jormungandr-bite/src/server/api/private/signin.ts

import * as express from 'express';
import * as bcrypt from 'bcryptjs';
import * as speakeasy from 'speakeasy';
import User, { ILocalUser } from '../../../models/user';
import Signin, { pack } from '../../../models/signin';
import event from '../../../publishers/stream';
import signin from '../common/signin';
import config from '../../../config';

export default async (req: express.Request, res: express.Response) => {
	res.header('Access-Control-Allow-Origin', config.url);
	res.header('Access-Control-Allow-Credentials', 'true');

	const username = req.body['username'];
	const password = req.body['password'];
	const token = req.body['token'];

	if (typeof username != 'string') {
		res.sendStatus(400);
		return;
	}

	if (typeof password != 'string') {
		res.sendStatus(400);
		return;
	}

	if (token != null && typeof token != 'string') {
		res.sendStatus(400);
		return;
	}

	// Fetch user
	const user = await User.findOne({
		usernameLower: username.toLowerCase(),
		host: null
	}, {
		fields: {
			data: false,
			'profile': false
		}
	}) as ILocalUser;

	if (user === null) {
		res.status(404).send({
			error: 'user not found'
		});
		return;
	}

	// Compare password
	const same = await bcrypt.compare(password, user.password);

	if (same) {
		if (user.twoFactorEnabled) {
			const verified = (speakeasy as any).totp.verify({
				secret: user.twoFactorSecret,
				encoding: 'base32',
				token: token
			});

			if (verified) {
				signin(res, user, false);
			} else {
				res.status(400).send({
					error: 'invalid token'
				});
			}
		} else {
			signin(res, user, false);
		}
	} else {
		res.status(400).send({
			error: 'incorrect password'
		});
	}

	// Append signin history
	const record = await Signin.insert({
		createdAt: new Date(),
		userId: user._id,
		ip: req.ip,
		headers: req.headers,
		success: same
	});

	// Publish signin event
	event(user._id, 'signin', await pack(record));
};
Initial commit :four_leaf_clover: 2016-12-28 15:49:51 -07:00			`import * as express from 'express';`
bye bye bcrypt-nodejs Closes #47 2017-01-17 22:19:50 -07:00			`import * as bcrypt from 'bcryptjs';`
#967 2017-12-08 06:57:58 -07:00			`import * as speakeasy from 'speakeasy';`
Refactor 2018-04-01 13:01:34 -06:00			`import User, { ILocalUser } from '../../../models/user';`
整理した 2018-03-29 05:32:18 -06:00			`import Signin, { pack } from '../../../models/signin';`
Introduce publishers directory 2018-04-01 22:33:46 -06:00			`import event from '../../../publishers/stream';`
#939 2017-11-22 21:25:33 -07:00			`import signin from '../common/signin';`
Introduce config module 2018-04-01 22:15:53 -06:00			`import config from '../../../config';`
Initial commit :four_leaf_clover: 2016-12-28 15:49:51 -07:00
			`export default async (req: express.Request, res: express.Response) => {`
Fix bug 2017-12-11 00:43:35 -07:00			`res.header('Access-Control-Allow-Origin', config.url);`
Initial commit :four_leaf_clover: 2016-12-28 15:49:51 -07:00			`res.header('Access-Control-Allow-Credentials', 'true');`

			`const username = req.body['username'];`
			`const password = req.body['password'];`
#967 2017-12-08 06:57:58 -07:00			`const token = req.body['token'];`
Initial commit :four_leaf_clover: 2016-12-28 15:49:51 -07:00
Fix bug 2017-02-22 03:39:34 -07:00			`if (typeof username != 'string') {`
			`res.sendStatus(400);`
			`return;`
			`}`

			`if (typeof password != 'string') {`
			`res.sendStatus(400);`
			`return;`
			`}`

#967 2017-12-08 06:57:58 -07:00			`if (token != null && typeof token != 'string') {`
			`res.sendStatus(400);`
			`return;`
			`}`

Initial commit :four_leaf_clover: 2016-12-28 15:49:51 -07:00			`// Fetch user`
Refactor 2018-04-01 13:01:34 -06:00			`const user = await User.findOne({`
Resolve conflicts 2018-03-28 23:48:47 -06:00			`usernameLower: username.toLowerCase(),`
Implement remote account resolution 2018-03-27 01:51:12 -06:00			`host: null`
[Server] Some performance improvements 2017-02-21 21:08:33 -07:00			`}, {`
			`fields: {`
			`data: false,`
Some bug fixes 2018-04-07 12:58:11 -06:00			`'profile': false`
[Server] Some performance improvements 2017-02-21 21:08:33 -07:00			`}`
Refactor 2018-04-01 13:01:34 -06:00			`}) as ILocalUser;`
Initial commit :four_leaf_clover: 2016-12-28 15:49:51 -07:00
			`if (user === null) {`
Fix #238 2017-03-09 14:42:57 -07:00			`res.status(404).send({`
			`error: 'user not found'`
			`});`
Initial commit :four_leaf_clover: 2016-12-28 15:49:51 -07:00			`return;`
			`}`

			`// Compare password`
Fix bugs 2018-04-07 13:44:59 -06:00			`const same = await bcrypt.compare(password, user.password);`
Initial commit :four_leaf_clover: 2016-12-28 15:49:51 -07:00
			`if (same) {`
Some bug fixes 2018-04-07 12:58:11 -06:00			`if (user.twoFactorEnabled) {`
#967 2017-12-08 06:57:58 -07:00			`const verified = (speakeasy as any).totp.verify({`
Some bug fixes 2018-04-07 12:58:11 -06:00			`secret: user.twoFactorSecret,`
#967 2017-12-08 06:57:58 -07:00			`encoding: 'base32',`
			`token: token`
			`});`

			`if (verified) {`
			`signin(res, user, false);`
			`} else {`
			`res.status(400).send({`
			`error: 'invalid token'`
			`});`
			`}`
			`} else {`
			`signin(res, user, false);`
			`}`
Initial commit :four_leaf_clover: 2016-12-28 15:49:51 -07:00			`} else {`
Fix #238 2017-03-09 14:42:57 -07:00			`res.status(400).send({`
			`error: 'incorrect password'`
			`});`
Initial commit :four_leaf_clover: 2016-12-28 15:49:51 -07:00			`}`

			`// Append signin history`
Fix bug 2017-01-16 18:49:27 -07:00			`const record = await Signin.insert({`
Resolve conflicts 2018-03-28 23:48:47 -06:00			`createdAt: new Date(),`
			`userId: user._id,`
Initial commit :four_leaf_clover: 2016-12-28 15:49:51 -07:00			`ip: req.ip,`
			`headers: req.headers,`
			`success: same`
			`});`

			`// Publish signin event`
wip 2018-02-01 16:21:30 -07:00			`event(user._id, 'signin', await pack(record));`
Initial commit :four_leaf_clover: 2016-12-28 15:49:51 -07:00			`};`