misskey/src/api/private/signin.ts

65 lines
1.3 KiB
TypeScript
Raw Normal View History

2016-12-28 23:49:51 +01:00
import * as express from 'express';
2017-01-18 06:19:50 +01:00
import * as bcrypt from 'bcryptjs';
2017-09-16 10:31:37 +02:00
import { default as User, IUser } from '../models/user';
2016-12-28 23:49:51 +01:00
import Signin from '../models/signin';
import serialize from '../serializers/signin';
import event from '../event';
2017-11-23 05:25:33 +01:00
import signin from '../common/signin';
2016-12-28 23:49:51 +01:00
export default async (req: express.Request, res: express.Response) => {
res.header('Access-Control-Allow-Credentials', 'true');
const username = req.body['username'];
const password = req.body['password'];
2017-02-22 11:39:34 +01:00
if (typeof username != 'string') {
res.sendStatus(400);
return;
}
if (typeof password != 'string') {
res.sendStatus(400);
return;
}
2016-12-28 23:49:51 +01:00
// Fetch user
2017-09-16 10:31:37 +02:00
const user: IUser = await User.findOne({
2016-12-28 23:49:51 +01:00
username_lower: username.toLowerCase()
2017-02-22 05:08:33 +01:00
}, {
fields: {
data: false,
profile: false
}
2016-12-28 23:49:51 +01:00
});
if (user === null) {
2017-03-09 22:42:57 +01:00
res.status(404).send({
error: 'user not found'
});
2016-12-28 23:49:51 +01:00
return;
}
// Compare password
2017-11-08 06:58:48 +01:00
const same = await bcrypt.compare(password, user.password);
2016-12-28 23:49:51 +01:00
if (same) {
2017-11-23 05:25:33 +01:00
signin(res, user, false);
2016-12-28 23:49:51 +01:00
} else {
2017-03-09 22:42:57 +01:00
res.status(400).send({
error: 'incorrect password'
});
2016-12-28 23:49:51 +01:00
}
// Append signin history
2017-01-17 02:49:27 +01:00
const record = await Signin.insert({
2016-12-28 23:49:51 +01:00
created_at: new Date(),
user_id: user._id,
ip: req.ip,
headers: req.headers,
success: same
});
// Publish signin event
event(user._id, 'signin', await serialize(record));
};