Domů Procházet Nápověda
Přihlásit se
Vieraw
/
Kutt
1
0
Rozštěpit 0
Soubory Úkoly 0 Pull Requesty 0 Wiki
Strom: ed6f77876d
Větve Značky
Kutt
/
server
/
controllers
/
authController.js

authController.js 6.8 KB
Historie Surový

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210 
  1. const fs = require('fs');
    2. 

  2. const path = require('path');
    3. 

  3. const passport = require('passport');
    4. 

  4. const JWT = require('jsonwebtoken');
    5. 

  5. const axios = require('axios');
    6. 

  6. const config = require('../config');
    7. 

  7. const { isAdmin } = require('../utils');
    8. 

  8. const transporter = require('../mail/mail');
    9. 

  9. const { resetMailText, verifyMailText } = require('../mail/text');
    10. 

  10. const {
    11. 

  11.   createUser,
    12. 

  12.   changePassword,
    13. 

  13.   generateApiKey,
    14. 

  14.   getUser,
    15. 

  15.   verifyUser,
    16. 

  16.   requestPasswordReset,
    17. 

  17.   resetPassword,
    18. 

  18. } = require('../db/user');
    19. 

  19. 

  20. /* Read email template */
    21. 

  21. const resetEmailTemplatePath = path.join(__dirname, '../mail/template-reset.html');
    22. 

  22. const verifyEmailTemplatePath = path.join(__dirname, '../mail/template-verify.html');
    23. 

  23. const resetEmailTemplate = fs
    24. 

  24.   .readFileSync(resetEmailTemplatePath, { encoding: 'utf-8' })
    25. 

  25.   .replace(/{{domain}}/gm, config.DEFAULT_DOMAIN);
    26. 

  26. const verifyEmailTemplate = fs
    27. 

  27.   .readFileSync(verifyEmailTemplatePath, { encoding: 'utf-8' })
    28. 

  28.   .replace(/{{domain}}/gm, config.DEFAULT_DOMAIN);
    29. 

  29. 

  30. /* Function to generate JWT */
    31. 

  31. const signToken = user =>
    32. 

  32.   JWT.sign(
    33. 

  33.     {
    34. 

  34.       iss: 'ApiAuth',
    35. 

  35.       sub: user.email,
    36. 

  36.       domain: user.domain || '',
    37. 

  37.       admin: isAdmin(user.email),
    38. 

  38.       iat: new Date().getTime(),
    39. 

  39.       exp: new Date().setDate(new Date().getDate() + 7),
    40. 

  40.     },
    41. 

  41.     config.JWT_SECRET
    42. 

  42.   );
    43. 

  43. 

  44. /* Passport.js authentication controller */
    45. 

  45. const authenticate = (type, error, isStrict = true) =>
    46. 

  46.   function auth(req, res, next) {
    47. 

  47.     if (req.user) return next();
    48. 

  48.     return passport.authenticate(type, (err, user) => {
    49. 

  49.       if (err) return res.status(400);
    50. 

  50.       if (!user && isStrict) return res.status(401).json({ error });
    51. 

  51.       if (user && isStrict && !user.verified) {
    52. 

  52.         return res.status(400).json({
    53. 

  53.           error:
    54. 

  54.             'Your email address is not verified.' +
    55. 

  55.             'Click on signup to get the verification link again.',
    56. 

  56.         });
    57. 

  57.       }
    58. 

  58.       if (user && user.banned) {
    59. 

  59.         return res.status(400).json({ error: 'Your are banned from using this website.' });
    60. 

  60.       }
    61. 

  61.       if (user) {
    62. 

  62.         req.user = {
    63. 

  63.           ...user,
    64. 

  64.           admin: isAdmin(user.email),
    65. 

  65.         };
    66. 

  66.         return next();
    67. 

  67.       }
    68. 

  68.       return next();
    69. 

  69.     })(req, res, next);
    70. 

  70.   };
    71. 

  71. 

  72. exports.authLocal = authenticate('local', 'Login email and/or password are wrong.');
    73. 

  73. exports.authJwt = authenticate('jwt', 'Unauthorized.');
    74. 

  74. exports.authJwtLoose = authenticate('jwt', 'Unauthorized.', false);
    75. 

  75. exports.authApikey = authenticate('localapikey', 'API key is not correct.', false);
    76. 

  76. 

  77. /* reCaptcha controller */
    78. 

  78. exports.recaptcha = async (req, res, next) => {
    79. 

  79.   if (!req.user) {
    80. 

  80.     const isReCaptchaValid = await axios({
    81. 

  81.       method: 'post',
    82. 

  82.       url: 'https://www.google.com/recaptcha/api/siteverify',
    83. 

  83.       headers: {
    84. 

  84.         'Content-type': 'application/x-www-form-urlencoded',
    85. 

  85.       },
    86. 

  86.       params: {
    87. 

  87.         secret: config.RECAPTCHA_SECRET_KEY,
    88. 

  88.         response: req.body.reCaptchaToken,
    89. 

  89.         remoteip: req.realIp,
    90. 

  90.       },
    91. 

  91.     });
    92. 

  92.     if (!isReCaptchaValid.data.success) {
    93. 

  93.       return res.status(401).json({ error: 'reCAPTCHA is not valid. Try again.' });
    94. 

  94.     }
    95. 

  95.   }
    96. 

  96.   return next();
    97. 

  97. };
    98. 

  98. 

  99. exports.authAdmin = async (req, res, next) => {
    100. 

  100.   if (!req.user.admin) {
    101. 

  101.     return res.status(401).json({ error: 'Unauthorized.' });
    102. 

  102.   }
    103. 

  103.   return next();
    104. 

