This commit is contained in:
syuilo 2017-03-03 19:39:41 +09:00
parent e2461a9314
commit d1557bcae8
4 changed files with 18 additions and 24 deletions

View file

@ -5,6 +5,7 @@
*/
import rndstr from 'rndstr';
const crypto = require('crypto');
import it from '../../it';
import App from '../../models/app';
import AuthSess from '../../models/auth-session';
import AccessToken from '../../models/access-token';
@ -43,21 +44,19 @@ module.exports = (params, user) =>
new Promise(async (res, rej) =>
{
// Get 'token' parameter
const sesstoken = params.token;
if (sesstoken == null) {
return rej('token is required');
}
const [token, tokenErr] = it(params.token).expect.string().required().qed();
if (tokenErr) return rej('invalid token param');
// Fetch token
const session = await AuthSess
.findOne({ token: sesstoken });
.findOne({ token: token });
if (session === null) {
return rej('session not found');
}
// Generate access token
const token = rndstr('a-zA-Z0-9', 32);
const accessToken = rndstr('a-zA-Z0-9', 32);
// Fetch exist access token
const exist = await AccessToken.findOne({
@ -73,7 +72,7 @@ module.exports = (params, user) =>
// Generate Hash
const sha256 = crypto.createHash('sha256');
sha256.update(token + app.secret);
sha256.update(accessToken + app.secret);
const hash = sha256.digest('hex');
// Insert access token doc
@ -81,7 +80,7 @@ module.exports = (params, user) =>
created_at: new Date(),
app_id: session.app_id,
user_id: user._id,
token: token,
token: accessToken,
hash: hash
});
}

View file

@ -4,6 +4,7 @@
* Module dependencies
*/
import * as uuid from 'uuid';
import it from '../../../it';
import App from '../../../models/app';
import AuthSess from '../../../models/auth-session';
import config from '../../../../conf';
@ -49,10 +50,8 @@ module.exports = (params) =>
new Promise(async (res, rej) =>
{
// Get 'app_secret' parameter
const appSecret = params.app_secret;
if (appSecret == null) {
return rej('app_secret is required');
}
const [appSecret, appSecretErr] = it(params.app_secret).expect.string().required().qed();
if (appSecretErr) return rej('invalid app_secret param');
// Lookup app
const app = await App.findOne({

View file

@ -3,6 +3,7 @@
/**
* Module dependencies
*/
import it from '../../../it';
import AuthSess from '../../../models/auth-session';
import serialize from '../../../serializers/auth-session';
@ -57,10 +58,8 @@ module.exports = (params, user) =>
new Promise(async (res, rej) =>
{
// Get 'token' parameter
const token = params.token;
if (token == null) {
return rej('token is required');
}
const [token, tokenErr] = it(params.token).expect.string().required().qed();
if (tokenErr) return rej('invalid token param');
// Lookup session
const session = await AuthSess.findOne({

View file

@ -3,6 +3,7 @@
/**
* Module dependencies
*/
import it from '../../../it';
import App from '../../../models/app';
import AuthSess from '../../../models/auth-session';
import AccessToken from '../../../models/access-token';
@ -53,10 +54,8 @@ import serialize from '../../../serializers/user';
module.exports = (params) =>
new Promise(async (res, rej) => {
// Get 'app_secret' parameter
const appSecret = params.app_secret;
if (appSecret == null) {
return rej('app_secret is required');
}
const [appSecret, appSecretErr] = it(params.app_secret).expect.string().required().qed();
if (appSecretErr) return rej('invalid app_secret param');
// Lookup app
const app = await App.findOne({
@ -68,10 +67,8 @@ module.exports = (params) =>
}
// Get 'token' parameter
const token = params.token;
if (token == null) {
return rej('token is required');
}
const [token, tokenErr] = it(params.token).expect.string().required().qed();
if (tokenErr) return rej('invalid token param');
// Fetch token
const session = await AuthSess