UNPKG

foxx-framework

Version:

Foxx framework based on RiotJS + ArangoDB/Foxx

github.com/solisoft/foxx-framework

solisoft/foxx-framework

161 lines (144 loc) 5.09 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
'use strict'; const db = require('@arangodb').db; const joi = require('joi'); const createAuth = require('@arangodb/foxx/auth'); const createRouter = require('@arangodb/foxx/router'); const sessionsMiddleware = require('@arangodb/foxx/sessions'); const jwtStorage = require('@arangodb/foxx/sessions/storages/jwt'); require("@arangodb/aql/cache").properties({ mode: "on" }); const queues = require('@arangodb/foxx/queues'); const crypt = require('@arangodb/crypto'); const request = require('@arangodb/request'); const auth = createAuth(); const router = createRouter(); const users = db.users; const each = require('lodash').each; const queue = queues.create('mailer'); const _settings = db.foxxy_settings.firstExample(); const sessions = sessionsMiddleware({ storage: jwtStorage(_settings.jwt_secret), transport: 'header' }); module.context.use(sessions); module.context.use(router); var fields = [] var schema = {} var loadFields = function() { // r: new row; c: classname; n: name/id; t: type; j: joi validation; l: label; d: data list fields = [ { r: true, c:"uk-width-1-1", n:"company", t:"string", j: joi.string().required(), l:"Company" }, { r: true, c:"uk-width-1-1", n:"fn", t:"string", j: joi.string().required(), l:"First Name" }, { r: true, c:"uk-width-1-1", n:"ln", t:"string", j: joi.string().required(), l:"Last Name" }, { r: true, c:"uk-width-1-1", n:"username", t:"email", j: joi.string().required(), l:"Email" }, { r: true, c:"uk-width-1-1", n:"password", t:"password", j: joi.string().min(8).max(32).required(), l:"Password" }, { r: true, c:"uk-width-1-1", n:"password_confirmation", t:"confirm", j: joi.string().required(), l:"Password Confirmation" } ] schema = {} each(fields, function(f) { schema[f.n] = f.j }) } loadFields(); // ----------------------------------------------------------------------------- router.get('/check_form', function (req, res) { var errors = [] try { errors = joi.validate(JSON.parse(req.queryParams.data), schema, { abortEarly: false }).error.details } catch(e) {} res.send({errors: errors }); }) .description('Check the form for live validation'); // ----------------------------------------------------------------------------- router.get('/fields', function (req, res) { loadFields() res.send({ fields: fields }); }) .description('Get all fields to build form'); // ----------------------------------------------------------------------------- // GET whoami router.get('/whoami', function (req, res) { if(!req.session.uid) res.throw('unauthorized') try { const user = users.document(req.session.uid); res.send({username: user.username, role: user.role, a: user.a}); } catch (e) { res.send({username: null}); } }) .description('Returns the currently active username.'); // ----------------------------------------------------------------------------- // POST login router.post('/login', function (req, res) { // This may return a user object or null const user = users.firstExample({ username: req.body.username, a: true }); const valid = auth.verify( user ? user.authData : {}, req.body.password ); // Log the user in if(valid) { req.session.uid = user._key; } res.setHeader("Access-Control-Expose-Headers", "X-Session-Id"); res.send({success: valid, uid: req.session}); }) .body(joi.object({ username: joi.string().required(), password: joi.string().required() }).required(), 'Credentials') .description('Logs a registered user in.'); // ----------------------------------------------------------------------------- // POST logout router.post('/logout', function (req, res) { if (req.session.uid) { req.session.uid = null; } res.send({success: true}); }) .description('Logs the current user out.'); // ----------------------------------------------------------------------------- // POST signup router.post('/signup', function (req, res) { const user = req.body; const uuid = crypt.genRandomAlphaNumbers(40); try { // Create an authentication hash user.authData = auth.create(user.password); delete user.password; delete user.password_confirmation; user.email_code = uuid; delete user.company; const meta = users.save(user); Object.assign(user, meta); } catch (e) { res.throw('bad request', 'Username already taken', e); } // Log the user in queue.push( {mount: '/auth', name: 'send-mail'}, {to: user.username, uuid: uuid} ); req.session.uid = user._key; res.send({success: true}); }) .body(joi.object(schema), 'Credentials') .description('Creates a new user and logs them in.'); // ----------------------------------------------------------------------------- router.post('/confirm', function (req, res) { const user = users.firstExample({ email_code: req.body.uuid }); if(user) { user.a = true; delete user.email_code; users.update(user._id, user); } res.send({success: true}); }) .body(joi.object({ uuid: joi.string().required(), }).required(), 'UUID') .description('Check email code');