UNPKG

@softvisio/core

Version:

Softisio core

softvisio-node.github.io/core/

softvisio-node/core

135 lines (102 loc) 3.92 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
import Token from "#lib/app/token"; import Interval from "#lib/interval"; import sql from "#lib/sql"; const SQL = { "deleteTokens": sql`DELETE FROM action_token WHERE user_id = ? AND type = ?`.prepare(), "insertToken": sql`INSERT INTO action_token ( user_id, type, expires, email_token, data ) VALUES ( ?, ?, ?, ?, ? ) RETURNING id, ( SELECT email FROM "user" WHERE id = user_id ) AS email`.prepare(), "insertHash": sql`INSERT INTO action_token_hash ( action_token_id, hash ) VALUES ( ?, ? )`.prepare(), "getToken": sql` SELECT action_token.id, action_token.type, action_token.user_id, action_token.email_token, action_token.data, action_token_hash.hash FROM action_token, action_token_hash WHERE action_token.id = action_token_hash.action_token_id AND action_token.id = ? AND action_token.expires > CURRENT_TIMESTAMP `.prepare(), "setUserEmailConfirmed": sql`UPDATE "user" SET email_confirmed = TRUE WHERE id = ?`.prepare(), }; export default class { #app; #config; constructor ( app, config ) { this.#app = app; this.#config = config; } // properties get app () { return this.#app; } get dbh () { return this.#app.dbh; } get config () { return this.#config; } // public async init () { var res; // migrate database res = await this.dbh.schema.migrate( new URL( "db", import.meta.url ) ); if ( !res.ok ) return res; return result( 200 ); } async createActionToken ( userId, tokenType, { length, maxAge, emailToken = false, data, dbh } = {} ) { dbh ||= this.dbh; return dbh.begin( async dbh => { // delete tokens qith the same type let res = await dbh.do( SQL.deleteTokens, [ userId, tokenType ] ); if ( !res.ok ) throw res; const expires = Interval.new( maxAge ).addDate(); // insert token res = await dbh.selectRow( SQL.insertToken, [ userId, tokenType, expires, emailToken, data ] ); if ( !res.ok ) throw res; const tokenId = res.data.id, email = res.data.email; // generate token const token = await Token.generate( this.app, tokenType, tokenId, { length } ); // insert hash res = await dbh.do( SQL.insertHash, [ token.id, await token.getHash() ] ); if ( !res.ok ) throw res; return result( 200, { email, "token": token.token, expires, } ); } ); } async activateActionToken ( token, tokenType, { dbh } = {} ) { token = Token.new( this.app, token ); // token is invalid if ( token.type !== tokenType ) return result( [ 400, "Token is invalid" ] ); dbh ||= this.dbh; return dbh.begin( async dbh => { const res = await dbh.selectRow( SQL.getToken, [ token.id ] ); if ( !res.ok ) throw res; // token not found if ( !res.data ) throw result( [ 400, "Token is invalid" ] ); const token1 = new Token( this.app, res.data ); // verify token if ( !( await token1.verify( token ) ) ) throw result( [ 400, "Token is invalid" ] ); // set user email confirmed if ( res.data.email_token ) { const res1 = await dbh.do( SQL.setUserEmailConfirmed, [ token1.userId ] ); if ( !res1.ok ) throw res1; } // delete user action token const res2 = await dbh.do( SQL.deleteTokens, [ token1.userId, token1.type ] ); if ( !res2.ok ) throw res2; return result( 200, { "user_id": res.data.user_id, "data": res.data.data, } ); } ); } }