iceshrimp-legacy/src/server/api/endpoints/auth/accept.ts

import rndstr from 'rndstr';
const crypto = require('crypto');
import $ from 'cafy';
import App from '../../../../models/app';
import AuthSess from '../../../../models/auth-session';
import AccessToken from '../../../../models/access-token';
import { ILocalUser } from '../../../../models/user';

/**
 * @swagger
 * /auth/accept:
 *   note:
 *     summary: Accept a session
 *     parameters:
 *       - $ref: "#/parameters/NativeToken"
 *       -
 *         name: token
 *         description: Session Token
 *         in: formData
 *         required: true
 *         type: string
 *     responses:
 *       204:
 *         description: OK
 *
 *       default:
 *         description: Failed
 *         schema:
 *           $ref: "#/definitions/Error"
 */

/**
 * Accept
 */
export default (params: any, user: ILocalUser) => new Promise(async (res, rej) => {
	// Get 'token' parameter
	const [token, tokenErr] = $.str.get(params.token);
	if (tokenErr) return rej('invalid token param');

	// Fetch token
	const session = await AuthSess
		.findOne({ token: token });

	if (session === null) {
		return rej('session not found');
	}

	// Generate access token
	const accessToken = rndstr('a-zA-Z0-9', 32);

	// Fetch exist access token
	const exist = await AccessToken.findOne({
		appId: session.appId,
		userId: user._id,
	});

	if (exist === null) {
		// Lookup app
		const app = await App.findOne({
			_id: session.appId
		});

		// Generate Hash
		const sha256 = crypto.createHash('sha256');
		sha256.update(accessToken + app.secret);
		const hash = sha256.digest('hex');

		// Insert access token doc
		await AccessToken.insert({
			createdAt: new Date(),
			appId: session.appId,
			userId: user._id,
			token: accessToken,
			hash: hash
		});
	}

	// Update session
	await AuthSess.update(session._id, {
		$set: {
			userId: user._id
		}
	});

	// Response
	res();
});
Initial commit :four_leaf_clover: 2016-12-28 23:49:51 +01:00			`import rndstr from 'rndstr';`
[BREAKING CHANGE] Improve security 2017-01-06 03:50:46 +01:00			`const crypto = require('crypto');`
:v: 2017-03-08 19:50:09 +01:00			`import $ from 'cafy';`
整理した 2018-03-29 13:32:18 +02:00			`import App from '../../../../models/app';`
			`import AuthSess from '../../../../models/auth-session';`
			`import AccessToken from '../../../../models/access-token';`
wip 2018-06-18 02:54:53 +02:00			`import { ILocalUser } from '../../../../models/user';`
Initial commit :four_leaf_clover: 2016-12-28 23:49:51 +01:00
[Swagger]Add /auth/accept 2017-01-05 17:28:59 +01:00			`/**`
			`* @swagger`
			`* /auth/accept:`
Post --> Note Closes #1411 2018-04-07 19:30:37 +02:00			`* note:`
[Swagger]Add /auth/accept 2017-01-05 17:28:59 +01:00			`* summary: Accept a session`
			`* parameters:`
[Swagger]Following changes 2017-01-06 07:13:46 +01:00			`* - $ref: "#/parameters/NativeToken"`
Use any instead of Object 2017-03-01 09:37:01 +01:00			`* -`
[Swagger]Add /auth/accept 2017-01-05 17:28:59 +01:00			`* name: token`
			`* description: Session Token`
			`* in: formData`
			`* required: true`
			`* type: string`
			`* responses:`
			`* 204:`
			`* description: OK`
Use any instead of Object 2017-03-01 09:37:01 +01:00			`*`
[Swagger]Add /auth/accept 2017-01-05 17:28:59 +01:00			`* default:`
			`* description: Failed`
			`* schema:`
			`* $ref: "#/definitions/Error"`
			`*/`

Initial commit :four_leaf_clover: 2016-12-28 23:49:51 +01:00			`/**`
			`* Accept`
			`*/`
wip 2018-07-05 19:58:29 +02:00			`export default (params: any, user: ILocalUser) => new Promise(async (res, rej) => {`
Initial commit :four_leaf_clover: 2016-12-28 23:49:51 +01:00			`// Get 'token' parameter`
Update cafy to 8.0.0 :rocket: 2018-05-02 11:06:16 +02:00			`const [token, tokenErr] = $.str.get(params.token);`
wip 2017-03-03 11:39:41 +01:00			`if (tokenErr) return rej('invalid token param');`
Initial commit :four_leaf_clover: 2016-12-28 23:49:51 +01:00
			`// Fetch token`
			`const session = await AuthSess`
Revert a change for AuthSess query 2018-03-27 09:04:22 +02:00			`.findOne({ token: token });`
Initial commit :four_leaf_clover: 2016-12-28 23:49:51 +01:00
			`if (session === null) {`
			`return rej('session not found');`
			`}`

Refactor: Rename userkey --> access-token 2017-01-06 04:09:57 +01:00			`// Generate access token`
wip 2017-03-03 11:39:41 +01:00			`const accessToken = rndstr('a-zA-Z0-9', 32);`
Initial commit :four_leaf_clover: 2016-12-28 23:49:51 +01:00
Refactor: Rename userkey --> access-token 2017-01-06 04:09:57 +01:00			`// Fetch exist access token`
			`const exist = await AccessToken.findOne({`
Resolve conflicts 2018-03-29 07:48:47 +02:00			`appId: session.appId,`
			`userId: user._id,`
Initial commit :four_leaf_clover: 2016-12-28 23:49:51 +01:00			`});`

			`if (exist === null) {`
[BREAKING CHANGE] Improve security 2017-01-06 03:50:46 +01:00			`// Lookup app`
			`const app = await App.findOne({`
Resolve conflicts 2018-03-29 07:48:47 +02:00			`_id: session.appId`
[BREAKING CHANGE] Improve security 2017-01-06 03:50:46 +01:00			`});`

			`// Generate Hash`
SHA256にした 2017-02-08 14:43:46 +01:00			`const sha256 = crypto.createHash('sha256');`
wip 2017-03-03 11:39:41 +01:00			`sha256.update(accessToken + app.secret);`
SHA256にした 2017-02-08 14:43:46 +01:00			`const hash = sha256.digest('hex');`
[BREAKING CHANGE] Improve security 2017-01-06 03:50:46 +01:00
Refactor: Rename userkey --> access-token 2017-01-06 04:09:57 +01:00			`// Insert access token doc`
			`await AccessToken.insert({`
Resolve conflicts 2018-03-29 07:48:47 +02:00			`createdAt: new Date(),`
			`appId: session.appId,`
			`userId: user._id,`
wip 2017-03-03 11:39:41 +01:00			`token: accessToken,`
[BREAKING CHANGE] Improve security 2017-01-06 03:50:46 +01:00			`hash: hash`
Initial commit :four_leaf_clover: 2016-12-28 23:49:51 +01:00			`});`
			`}`

			`// Update session`
Fix bug 2017-01-17 03:11:22 +01:00			`await AuthSess.update(session._id, {`
[API] Fix bug 2017-02-08 17:34:22 +01:00			`$set: {`
Resolve conflicts 2018-03-29 07:48:47 +02:00			`userId: user._id`
[API] Fix bug 2017-02-08 17:34:22 +01:00			`}`
Initial commit :four_leaf_clover: 2016-12-28 23:49:51 +01:00			`});`

			`// Response`
			`res();`
			`});`