UNPKG

@hoodie/account-server/routes/session.js

Version:

5.14 kBJavaScriptView Raw

1module.exports = sessionRoutes
2module.exports.attributes = {
name: 'account-routes-session'
4}
5
6var Boom = require('boom')
7
8var errors = require('./utils/errors')
9var joiFailAction = require('./utils/joi-fail-action')
10var serialiseSession = require('./utils/serialise-session')
11var toSessionId = require('./utils/request-to-session-id')
12var validations = require('./utils/validations')
13
14function sessionRoutes (server, options, next) {
var admins = options.admins
var sessions = server.plugins.account.api.sessions
var serialise = serialiseSession.bind(null, {
  baseUrl: server.info.uri
})
20
var createSessionRoute = {
  method: 'PUT',
  path: '/session',
  config: {
    auth: false,
    validate: {
      headers: validations.sessionIdHeaderForbidden,
      query: validations.sessionQuery,
      payload: validations.sessionPayload,
      failAction: joiFailAction
    }
  },
  handler: function (request, reply) {
    var username = request.payload.data.attributes.username.toLowerCase()
    var password = request.payload.data.attributes.password
    var query = request.query
37
    // check for admin. If not found, check for user
    admins.validatePassword(username, password)
40
    .then(
      // if admin
      function () {
        if (query.include) {
          throw errors.FORBIDDEN_ADMIN_ACCOUNT
        }
47
        return admins.calculateSessionId(username)
49
        .then(function (sessionId) {
          return {
            id: sessionId
          }
        })
      },
56
      // if not admin
      function (error) {
        if (error.status === 404) {
          return sessions.add({
            account: {
              username: username,
              password: password
            },
            include: query.include
          })
          .catch(function (error) {
            if (error.status === 404) {
              throw errors.INVALID_CREDENTIALS
            }
            throw error
          })
        }
74
        throw error
      })
77
    .then(serialise)
79
    .then(function (json) {
      reply(json).code(201)
    })
83
    .catch(function (error) {
      error = errors.parse(error)
      reply(Boom.create(error.status, error.message))
    })
  }
}
90
var getSessionRoute = {
  method: 'GET',
  path: '/session',
  config: {
    auth: false,
    validate: {
      headers: validations.sessionIdHeader,
      query: validations.sessionQuery,
      failAction: joiFailAction
    }
  },
  handler: function (request, reply) {
    var query = request.query
    var sessionId = toSessionId(request)
105
    // check for admin. If not found, check for user
    admins.validateSession(sessionId)
108
    .then(
      // if admin
      function (doc) {
        if (query.include) {
          throw errors.FORBIDDEN_ADMIN_ACCOUNT
        }
115
        return {
          id: sessionId
        }
      },
120
      // if not admin
      function (error) {
        if (error.status === 404) {
          return sessions.find(sessionId, {
            include: request.query.include
          })
          .catch(function (error) {
            if (error.status === 401 || error.status === 404) {
              throw errors.INVALID_SESSION
            }
            throw error
          })
        }
134
        throw error
      })
137
    .then(serialise)
139
    .then(reply)
141
    .catch(function (error) {
      error = errors.parse(error)
      reply(Boom.create(error.status, error.message))
    })
  }
}
148
var deleteSessionRoute = {
  method: 'DELETE',
  path: '/session',
  config: {
    auth: false,
    validate: {
      headers: validations.sessionIdHeader,
      query: validations.sessionQuery,
      failAction: joiFailAction
    }
  },
  handler: function (request, reply) {
    var query = request.query
    var sessionId = toSessionId(request)
163
    // check for admin. If not found, check for user
    admins.validateSession(sessionId)
166
    .then(
      // if admin
      function (doc) {
        if (query.include) {
          throw errors.FORBIDDEN_ADMIN_ACCOUNT
        }
      },
174
      // if not admin
      function (error) {
        if (error.status === 404) {
          return sessions.remove(sessionId, {
            include: request.query.include
          })
          .catch(function (error) {
            if (error.status === 404 || error.status === 401) {
              throw errors.INVALID_SESSION
            }
            throw error
          })
        }
188
        throw error
      })
191
    .then(function (session) {
      if (!request.query.include) {
        return reply().code(204)
      }
      reply(serialise(session)).code(200)
    })
198
    .catch(function (error) {
      error = errors.parse(error)
      reply(Boom.create(error.status, error.message))
    })
  }
}
205
server.route([
  getSessionRoute,
  createSessionRoute,
  deleteSessionRoute
])
211
next()
213}

