appSecret`
[WIP][Swagger]Add swagger definition - /auth/session/userkey - User entity 2017-01-04 07:04:54 +01:00			`* description: App Secret`
			`* in: formData`
			`* required: true`
			`* type: string`
			`* -`
			`* name: token`
[Swagger]Fix name 2017-01-05 15:42:27 +01:00			`* description: Session Token`
[WIP][Swagger]Add swagger definition - /auth/session/userkey - User entity 2017-01-04 07:04:54 +01:00			`* in: formData`
			`* required: true`
			`* type: string`
Clean up 2017-02-23 16:28:18 +01:00			`*`
[WIP][Swagger]Add swagger definition - /auth/session/userkey - User entity 2017-01-04 07:04:54 +01:00			`* responses:`
			`* 200:`
			`* description: OK`
			`* schema:`
			`* type: object`
			`* properties:`
			`* userkey:`
			`* type: string`
[Swagger]Following changes 2017-01-06 07:13:46 +01:00			`* description: Access Token`
[WIP][Swagger]Add swagger definition - /auth/session/userkey - User entity 2017-01-04 07:04:54 +01:00			`* user:`
			`* $ref: "#/definitions/User"`
[Swagger]Fix Error 2017-01-05 16:39:56 +01:00			`* default:`
[WIP][Swagger]Add swagger definition - /auth/session/userkey - User entity 2017-01-04 07:04:54 +01:00			`* description: Failed`
			`* schema:`
			`* $ref: "#/definitions/Error"`
			`*/`

Initial commit :four_leaf_clover: 2016-12-28 23:49:51 +01:00			`/**`
			`* Generate a session`
			`*`
Use any instead of Object 2017-03-01 09:37:01 +01:00			`* @param {any} params`
			`* @return {Promise<any>}`
Initial commit :four_leaf_clover: 2016-12-28 23:49:51 +01:00			`*/`
wip 2018-07-05 19:58:29 +02:00			`export default (params: any) => new Promise(async (res, rej) => {`
Resolve conflicts 2018-03-29 07:48:47 +02:00			`// Get 'appSecret' parameter`
Update cafy to 8.0.0 :rocket: 2018-05-02 11:06:16 +02:00			`const [appSecret, appSecretErr] = $.str.get(params.appSecret);`
Resolve conflicts 2018-03-29 07:48:47 +02:00			`if (appSecretErr) return rej('invalid appSecret param');`
Initial commit :four_leaf_clover: 2016-12-28 23:49:51 +01:00
Follow linter 2017-03-03 20:28:38 +01:00			`// Lookup app`
			`const app = await App.findOne({`
			`secret: appSecret`
			`});`
Initial commit :four_leaf_clover: 2016-12-28 23:49:51 +01:00
Follow linter 2017-03-03 20:28:38 +01:00			`if (app == null) {`
			`return rej('app not found');`
			`}`
Initial commit :four_leaf_clover: 2016-12-28 23:49:51 +01:00
Follow linter 2017-03-03 20:28:38 +01:00			`// Get 'token' parameter`
Update cafy to 8.0.0 :rocket: 2018-05-02 11:06:16 +02:00			`const [token, tokenErr] = $.str.get(params.token);`
Follow linter 2017-03-03 20:28:38 +01:00			`if (tokenErr) return rej('invalid token param');`
Initial commit :four_leaf_clover: 2016-12-28 23:49:51 +01:00
Follow linter 2017-03-03 20:28:38 +01:00			`// Fetch token`
			`const session = await AuthSess`
			`.findOne({`
			`token: token,`
Resolve conflicts 2018-03-29 07:48:47 +02:00			`appId: app._id`
Follow linter 2017-03-03 20:28:38 +01:00			`});`
Initial commit :four_leaf_clover: 2016-12-28 23:49:51 +01:00
Follow linter 2017-03-03 20:28:38 +01:00			`if (session === null) {`
			`return rej('session not found');`
			`}`
Initial commit :four_leaf_clover: 2016-12-28 23:49:51 +01:00
Resolve conflicts 2018-03-29 07:48:47 +02:00			`if (session.userId == null) {`
Follow linter 2017-03-03 20:28:38 +01:00			`return rej('this session is not allowed yet');`
			`}`
Initial commit :four_leaf_clover: 2016-12-28 23:49:51 +01:00
Follow linter 2017-03-03 20:28:38 +01:00			`// Lookup access token`
			`const accessToken = await AccessToken.findOne({`
Resolve conflicts 2018-03-29 07:48:47 +02:00			`appId: app._id,`
			`userId: session.userId`
Follow linter 2017-03-03 20:28:38 +01:00			`});`
Initial commit :four_leaf_clover: 2016-12-28 23:49:51 +01:00
Follow linter 2017-03-03 20:28:38 +01:00			`// Delete session`
[API] Fix bug 2017-02-08 18:15:34 +01:00
Follow linter 2017-03-03 20:28:38 +01:00			`/* https://github.com/Automattic/monk/issues/178`
			`AuthSess.deleteOne({`
			`_id: session._id`
			`});`
			`*/`
			`AuthSess.remove({`
			`_id: session._id`
			`});`
Initial commit :four_leaf_clover: 2016-12-28 23:49:51 +01:00
Follow linter 2017-03-03 20:28:38 +01:00			`// Response`
			`res({`
Resolve conflicts 2018-03-29 07:48:47 +02:00			`accessToken: accessToken.token,`
			`user: await pack(session.userId, null, {`
Follow linter 2017-03-03 20:28:38 +01:00			`detail: true`
			`})`
Initial commit :four_leaf_clover: 2016-12-28 23:49:51 +01:00			`});`
Follow linter 2017-03-03 20:28:38 +01:00			`});`