jormungandr-bite/src/server/api/private/signin.ts

91 lines
1.8 KiB
TypeScript
Raw Normal View History

2018-04-12 15:06:18 -06:00
import * as Koa from 'koa';
2017-01-17 22:19:50 -07:00
import * as bcrypt from 'bcryptjs';
2017-12-08 06:57:58 -07:00
import * as speakeasy from 'speakeasy';
2018-04-01 13:01:34 -06:00
import User, { ILocalUser } from '../../../models/user';
2018-03-29 05:32:18 -06:00
import Signin, { pack } from '../../../models/signin';
2018-07-29 16:20:27 -06:00
import { publishUserStream } from '../../../stream';
2017-11-22 21:25:33 -07:00
import signin from '../common/signin';
2018-04-01 22:15:53 -06:00
import config from '../../../config';
2016-12-28 15:49:51 -07:00
2018-04-12 15:06:18 -06:00
export default async (ctx: Koa.Context) => {
ctx.set('Access-Control-Allow-Origin', config.url);
ctx.set('Access-Control-Allow-Credentials', 'true');
2016-12-28 15:49:51 -07:00
2018-07-22 22:56:25 -06:00
const body = ctx.request.body as any;
const username = body['username'];
const password = body['password'];
2018-07-22 22:56:25 -06:00
const token = body['token'];
2016-12-28 15:49:51 -07:00
2017-02-22 03:39:34 -07:00
if (typeof username != 'string') {
2018-04-12 15:06:18 -06:00
ctx.status = 400;
2017-02-22 03:39:34 -07:00
return;
}
if (typeof password != 'string') {
2018-04-12 15:06:18 -06:00
ctx.status = 400;
2017-02-22 03:39:34 -07:00
return;
}
2017-12-08 06:57:58 -07:00
if (token != null && typeof token != 'string') {
2018-04-12 15:06:18 -06:00
ctx.status = 400;
2017-12-08 06:57:58 -07:00
return;
}
2016-12-28 15:49:51 -07:00
// Fetch user
2018-04-01 13:01:34 -06:00
const user = await User.findOne({
2018-03-28 23:48:47 -06:00
usernameLower: username.toLowerCase(),
2018-03-27 01:51:12 -06:00
host: null
2017-02-21 21:08:33 -07:00
}, {
2018-07-22 22:56:25 -06:00
fields: {
data: false,
profile: false
}
}) as ILocalUser;
2016-12-28 15:49:51 -07:00
if (user === null) {
2018-04-12 15:06:18 -06:00
ctx.throw(404, {
2017-03-09 14:42:57 -07:00
error: 'user not found'
});
2016-12-28 15:49:51 -07:00
return;
}
// Compare password
2018-04-07 13:44:59 -06:00
const same = await bcrypt.compare(password, user.password);
2016-12-28 15:49:51 -07:00
if (same) {
2018-04-07 12:58:11 -06:00
if (user.twoFactorEnabled) {
2017-12-08 06:57:58 -07:00
const verified = (speakeasy as any).totp.verify({
2018-04-07 12:58:11 -06:00
secret: user.twoFactorSecret,
2017-12-08 06:57:58 -07:00
encoding: 'base32',
token: token
});
if (verified) {
2018-04-12 20:44:39 -06:00
signin(ctx, user);
2017-12-08 06:57:58 -07:00
} else {
2018-04-12 15:06:18 -06:00
ctx.throw(400, {
2017-12-08 06:57:58 -07:00
error: 'invalid token'
});
}
} else {
2018-04-12 20:44:39 -06:00
signin(ctx, user);
2017-12-08 06:57:58 -07:00
}
2016-12-28 15:49:51 -07:00
} else {
2018-04-12 15:06:18 -06:00
ctx.throw(400, {
2017-03-09 14:42:57 -07:00
error: 'incorrect password'
});
2016-12-28 15:49:51 -07:00
}
// Append signin history
2017-01-16 18:49:27 -07:00
const record = await Signin.insert({
2018-03-28 23:48:47 -06:00
createdAt: new Date(),
userId: user._id,
2018-04-12 15:06:18 -06:00
ip: ctx.ip,
headers: ctx.headers,
2016-12-28 15:49:51 -07:00
success: same
});
// Publish signin event
2018-07-29 16:20:27 -06:00
publishUserStream(user._id, 'signin', await pack(record));
2016-12-28 15:49:51 -07:00
};