50 lines
1.6 KiB
TypeScript
50 lines
1.6 KiB
TypeScript
import { Request, Response } from "express";
|
|
import Stacker from "../../middlewares/stacker";
|
|
import { GetUserMiddleware } from "../../middlewares/user";
|
|
import { URL } from "url";
|
|
import Client from "../../../models/client";
|
|
import RequestError, { HttpStatusCode } from "../../../helper/request_error";
|
|
import { randomBytes } from "crypto";
|
|
import moment = require("moment");
|
|
import RefreshToken from "../../../models/refresh_token";
|
|
import { refreshTokenValidTime } from "../../../config";
|
|
import { getClientWithOrigin } from "./_helper";
|
|
import Permission from "../../../models/permissions";
|
|
|
|
export const GetTokenByUser = Stacker(
|
|
GetUserMiddleware(true, false),
|
|
async (req: Request, res: Response) => {
|
|
const { client_id, origin, permissions } = req.query as {
|
|
[key: string]: string;
|
|
};
|
|
|
|
const client = await getClientWithOrigin(client_id, origin);
|
|
|
|
const perm = permissions.split(",").filter((e) => !!e);
|
|
|
|
const resolved = await Promise.all(
|
|
perm.map((p) => Permission.findById(p))
|
|
);
|
|
|
|
if (resolved.some((e) => e.grant_type !== "user")) {
|
|
throw new RequestError(
|
|
"Invalid Permission requested",
|
|
HttpStatusCode.BAD_REQUEST
|
|
);
|
|
}
|
|
|
|
let token = RefreshToken.new({
|
|
user: req.user._id,
|
|
client: client._id,
|
|
permissions: resolved.map((e) => e._id),
|
|
token: randomBytes(16).toString("hex"),
|
|
valid: true,
|
|
validTill: moment().add(refreshTokenValidTime).toDate(),
|
|
});
|
|
|
|
await RefreshToken.save(token);
|
|
|
|
res.json({ token });
|
|
}
|
|
);
|