  104. };
    105. 

  105. 

  106. exports.signup = async (req, res) => {
    107. 

  107.   const { email, password } = req.body;
    108. 

  108.   if (password.length > 64) {
    109. 

  109.     return res.status(400).json({ error: 'Maximum password length is 64.' });
    110. 

  110.   }
    111. 

  111.   if (email.length > 64) {
    112. 

  112.     return res.status(400).json({ error: 'Maximum email length is 64.' });
    113. 

  113.   }
    114. 

  114.   const user = await getUser({ email });
    115. 

  115.   if (user && user.verified) return res.status(403).json({ error: 'Email is already in use.' });
    116. 

  116.   const newUser = await createUser({ email, password });
    117. 

  117.   const mail = await transporter.sendMail({
    118. 

  118.     from: config.MAIL_FROM || config.MAIL_USER,
    119. 

  119.     to: newUser.email,
    120. 

  120.     subject: 'Verify your account',
    121. 

  121.     text: verifyMailText.replace('{{verification}}', newUser.verificationToken),
    122. 

  122.     html: verifyEmailTemplate.replace('{{verification}}', newUser.verificationToken),
    123. 

  123.   });
    124. 

  124.   if (mail.accepted.length) {
    125. 

  125.     return res.status(201).json({ email, message: 'Verification email has been sent.' });
    126. 

  126.   }
    127. 

  127.   return res.status(400).json({ error: "Couldn't send verification email. Try again." });
    128. 

  128. };
    129. 

  129. 

  130. exports.login = ({ user }, res) => {
    131. 

  131.   const token = signToken(user);
    132. 

  132.   return res.status(200).json({ token });
    133. 

  133. };
    134. 

  134. 

  135. exports.renew = ({ user }, res) => {
    136. 

  136.   const token = signToken(user);
    137. 

  137.   return res.status(200).json({ token });
    138. 

  138. };
    139. 

  139. 

  140. exports.verify = async (req, res, next) => {
    141. 

  141.   const { verificationToken = '' } = req.params;
    142. 

  142.   const user = await verifyUser({ verificationToken });
    143. 

  143.   if (user) {
    144. 

  144.     const token = signToken(user);
    145. 

  145.     req.user = { token };
    146. 

  146.   }
    147. 

  147.   return next();
    148. 

  148. };
    149. 

  149. 

  150. exports.changePassword = async ({ body: { password }, user }, res) => {
    151. 

  151.   if (password.length < 8) {
    152. 

  152.     return res.status(400).json({ error: 'Password must be at least 8 chars long.' });
    153. 

  153.   }
    154. 

  154.   if (password.length > 64) {
    155. 

  155.     return res.status(400).json({ error: 'Maximum password length is 64.' });
    156. 

  156.   }
    157. 

  157.   const changedUser = await changePassword({ email: user.email, password });
    158. 

  158.   if (changedUser) {
    159. 

  159.     return res.status(200).json({ message: 'Your password has been changed successfully.' });
    160. 

  160.   }
    161. 

  161.   return res.status(400).json({ error: "Couldn't change the password. Try again later" });
    162. 

  162. };
    163. 

  163. 

  164. exports.generateApiKey = async ({ user }, res) => {
    165. 

  165.   const { apikey } = await generateApiKey({ email: user.email });
    166. 

  166.   if (apikey) {
    167. 

  167.     return res.status(201).json({ apikey });
    168. 

  168.   }
    169. 

  169.   return res.status(400).json({ error: 'Sorry, an error occured. Please try again later.' });
    170. 

  170. };
    171. 

  171. 

  172. exports.userSettings = ({ user }, res) =>
    173. 

  173.   res.status(200).json({
    174. 

  174.     apikey: user.apikey || '',
    175. 

  175.     customDomain: user.domain || '',
    176. 

  176.     homepage: user.homepage || '',
    177. 

  177.     useHttps: user.useHttps || false,
    178. 

  178.   });
    179. 

  179. 

  180. exports.requestPasswordReset = async ({ body: { email } }, res) => {
    181. 

  181.   const user = await requestPasswordReset({ email });
    182. 

  182.   if (!user) {
    183. 

  183.     return res.status(400).json({ error: "Couldn't reset password." });
    184. 

  184.   }
    185. 

  185.   const mail = await transporter.sendMail({
    186. 

  186.     from: config.MAIL_USER,
    187. 

  187.     to: user.email,
    188. 

  188.     subject: 'Reset your password',
    189. 

  189.     text: resetMailText
    190. 

  190.       .replace(/{{resetpassword}}/gm, user.resetPasswordToken)
    191. 

  191.       .replace(/{{domain}}/gm, config.DEFAULT_DOMAIN),
    192. 

  192.     html: resetEmailTemplate
    193. 

  193.       .replace(/{{resetpassword}}/gm, user.resetPasswordToken)
    194. 

  194.       .replace(/{{domain}}/gm, config.DEFAULT_DOMAIN),
    195. 

  195.   });
    196. 

  196.   if (mail.accepted.length) {
    197. 

  197.     return res.status(200).json({ email, message: 'Reset password email has been sent.' });
    198. 

  198.   }
    199. 

  199.   return res.status(400).json({ error: "Couldn't reset password." });
    200. 

  200. };
    201. 

  201. 

  202. exports.resetPassword = async (req, res, next) => {
    203. 

  203.   const { resetPasswordToken = '' } = req.params;
    204. 

  204.   const user = await resetPassword({ resetPasswordToken });
    205. 

  205.   if (user) {
    206. 

  206.     const token = signToken(user);
    207. 

  207.     req.user = { token };
    208. 

  208.   }
    209. 

  209.   return next();
    210. 

  210. };
    211.