acebase-server
Version:
AceBase realtime database server (webserver endpoint to allow remote connections)
72 lines • 3.16 kB
JavaScript
;
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.addRoute = exports.VerifyEmailError = void 0;
const tokens_1 = require("../shared/tokens");
const error_1 = require("../shared/error");
class VerifyEmailError extends Error {
constructor(code, message) {
super(message);
this.code = code;
}
}
exports.VerifyEmailError = VerifyEmailError;
/**
* Adds the verify_email route and returns the verification function that can be used to manually verify an email address
* @param env environment
* @returns returns the verification function
*/
const addRoute = (env) => {
const LOG_ACTION = 'auth.verify_email';
const verifyEmailAddress = (clientIp, code) => __awaiter(void 0, void 0, void 0, function* () {
const LOG_DETAILS = { ip: clientIp, uid: null };
const verification = (() => {
try {
return (0, tokens_1.parseSignedPublicToken)(code, env.tokenSalt);
}
catch (err) {
throw new VerifyEmailError('invalid_code', err.message);
}
})();
LOG_DETAILS.uid = verification.uid;
const snap = yield env.authRef.child(verification.uid).get();
if (!snap.exists()) {
env.log.error(LOG_ACTION, 'unknown_user', LOG_DETAILS);
throw new VerifyEmailError('unknown_user', 'Unknown user');
}
const user = snap.val();
user.uid = snap.key;
// No need to do further checks, code was signed by us so we can trust the contents
// Mark account as verified
yield snap.ref.update({ email_verified: true });
env.log.event(LOG_ACTION, LOG_DETAILS);
});
env.router.post(`/auth/${env.db.name}/verify_email`, (req, res) => __awaiter(void 0, void 0, void 0, function* () {
const details = req.body;
try {
yield verifyEmailAddress(req.ip, details.code);
res.send('OK');
}
catch (err) {
if (err.code) {
(0, error_1.sendBadRequestError)(res, err);
}
else {
env.log.error(LOG_ACTION, 'unexpected', { ip: req.ip, message: err.message, verificaion_code: details.code });
(0, error_1.sendUnexpectedError)(res, err);
}
}
}));
return verifyEmailAddress;
};
exports.addRoute = addRoute;
exports.default = exports.addRoute;
//# sourceMappingURL=auth-verify-email.js.map