alancnet
/
rss-unlimited


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102
							const app = require('./app')
const db = require('./db')
const log = require('./log')
const { hashPassword, genSeed, genKey, authorize, createToken } = require('./security')
const { sendmail } = require('./mail')

app.post('/signup', async (req, res) => {
  if (!req.body.name) throw new Error('Missing name')
  if (!req.body.password) throw new Error('Missing password')
  if (!req.body.email) throw new Error('Missing email')
  const email = req.body.email.toLowerCase().trim()
  const existing = await db.users.get(email)
  if (existing && existing.confirmed) throw new Error('User already exists.')
  const seed = genSeed()
  const password = hashPassword({password: req.body.password, email, seed})
  const confirmKey = genKey()
  const user = {
    name: req.body.name,
    email: req.body.email,
    password,
    seed,
    ip: req.ip,
    confirmed: false,
    confirmKey,
    keyCreated: Date.now(),
    failCount: 0,
    created: Date.now()
  }

  const mailResult = await sendmail({
    to: `${user.name} <${user.email}>`,
    from: `RSS Unlimited <noreply@rssunlimited.com>`,
    subject: `Please verify your email address.`,
    text: `Enter the following code to confirm your email address on RSSUnlimited.com:\n\n${confirmKey}`
  })

  await db.users.put(email, user)

  log({
    type: 'user-created',
    user
  })

  res.status(200).send({})
})

app.post('/confirm', async (req, res) => {
  if (!req.body.confirmKey) throw new Error('Missing confirmKey')
  if (!req.body.email) throw new Error('Missing email')
  const email = req.body.email.toLowerCase().trim()
  const user = await db.users.get(email)
  if (user && !user.confirmed && user.confirmKey.toUpperCase() === req.body.confirmKey.toUpperCase().trim()) {
    user.confirmed = true
    db.users.put(email, user)
    res.status(200).send({
      token: createToken(user)
    })
  } else {
    res.status(400).send({
      error: 'Something went wrong :('
    })
  }
})

app.post('/login', async (req, res) => {
  if (!req.body.password) throw new Error('Missing password')
  if (!req.body.email) throw new Error('Missing email')
  const email = req.body.email.toLowerCase().trim()
  const user = await db.users.get(email)
  if (user) {
    const password = hashPassword({
      password: req.body.password,
      seed: user.seed,
      email
    })
    if (password === user.password) {
      log({ type: 'login', user})
      res.status(200).send({
        token: createToken(user)
      })
      return
    }
  }
  res.status(400).send({
    error: 'Login failed'
  })
})

app.post('/renew', authorize(), async (req, res) => {
  log({
    type: 'renew',
    user: req.identity
  })
  const identity = {...req.identity}
  delete identity.eat
  delete identity.iat
  res.status(200).send({
    token: createToken(identity)
  })
})

app.start()