| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 |
- const app = require('./app')
- const db = require('./db')
- const log = require('./log')
- const { hashPassword, genSeed, authorize, createToken } = require('./security')
- app.post('/signup', async (req, res) => {
- if (!req.body.name) throw new Error('Missing name')
- if (!req.body.password) throw new Error('Missing password')
- if (!req.body.email) throw new Error('Missing email')
- const email = req.body.email.toLowerCase().trim()
- const existing = await db.users.get(email)
- if (existing) throw new Error('User already exists.')
- const seed = genSeed()
- const password = hashPassword({password: req.body.password, email, seed})
- const user = {
- name: req.body.name,
- email: req.body.email,
- password,
- seed,
- ip: req.ip,
- created: Date.now()
- }
- await db.users.put(email, user)
- log({
- type: 'user-created',
- user
- })
- res.status(200).send({
- token: createToken(user)
- })
- })
- app.post('/login', async (req, res) => {
- if (!req.body.password) throw new Error('Missing password')
- if (!req.body.email) throw new Error('Missing email')
- const email = req.body.email.toLowerCase().trim()
- const user = await db.users.get(email)
- if (user) {
- const password = hashPassword({
- password: req.body.password,
- seed: user.seed,
- email
- })
- if (password === user.password) {
- log({ type: 'login', user})
- res.status(200).send({
- token: createToken(user)
- })
- return
- }
- }
- res.status(400).send({
- error: 'Login failed'
- })
- })
- app.post('/renew', authorize(), async (req, res) => {
- log({
- type: 'renew',
- user: req.identity
- })
- const identity = {...req.identity}
- delete identity.eat
- delete identity.iat
- res.status(200).send({
- token: createToken(identity)
- })
- })
- app.start()
|
