planka/server/api/controllers/access-tokens/create.js

const bcrypt = require('bcrypt');
const validator = require('validator');

const Errors = {
  INVALID_EMAIL_OR_USERNAME: {
    invalidEmailOrUsername: 'Invalid email or username',
  },
  INVALID_PASSWORD: {
    invalidPassword: 'Invalid password',
  },
};

module.exports = {
  inputs: {
    emailOrUsername: {
      type: 'string',
      custom: (value) =>
        value.includes('@')
          ? validator.isEmail(value)
          : value.length >= 3 &&
            value.length <= 16 &&
            /^[a-zA-Z0-9]+((_|\.)?[a-zA-Z0-9])*$/.test(value),
      required: true,
    },
    password: {
      type: 'string',
      required: true,
    },
  },

  exits: {
    invalidEmailOrUsername: {
      responseType: 'unauthorized',
    },
    invalidPassword: {
      responseType: 'unauthorized',
    },
  },

  async fn(inputs) {
    const user = await sails.helpers.users.getOneByEmailOrUsername(inputs.emailOrUsername);

    if (!user) {
      throw Errors.INVALID_EMAIL_OR_USERNAME;
    }

    if (!bcrypt.compareSync(inputs.password, user.password)) {
      throw Errors.INVALID_PASSWORD;
    }

    return {
      item: sails.helpers.utils.createToken(user.id),
    };
  },
};
Initial commit 2019-08-31 04:07:25 +05:00			`const bcrypt = require('bcrypt');`
Add username to user 2020-04-03 00:35:25 +05:00			`const validator = require('validator');`
Initial commit 2019-08-31 04:07:25 +05:00
			`const Errors = {`
Add username to user 2020-04-03 00:35:25 +05:00			`INVALID_EMAIL_OR_USERNAME: {`
			`invalidEmailOrUsername: 'Invalid email or username',`
Initial commit 2019-08-31 04:07:25 +05:00			`},`
Add username to user 2020-04-03 00:35:25 +05:00			`INVALID_PASSWORD: {`
			`invalidPassword: 'Invalid password',`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`},`
Initial commit 2019-08-31 04:07:25 +05:00			`};`

			`module.exports = {`
			`inputs: {`
Add username to user 2020-04-03 00:35:25 +05:00			`emailOrUsername: {`
Initial commit 2019-08-31 04:07:25 +05:00			`type: 'string',`
Add username to user 2020-04-03 00:35:25 +05:00			`custom: (value) =>`
			`value.includes('@')`
			`? validator.isEmail(value)`
Allow dots in username. Closes #116 2021-04-13 18:59:02 +05:00			`: value.length >= 3 &&`
			`value.length <= 16 &&`
			`/^[a-zA-Z0-9]+((_\|\.)?[a-zA-Z0-9])*$/.test(value),`
Initial commit 2019-08-31 04:07:25 +05:00			`required: true,`
			`},`
			`password: {`
			`type: 'string',`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`required: true,`
			`},`
Initial commit 2019-08-31 04:07:25 +05:00			`},`

			`exits: {`
Add username to user 2020-04-03 00:35:25 +05:00			`invalidEmailOrUsername: {`
			`responseType: 'unauthorized',`
			`},`
			`invalidPassword: {`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`responseType: 'unauthorized',`
			`},`
Initial commit 2019-08-31 04:07:25 +05:00			`},`

Project managers, board members, auto-update after reconnection, refactoring 2021-06-24 01:05:22 +05:00			`async fn(inputs) {`
			`const user = await sails.helpers.users.getOneByEmailOrUsername(inputs.emailOrUsername);`
Initial commit 2019-08-31 04:07:25 +05:00
			`if (!user) {`
Add username to user 2020-04-03 00:35:25 +05:00			`throw Errors.INVALID_EMAIL_OR_USERNAME;`
Initial commit 2019-08-31 04:07:25 +05:00			`}`

			`if (!bcrypt.compareSync(inputs.password, user.password)) {`
Add username to user 2020-04-03 00:35:25 +05:00			`throw Errors.INVALID_PASSWORD;`
Initial commit 2019-08-31 04:07:25 +05:00			`}`

Project managers, board members, auto-update after reconnection, refactoring 2021-06-24 01:05:22 +05:00			`return {`
feat: Improve security of access tokens (#279) Closes #275 2022-08-09 18:03:21 +02:00			`item: sails.helpers.utils.createToken(user.id),`
Project managers, board members, auto-update after reconnection, refactoring 2021-06-24 01:05:22 +05:00			`};`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`},`
Initial commit 2019-08-31 04:07:25 +05:00			`};`