1 | module.exports = sessionRoutes
|
2 | module.exports.attributes = {
|
3 | name: 'account-routes-session'
|
4 | }
|
5 |
|
6 | var Boom = require('boom')
|
7 |
|
8 | var errors = require('./utils/errors')
|
9 | var joiFailAction = require('./utils/joi-fail-action')
|
10 | var serialiseSession = require('./utils/serialise-session')
|
11 | var toSessionId = require('./utils/request-to-session-id')
|
12 | var validations = require('./utils/validations')
|
13 |
|
14 | function sessionRoutes (server, options, next) {
|
15 | var admins = options.admins
|
16 | var sessions = server.plugins.account.api.sessions
|
17 | var serialise = serialiseSession.bind(null, {
|
18 | baseUrl: server.info.uri
|
19 | })
|
20 |
|
21 | var createSessionRoute = {
|
22 | method: 'PUT',
|
23 | path: '/session',
|
24 | config: {
|
25 | auth: false,
|
26 | validate: {
|
27 | headers: validations.sessionIdHeaderForbidden,
|
28 | query: validations.sessionQuery,
|
29 | payload: validations.sessionPayload,
|
30 | failAction: joiFailAction
|
31 | }
|
32 | },
|
33 | handler: function (request, reply) {
|
34 | var username = request.payload.data.attributes.username.toLowerCase()
|
35 | var password = request.payload.data.attributes.password
|
36 | var query = request.query
|
37 |
|
38 |
|
39 | admins.validatePassword(username, password)
|
40 |
|
41 | .then(
|
42 |
|
43 | function () {
|
44 | if (query.include) {
|
45 | throw errors.FORBIDDEN_ADMIN_ACCOUNT
|
46 | }
|
47 |
|
48 | return admins.calculateSessionId(username)
|
49 |
|
50 | .then(function (sessionId) {
|
51 | return {
|
52 | id: sessionId
|
53 | }
|
54 | })
|
55 | },
|
56 |
|
57 |
|
58 | function (error) {
|
59 | if (error.status === 404) {
|
60 | return sessions.add({
|
61 | account: {
|
62 | username: username,
|
63 | password: password
|
64 | },
|
65 | include: query.include
|
66 | })
|
67 | .catch(function (error) {
|
68 | if (error.status === 404) {
|
69 | throw errors.INVALID_CREDENTIALS
|
70 | }
|
71 | throw error
|
72 | })
|
73 | }
|
74 |
|
75 | throw error
|
76 | })
|
77 |
|
78 | .then(serialise)
|
79 |
|
80 | .then(function (json) {
|
81 | reply(json).code(201)
|
82 | })
|
83 |
|
84 | .catch(function (error) {
|
85 | error = errors.parse(error)
|
86 | reply(Boom.create(error.status, error.message))
|
87 | })
|
88 | }
|
89 | }
|
90 |
|
91 | var getSessionRoute = {
|
92 | method: 'GET',
|
93 | path: '/session',
|
94 | config: {
|
95 | auth: false,
|
96 | validate: {
|
97 | headers: validations.sessionIdHeader,
|
98 | query: validations.sessionQuery,
|
99 | failAction: joiFailAction
|
100 | }
|
101 | },
|
102 | handler: function (request, reply) {
|
103 | var query = request.query
|
104 | var sessionId = toSessionId(request)
|
105 |
|
106 |
|
107 | admins.validateSession(sessionId)
|
108 |
|
109 | .then(
|
110 |
|
111 | function (doc) {
|
112 | if (query.include) {
|
113 | throw errors.FORBIDDEN_ADMIN_ACCOUNT
|
114 | }
|
115 |
|
116 | return {
|
117 | id: sessionId
|
118 | }
|
119 | },
|
120 |
|
121 |
|
122 | function (error) {
|
123 | if (error.status === 404) {
|
124 | return sessions.find(sessionId, {
|
125 | include: request.query.include
|
126 | })
|
127 | .catch(function (error) {
|
128 | if (error.status === 401 || error.status === 404) {
|
129 | throw errors.INVALID_SESSION
|
130 | }
|
131 | throw error
|
132 | })
|
133 | }
|
134 |
|
135 | throw error
|
136 | })
|
137 |
|
138 | .then(serialise)
|
139 |
|
140 | .then(reply)
|
141 |
|
142 | .catch(function (error) {
|
143 | error = errors.parse(error)
|
144 | reply(Boom.create(error.status, error.message))
|
145 | })
|
146 | }
|
147 | }
|
148 |
|
149 | var deleteSessionRoute = {
|
150 | method: 'DELETE',
|
151 | path: '/session',
|
152 | config: {
|
153 | auth: false,
|
154 | validate: {
|
155 | headers: validations.sessionIdHeader,
|
156 | query: validations.sessionQuery,
|
157 | failAction: joiFailAction
|
158 | }
|
159 | },
|
160 | handler: function (request, reply) {
|
161 | var query = request.query
|
162 | var sessionId = toSessionId(request)
|
163 |
|
164 |
|
165 | admins.validateSession(sessionId)
|
166 |
|
167 | .then(
|
168 |
|
169 | function (doc) {
|
170 | if (query.include) {
|
171 | throw errors.FORBIDDEN_ADMIN_ACCOUNT
|
172 | }
|
173 | },
|
174 |
|
175 |
|
176 | function (error) {
|
177 | if (error.status === 404) {
|
178 | return sessions.remove(sessionId, {
|
179 | include: request.query.include
|
180 | })
|
181 | .catch(function (error) {
|
182 | if (error.status === 404 || error.status === 401) {
|
183 | throw errors.INVALID_SESSION
|
184 | }
|
185 | throw error
|
186 | })
|
187 | }
|
188 |
|
189 | throw error
|
190 | })
|
191 |
|
192 | .then(function (session) {
|
193 | if (!request.query.include) {
|
194 | return reply().code(204)
|
195 | }
|
196 | reply(serialise(session)).code(200)
|
197 | })
|
198 |
|
199 | .catch(function (error) {
|
200 | error = errors.parse(error)
|
201 | reply(Boom.create(error.status, error.message))
|
202 | })
|
203 | }
|
204 | }
|
205 |
|
206 | server.route([
|
207 | getSessionRoute,
|
208 | createSessionRoute,
|
209 | deleteSessionRoute
|
210 | ])
|
211 |
|
212 | next()
|
213 | }
|