This commit is contained in:
syuilo 2017-03-03 19:39:41 +09:00
parent efaf6b8415
commit c7542dfe87
4 changed files with 18 additions and 24 deletions

View File

@ -5,6 +5,7 @@
*/ */
import rndstr from 'rndstr'; import rndstr from 'rndstr';
const crypto = require('crypto'); const crypto = require('crypto');
import it from '../../it';
import App from '../../models/app'; import App from '../../models/app';
import AuthSess from '../../models/auth-session'; import AuthSess from '../../models/auth-session';
import AccessToken from '../../models/access-token'; import AccessToken from '../../models/access-token';
@ -43,21 +44,19 @@ module.exports = (params, user) =>
new Promise(async (res, rej) => new Promise(async (res, rej) =>
{ {
// Get 'token' parameter // Get 'token' parameter
const sesstoken = params.token; const [token, tokenErr] = it(params.token).expect.string().required().qed();
if (sesstoken == null) { if (tokenErr) return rej('invalid token param');
return rej('token is required');
}
// Fetch token // Fetch token
const session = await AuthSess const session = await AuthSess
.findOne({ token: sesstoken }); .findOne({ token: token });
if (session === null) { if (session === null) {
return rej('session not found'); return rej('session not found');
} }
// Generate access token // Generate access token
const token = rndstr('a-zA-Z0-9', 32); const accessToken = rndstr('a-zA-Z0-9', 32);
// Fetch exist access token // Fetch exist access token
const exist = await AccessToken.findOne({ const exist = await AccessToken.findOne({
@ -73,7 +72,7 @@ module.exports = (params, user) =>
// Generate Hash // Generate Hash
const sha256 = crypto.createHash('sha256'); const sha256 = crypto.createHash('sha256');
sha256.update(token + app.secret); sha256.update(accessToken + app.secret);
const hash = sha256.digest('hex'); const hash = sha256.digest('hex');
// Insert access token doc // Insert access token doc
@ -81,7 +80,7 @@ module.exports = (params, user) =>
created_at: new Date(), created_at: new Date(),
app_id: session.app_id, app_id: session.app_id,
user_id: user._id, user_id: user._id,
token: token, token: accessToken,
hash: hash hash: hash
}); });
} }

View File

@ -4,6 +4,7 @@
* Module dependencies * Module dependencies
*/ */
import * as uuid from 'uuid'; import * as uuid from 'uuid';
import it from '../../../it';
import App from '../../../models/app'; import App from '../../../models/app';
import AuthSess from '../../../models/auth-session'; import AuthSess from '../../../models/auth-session';
import config from '../../../../conf'; import config from '../../../../conf';
@ -49,10 +50,8 @@ module.exports = (params) =>
new Promise(async (res, rej) => new Promise(async (res, rej) =>
{ {
// Get 'app_secret' parameter // Get 'app_secret' parameter
const appSecret = params.app_secret; const [appSecret, appSecretErr] = it(params.app_secret).expect.string().required().qed();
if (appSecret == null) { if (appSecretErr) return rej('invalid app_secret param');
return rej('app_secret is required');
}
// Lookup app // Lookup app
const app = await App.findOne({ const app = await App.findOne({

View File

@ -3,6 +3,7 @@
/** /**
* Module dependencies * Module dependencies
*/ */
import it from '../../../it';
import AuthSess from '../../../models/auth-session'; import AuthSess from '../../../models/auth-session';
import serialize from '../../../serializers/auth-session'; import serialize from '../../../serializers/auth-session';
@ -57,10 +58,8 @@ module.exports = (params, user) =>
new Promise(async (res, rej) => new Promise(async (res, rej) =>
{ {
// Get 'token' parameter // Get 'token' parameter
const token = params.token; const [token, tokenErr] = it(params.token).expect.string().required().qed();
if (token == null) { if (tokenErr) return rej('invalid token param');
return rej('token is required');
}
// Lookup session // Lookup session
const session = await AuthSess.findOne({ const session = await AuthSess.findOne({

View File

@ -3,6 +3,7 @@
/** /**
* Module dependencies * Module dependencies
*/ */
import it from '../../../it';
import App from '../../../models/app'; import App from '../../../models/app';
import AuthSess from '../../../models/auth-session'; import AuthSess from '../../../models/auth-session';
import AccessToken from '../../../models/access-token'; import AccessToken from '../../../models/access-token';
@ -53,10 +54,8 @@ import serialize from '../../../serializers/user';
module.exports = (params) => module.exports = (params) =>
new Promise(async (res, rej) => { new Promise(async (res, rej) => {
// Get 'app_secret' parameter // Get 'app_secret' parameter
const appSecret = params.app_secret; const [appSecret, appSecretErr] = it(params.app_secret).expect.string().required().qed();
if (appSecret == null) { if (appSecretErr) return rej('invalid app_secret param');
return rej('app_secret is required');
}
// Lookup app // Lookup app
const app = await App.findOne({ const app = await App.findOne({
@ -68,10 +67,8 @@ module.exports = (params) =>
} }
// Get 'token' parameter // Get 'token' parameter
const token = params.token; const [token, tokenErr] = it(params.token).expect.string().required().qed();
if (token == null) { if (tokenErr) return rej('invalid token param');
return rej('token is required');
}
// Fetch token // Fetch token
const session = await AuthSess const session = await AuthSess