1	`module.exports = sessionRoutes`
2	`module.exports.attributes = {`
3	`name: 'account-routes-session'`
4	`}`
5
6	`var Boom = require('boom')`
7
8	`var errors = require('./utils/errors')`
9	`var joiFailAction = require('./utils/joi-fail-action')`
10	`var serialiseSession = require('./utils/serialise-session')`
11	`var toSessionId = require('./utils/request-to-session-id')`
12	`var validations = require('./utils/validations')`
13
14	`function sessionRoutes (server, options, next) {`
15	`var admins = options.admins`
16	`var sessions = server.plugins.account.api.sessions`
17	`var serialise = serialiseSession.bind(null, {`
18	`baseUrl: server.info.uri`
19	`})`
20
21	`var createSessionRoute = {`
22	`method: 'PUT',`
23	`path: '/session',`
24	`config: {`
25	`auth: false,`
26	`validate: {`
27	`headers: validations.sessionIdHeaderForbidden,`
28	`query: validations.sessionQuery,`
29	`payload: validations.sessionPayload,`
30	`failAction: joiFailAction`
31	`}`
32	`},`
33	`handler: function (request, reply) {`
34	`var username = request.payload.data.attributes.username.toLowerCase()`
35	`var password = request.payload.data.attributes.password`
36	`var query = request.query`
37
38	`// check for admin. If not found, check for user`
39	`admins.validatePassword(username, password)`
40
41	`.then(`
42	`// if admin`
43	`function () {`
44	`if (query.include) {`
45	`throw errors.FORBIDDEN_ADMIN_ACCOUNT`
46	`}`
47
48	`return admins.calculateSessionId(username)`
49
50	`.then(function (sessionId) {`
51	`return {`
52	`id: sessionId`
53	`}`
54	`})`
55	`},`
56
57	`// if not admin`
58	`function (error) {`
59	`if (error.status === 404) {`
60	`return sessions.add({`
61	`account: {`
62	`username: username,`
63	`password: password`
64	`},`
65	`include: query.include`
66	`})`
67	`.catch(function (error) {`
68	`if (error.status === 404) {`
69	`throw errors.INVALID_CREDENTIALS`
70	`}`
71	`throw error`
72	`})`
73	`}`
74
75	`throw error`
76	`})`
77
78	`.then(serialise)`
79
80	`.then(function (json) {`
81	`reply(json).code(201)`
82	`})`
83
84	`.catch(function (error) {`
85	`error = errors.parse(error)`
86	`reply(Boom.create(error.status, error.message))`
87	`})`
88	`}`
89	`}`
90
91	`var getSessionRoute = {`
92	`method: 'GET',`
93	`path: '/session',`
94	`config: {`
95	`auth: false,`
96	`validate: {`
97	`headers: validations.sessionIdHeader,`
98	`query: validations.sessionQuery,`
99	`failAction: joiFailAction`
100	`}`
101	`},`
102	`handler: function (request, reply) {`
103	`var query = request.query`
104	`var sessionId = toSessionId(request)`
105
106	`// check for admin. If not found, check for user`
107	`admins.validateSession(sessionId)`
108
109	`.then(`
110	`// if admin`
111	`function (doc) {`
112	`if (query.include) {`
113	`throw errors.FORBIDDEN_ADMIN_ACCOUNT`
114	`}`
115
116	`return {`
117	`id: sessionId`
118	`}`
119	`},`
120
121	`// if not admin`
122	`function (error) {`
123	`if (error.status === 404) {`
124	`return sessions.find(sessionId, {`
125	`include: request.query.include`
126	`})`
127	`.catch(function (error) {`
128	`if (error.status === 401 \|\| error.status === 404) {`
129	`throw errors.INVALID_SESSION`
130	`}`
131	`throw error`
132	`})`
133	`}`
134
135	`throw error`
136	`})`
137
138	`.then(serialise)`
139
140	`.then(reply)`
141
142	`.catch(function (error) {`
143	`error = errors.parse(error)`
144	`reply(Boom.create(error.status, error.message))`
145	`})`
146	`}`
147	`}`
148
149	`var deleteSessionRoute = {`
150	`method: 'DELETE',`
151	`path: '/session',`
152	`config: {`
153	`auth: false,`
154	`validate: {`
155	`headers: validations.sessionIdHeader,`
156	`query: validations.sessionQuery,`
157	`failAction: joiFailAction`
158	`}`
159	`},`
160	`handler: function (request, reply) {`
161	`var query = request.query`
162	`var sessionId = toSessionId(request)`
163
164	`// check for admin. If not found, check for user`
165	`admins.validateSession(sessionId)`
166
167	`.then(`
168	`// if admin`
169	`function (doc) {`
170	`if (query.include) {`
171	`throw errors.FORBIDDEN_ADMIN_ACCOUNT`
172	`}`
173	`},`
174
175	`// if not admin`
176	`function (error) {`
177	`if (error.status === 404) {`
178	`return sessions.remove(sessionId, {`
179	`include: request.query.include`
180	`})`
181	`.catch(function (error) {`
182	`if (error.status === 404 \|\| error.status === 401) {`
183	`throw errors.INVALID_SESSION`
184	`}`
185	`throw error`
186	`})`
187	`}`
188
189	`throw error`
190	`})`
191
192	`.then(function (session) {`
193	`if (!request.query.include) {`
194	`return reply().code(204)`
195	`}`
196	`reply(serialise(session)).code(200)`
197	`})`
198
199	`.catch(function (error) {`
200	`error = errors.parse(error)`
201	`reply(Boom.create(error.status, error.message))`
202	`})`
203	`}`
204	`}`
205
206	`server.route([`
207	`getSessionRoute,`
208	`createSessionRoute,`
209	`deleteSessionRoute`
210	`])`
211
212	`next()`
213	`}`