Introduce processor
This commit is contained in:
Akihiko Odaki
91
src/server/api/private/signin.ts
Normal file
91
src/server/api/private/signin.ts
Normal file
@@ -0,0 +1,91 @@
|
||||
import * as express from 'express';
|
||||
import * as bcrypt from 'bcryptjs';
|
||||
import * as speakeasy from 'speakeasy';
|
||||
import { default as User, ILocalAccount, IUser } from '../models/user';
|
||||
import Signin, { pack } from '../models/signin';
|
||||
import event from '../event';
|
||||
import signin from '../common/signin';
|
||||
import config from '../../../conf';
|
||||
|
||||
export default async (req: express.Request, res: express.Response) => {
|
||||
res.header('Access-Control-Allow-Origin', config.url);
|
||||
res.header('Access-Control-Allow-Credentials', 'true');
|
||||
|
||||
const username = req.body['username'];
|
||||
const password = req.body['password'];
|
||||
const token = req.body['token'];
|
||||
|
||||
if (typeof username != 'string') {
|
||||
res.sendStatus(400);
|
||||
return;
|
||||
}
|
||||
|
||||
if (typeof password != 'string') {
|
||||
res.sendStatus(400);
|
||||
return;
|
||||
}
|
||||
|
||||
if (token != null && typeof token != 'string') {
|
||||
res.sendStatus(400);
|
||||
return;
|
||||
}
|
||||
|
||||
// Fetch user
|
||||
const user: IUser = await User.findOne({
|
||||
username_lower: username.toLowerCase(),
|
||||
host: null
|
||||
}, {
|
||||
fields: {
|
||||
data: false,
|
||||
'account.profile': false
|
||||
}
|
||||
});
|
||||
|
||||
if (user === null) {
|
||||
res.status(404).send({
|
||||
error: 'user not found'
|
||||
});
|
||||
return;
|
||||
}
|
||||
|
||||
const account = user.account as ILocalAccount;
|
||||
|
||||
// Compare password
|
||||
const same = await bcrypt.compare(password, account.password);
|
||||
|
||||
if (same) {
|
||||
if (account.two_factor_enabled) {
|
||||
const verified = (speakeasy as any).totp.verify({
|
||||
secret: account.two_factor_secret,
|
||||
encoding: 'base32',
|
||||
token: token
|
||||
});
|
||||
|
||||
if (verified) {
|
||||
signin(res, user, false);
|
||||
} else {
|
||||
res.status(400).send({
|
||||
error: 'invalid token'
|
||||
});
|
||||
}
|
||||
} else {
|
||||
signin(res, user, false);
|
||||
}
|
||||
} else {
|
||||
res.status(400).send({
|
||||
error: 'incorrect password'
|
||||
});
|
||||
}
|
||||
|
||||
// Append signin history
|
||||
const record = await Signin.insert({
|
||||
created_at: new Date(),
|
||||
user_id: user._id,
|
||||
ip: req.ip,
|
||||
headers: req.headers,
|
||||
success: same
|
||||
});
|
||||
|
||||
// Publish signin event
|
||||
event(user._id, 'signin', await pack(record));
|
||||
};
|
||||
Reference in New Issue
Block a user