| 123456789101112131415161718192021222324252627282930313233343536373839404142 |
- const _ = require('lodash')
- const config = require('../../../config')
- const bcrypt = require('bcryptjs')
- const JWT = require('jsonwebtoken')
- const aguid = require('aguid')
- const { User, Session } = require('../../database')
- module.exports = {
- post: async (req, res) => {
- const user = await User.find({where: {email: req.body.email}})
- if (user) {
- const success = await bcrypt.compare(req.body.password, user.password)
- if (success) {
- const permissions = _.chain(await user.getRoles({paranoid: !config.hiddenRoles}))
- .map(role => (role.permissions || '').split(','))
- .flatten()
- .uniq()
- .map(permission => [permission, 1])
- .fromPairs()
- .value()
- const sid = aguid()
- const exp = Math.floor(Date.now()/1000) + config.auth.jwtExpires
- await Session.create({
- id: sid,
- startAt: Date.now(),
- endAt : exp,
- })
- const token = JWT.sign({
- sid,
- exp,
- ...permissions,
- user: user.sanitize()
- }, config.auth.jwtSecret);
- return res.status(200).send({
- user: user.sanitize(),
- token
- })
- }
- }
- return res.send(401)
- }
- }
|
