yumechi-no-kuni/src/api/endpoints/auth/accept.js

'use strict';

/**
 * Module dependencies
 */
import rndstr from 'rndstr';
const crypto = require('crypto');
import App from '../../models/app';
import AuthSess from '../../models/auth-session';
import Userkey from '../../models/userkey';

/**
 * Accept
 *
 * @param {Object} params
 * @param {Object} user
 * @return {Promise<object>}
 */
module.exports = (params, user) =>
	new Promise(async (res, rej) =>
{
	// Get 'token' parameter
	const token = params.token;
	if (token == null) {
		return rej('token is required');
	}

	// Fetch token
	const session = await AuthSess
		.findOne({ token: token });

	if (session === null) {
		return rej('session not found');
	}

	// Generate userkey
	const key = rndstr('a-zA-Z0-9', 32);

	// Fetch exist userkey
	const exist = await Userkey.findOne({
		app_id: session.app_id,
		user_id: user._id,
	});

	if (exist === null) {
		// Lookup app
		const app = await App.findOne({
			app_id: session.app_id
		});

		// Generate Hash
		const sha512 = crypto.createHash('sha512');
		sha512.update(key + app.secret);
		const hash = sha512.digest('hex');

		// Insert userkey doc
		await Userkey.insert({
			created_at: new Date(),
			app_id: session.app_id,
			user_id: user._id,
			key: key,
			hash: hash
		});
	}

	// Update session
	await AuthSess.updateOne({
		_id: session._id
	}, {
		$set: {
			user_id: user._id
		}
	});

	// Response
	res();
});
Initial commit :four_leaf_clover: 2016-12-28 16:49:51 -06:00			`'use strict';`

			`/**`
			`* Module dependencies`
			`*/`
			`import rndstr from 'rndstr';`
[BREAKING CHANGE] Improve security 2017-01-05 20:50:46 -06:00			`const crypto = require('crypto');`
			`import App from '../../models/app';`
Initial commit :four_leaf_clover: 2016-12-28 16:49:51 -06:00			`import AuthSess from '../../models/auth-session';`
			`import Userkey from '../../models/userkey';`

			`/**`
			`* Accept`
			`*`
			`* @param {Object} params`
			`* @param {Object} user`
			`* @return {Promise<object>}`
			`*/`
			`module.exports = (params, user) =>`
			`new Promise(async (res, rej) =>`
			`{`
			`// Get 'token' parameter`
			`const token = params.token;`
			`if (token == null) {`
			`return rej('token is required');`
			`}`

			`// Fetch token`
			`const session = await AuthSess`
			`.findOne({ token: token });`

			`if (session === null) {`
			`return rej('session not found');`
			`}`

			`// Generate userkey`
			`const key = rndstr('a-zA-Z0-9', 32);`

			`// Fetch exist userkey`
			`const exist = await Userkey.findOne({`
			`app_id: session.app_id,`
			`user_id: user._id,`
			`});`

			`if (exist === null) {`
[BREAKING CHANGE] Improve security 2017-01-05 20:50:46 -06:00			`// Lookup app`
			`const app = await App.findOne({`
			`app_id: session.app_id`
			`});`

			`// Generate Hash`
			`const sha512 = crypto.createHash('sha512');`
			`sha512.update(key + app.secret);`
			`const hash = sha512.digest('hex');`

Initial commit :four_leaf_clover: 2016-12-28 16:49:51 -06:00			`// Insert userkey doc`
			`await Userkey.insert({`
			`created_at: new Date(),`
			`app_id: session.app_id,`
			`user_id: user._id,`
[BREAKING CHANGE] Improve security 2017-01-05 20:50:46 -06:00			`key: key,`
			`hash: hash`
Initial commit :four_leaf_clover: 2016-12-28 16:49:51 -06:00			`});`
			`}`

			`// Update session`
			`await AuthSess.updateOne({`
			`_id: session._id`
			`}, {`
			`$set: {`
			`user_id: user._id`
			`}`
			`});`

			`// Response`
			`res();`
			`});`