misskey/src/api/private/signin.ts

56 lines
1.3 KiB
TypeScript
Raw Normal View History

2016-12-28 22:49:51 +00:00
import * as express from 'express';
2017-01-18 05:19:50 +00:00
import * as bcrypt from 'bcryptjs';
2016-12-28 22:49:51 +00:00
import User from '../models/user';
import Signin from '../models/signin';
import serialize from '../serializers/signin';
import event from '../event';
2017-01-17 00:17:52 +00:00
import config from '../../conf';
2016-12-28 22:49:51 +00:00
export default async (req: express.Request, res: express.Response) => {
res.header('Access-Control-Allow-Credentials', 'true');
const username = req.body['username'];
const password = req.body['password'];
// Fetch user
const user = await User.findOne({
username_lower: username.toLowerCase()
});
if (user === null) {
res.status(404).send('user not found');
return;
}
// Compare password
2017-01-18 05:19:50 +00:00
const same = bcrypt.compareSync(password, user.password);
2016-12-28 22:49:51 +00:00
if (same) {
const expires = 1000 * 60 * 60 * 24 * 365; // One Year
res.cookie('i', user.token, {
path: '/',
domain: `.${config.host}`,
secure: config.url.substr(0, 5) === 'https',
httpOnly: false,
expires: new Date(Date.now() + expires),
maxAge: expires
});
res.sendStatus(204);
} else {
res.status(400).send('incorrect password');
}
// Append signin history
2017-01-17 01:49:27 +00:00
const record = await Signin.insert({
2016-12-28 22:49:51 +00:00
created_at: new Date(),
user_id: user._id,
ip: req.ip,
headers: req.headers,
success: same
});
// Publish signin event
event(user._id, 'signin', await serialize(record));
};