hippofish/src/api/private/signin.ts
2018-03-27 23:51:21 +09:00

91 lines
1.9 KiB
TypeScript

import * as express from 'express';
import * as bcrypt from 'bcryptjs';
import * as speakeasy from 'speakeasy';
import { default as User, ILocalAccount, IUser } from '../models/user';
import Signin, { pack } from '../models/signin';
import event from '../event';
import signin from '../common/signin';
import config from '../../conf';
export default async (req: express.Request, res: express.Response) => {
res.header('Access-Control-Allow-Origin', config.url);
res.header('Access-Control-Allow-Credentials', 'true');
const username = req.body['username'];
const password = req.body['password'];
const token = req.body['token'];
if (typeof username != 'string') {
res.sendStatus(400);
return;
}
if (typeof password != 'string') {
res.sendStatus(400);
return;
}
if (token != null && typeof token != 'string') {
res.sendStatus(400);
return;
}
// Fetch user
const user: IUser = await User.findOne({
username_lower: username.toLowerCase(),
host: null
}, {
fields: {
data: false,
'account.profile': false
}
});
if (user === null) {
res.status(404).send({
error: 'user not found'
});
return;
}
const account = user.account as ILocalAccount;
// Compare password
const same = await bcrypt.compare(password, account.password);
if (same) {
if (account.two_factor_enabled) {
const verified = (speakeasy as any).totp.verify({
secret: account.two_factor_secret,
encoding: 'base32',
token: token
});
if (verified) {
signin(res, user, false);
} else {
res.status(400).send({
error: 'invalid token'
});
}
} else {
signin(res, user, false);
}
} else {
res.status(400).send({
error: 'incorrect password'
});
}
// Append signin history
const record = await Signin.insert({
created_at: new Date(),
user_id: user._id,
ip: req.ip,
headers: req.headers,
success: same
});
// Publish signin event
event(user._id, 'signin', await pack(record));
};