UNPKG

@accounts/rest-express

Version:

Server side REST express middleware for accounts

github.com/accounts-js/rest/tree/master

accounts-js/rest

50 lines (46 loc) 1.87 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
import type * as express from 'express'; import { AccountsJsError, type AccountsServer } from '@accounts/server'; import { type AccountsPassword, SendResetPasswordEmailErrors } from '@accounts/password'; import { sendError } from '../../utils/send-error'; import { body } from 'express-validator'; import { matchOrThrow } from '../../utils/matchOrTrow'; export const resetPassword = (accountsServer: AccountsServer) => [ body('token').isString().notEmpty(), body('newPassword').isString().notEmpty(), async (req: express.Request, res: express.Response) => { try { const { token, newPassword } = matchOrThrow<{ token: string; newPassword: string }>(req); const accountsPassword = accountsServer.getServices().password as AccountsPassword; const loginResult = await accountsPassword.resetPassword(token, newPassword, req.infos); res.json(loginResult); } catch (err) { sendError(res, err); } }, ]; export const sendResetPasswordEmail = (accountsServer: AccountsServer) => [ body('email').isEmail(), async (req: express.Request, res: express.Response) => { try { const { email } = matchOrThrow<{ email: string }>(req); const accountsPassword = accountsServer.getServices().password as AccountsPassword; try { await accountsPassword.sendResetPasswordEmail(email); } catch (error) { // If ambiguousErrorMessages is true, // to prevent user enumeration we fail silently in case there is no user attached to this email if ( accountsServer.options.ambiguousErrorMessages && error instanceof AccountsJsError && error.code === SendResetPasswordEmailErrors.UserNotFound ) { return res.json(null); } throw error; } res.json(null); } catch (err) { sendError(res, err); } }, ];