First version of OpenAuth remake

src/api/user/login.ts

@@ -0,0 +1,81 @@
+import { Request, Response } from "express"
+import User, { IUser } from "../../models/user";
+import { randomBytes } from "crypto";
+import moment = require("moment");
+import LoginToken from "../../models/login_token";
+import RequestError, { HttpStatusCode } from "../../helper/request_error";
+import promiseMiddleware from "../../helper/promiseMiddleware";
+
+const Login = promiseMiddleware(async (req: Request, res: Response) => {
+   let type = req.query.type;
+   if (type === "username") {
+      let { username, uid } = req.query;
+      let user = await User.findOne(username ? { username: username.toLowerCase() } : { uid: uid });
+      if (!user) {
+         res.json({ error: req.__("User not found") })
+      } else {
+         res.json({ salt: user.salt, uid: user.uid });
+      }
+      return;
+   }
+
+   const sendToken = async (user: IUser) => {
+      let token_str = randomBytes(16).toString("hex");
+      let token_exp = moment().add(6, "months").toDate()
+      let token = LoginToken.new({
+         token: token_str,
+         valid: true,
+         validTill: token_exp,
+         user: user._id
+      });
+      await LoginToken.save(token);
+
+      let special_str = randomBytes(24).toString("hex");
+      let special_exp = moment().add(30, "minutes").toDate()
+      let special = LoginToken.new({
+         token: special_str,
+         valid: true,
+         validTill: special_exp,
+         special: true,
+         user: user._id
+      });
+      await LoginToken.save(special);
+
+      res.json({
+         login: { token: token_str, expires: token_exp.toUTCString() },
+         special: { token: special_str, expires: special_exp.toUTCString() }
+      });
+   }
+
+   if (type === "password" || type === "twofactor") {
+      let { username, password, uid } = req.body;
+
+      let user = await User.findOne(username ? { username: username.toLowerCase() } : { uid: uid })
+      if (!user) {
+         res.json({ error: req.__("User not found") })
+      } else {
+         if (user.password !== password) {
+            res.json({ error: req.__("Password or username wrong") })
+         } else {
+            if (type === "twofactor") {
+
+            } else {
+               if (user.twofactor && user.twofactor.length > 0) {
+                  let types = user.twofactor.map(f => {
+                     return { type: f.type };
+                  })
+                  res.json({
+                     types: types
+                  });
+               } else {
+                  await sendToken(user);
+               }
+            }
+         }
+      }
+   } else {
+      throw new RequestError("Invalid type!", HttpStatusCode.BAD_REQUEST);
+   }
+});
+
+export default Login;

src/api/user/register.ts

@@ -0,0 +1,142 @@
+import { Request, Response, Router } from "express"
+import Stacker from "../middlewares/stacker";
+import verify, { Types } from "../middlewares/verify";
+import promiseMiddleware from "../../helper/promiseMiddleware";
+import User, { Gender } from "../../models/user";
+import { HttpStatusCode } from "../../helper/request_error";
+import Mail from "../../models/mail";
+import RegCode from "../../models/regcodes";
+
+const Register = Stacker(verify({
+   mail: {
+      type: Types.EMAIL,
+      notempty: true
+   },
+   username: {
+      type: Types.STRING,
+      notempty: true
+   },
+   password: {
+      type: Types.STRING,
+      notempty: true
+   },
+   salt: {
+      type: Types.STRING,
+      notempty: true
+   },
+   regcode: {
+      type: Types.STRING,
+      notempty: true
+   },
+   gender: {
+      type: Types.STRING,
+      notempty: true
+   },
+   name: {
+      type: Types.STRING,
+      notempty: true
+   },
+   // birthday: {
+   //    type: Types.DATE
+   // }
+}), promiseMiddleware(async (req: Request, res: Response) => {
+   let { username, password, salt, mail, gender, name, birthday, regcode } = req.body;
+   let u = await User.findOne({ username: username.toLowerCase() })
+   if (u) {
+      let err = {
+         message: [
+            {
+               message: req.__("Username taken"),
+               field: "username"
+            }
+         ],
+         status: HttpStatusCode.BAD_REQUEST,
+         nolog: true
+      }
+      throw err;
+   }
+
+
+   let m = await Mail.findOne({ mail: mail })
+   if (m) {
+      let err = {
+         message: [
+            {
+               message: req.__("Mail linked with other account"),
+               field: "mail"
+            }
+         ],
+         status: HttpStatusCode.BAD_REQUEST,
+         nolog: true
+      }
+      throw err;
+   }
+
+   let regc = await RegCode.findOne({ token: regcode })
+   if (!regc) {
+      let err = {
+         message: [
+            {
+               message: req.__("Invalid registration code"),
+               field: "regcode"
+            }
+         ],
+         status: HttpStatusCode.BAD_REQUEST,
+         nolog: true
+      }
+      throw err;
+   }
+
+   if (!regc.valid) {
+      let err = {
+         message: [
+            {
+               message: req.__("Registration code already used"),
+               field: "regcode"
+            }
+         ],
+         status: HttpStatusCode.BAD_REQUEST,
+         nolog: true
+      }
+      throw err;
+   }
+
+   let g = -1;
+   switch (gender) {
+      case "male":
+         g = Gender.male
+         break;
+      case "female":
+         g = Gender.female
+         break;
+      case "other":
+         g = Gender.other
+         break;
+      default:
+         g = Gender.none
+         break;
+   }
+
+   let user = User.new({
+      username: username.toLowerCase(),
+      password: password,
+      salt: salt,
+      gender: g,
+      name: name,
+      // birthday: birthday,
+      admin: false
+   })
+
+   regc.valid = false;
+   await RegCode.save(regc);
+
+   let ml = Mail.new({
+      mail: mail,
+      primary: true
+   })
+
+   user.mails.push(ml._id);
+   await User.save(user)
+   res.json({ success: true });
+}))
+export default Register;