Update stuff
This commit is contained in:
parent
0254e42b9c
commit
553ba9db9a
40 changed files with 7343 additions and 717 deletions
23
web/app.js
23
web/app.js
|
|
@ -1,10 +1,11 @@
|
|||
import path from 'path';
|
||||
import Router from 'koa-router';
|
||||
import csrf from 'koa-csrf';
|
||||
import CSRF from 'koa-csrf';
|
||||
import views from 'koa-views';
|
||||
import stats from 'koa-statsd';
|
||||
import stats from '../lib/koa-statsd';
|
||||
import StatsD from 'statsy';
|
||||
import errors from 'koa-error';
|
||||
|
||||
import * as redis from '../lib/redis';
|
||||
import * as index from './routes/index';
|
||||
import * as file from './routes/file';
|
||||
|
|
@ -20,24 +21,24 @@ router.use(errors({
|
|||
const statsdOpts = { prefix: 'hostr-web', host: process.env.STATSD_HOST };
|
||||
router.use(stats(statsdOpts));
|
||||
const statsd = new StatsD(statsdOpts);
|
||||
router.use(function* statsMiddleware(next) {
|
||||
this.statsd = statsd;
|
||||
yield next;
|
||||
router.use(async (ctx, next) => {
|
||||
ctx.statsd = statsd;
|
||||
await next();
|
||||
});
|
||||
|
||||
router.use(redis.sessionStore());
|
||||
//router.use(redis.sessionStore());
|
||||
|
||||
router.use(function* stateMiddleware(next) {
|
||||
this.state = {
|
||||
session: this.session,
|
||||
router.use(async (ctx, next) => {
|
||||
ctx.state = {
|
||||
session: ctx.session,
|
||||
baseURL: process.env.WEB_BASE_URL,
|
||||
apiURL: process.env.API_BASE_URL,
|
||||
stripePublic: process.env.STRIPE_PUBLIC_KEY,
|
||||
};
|
||||
yield next;
|
||||
await next();
|
||||
});
|
||||
|
||||
router.use(csrf());
|
||||
router.use(new CSRF());
|
||||
|
||||
router.use(views(path.join(__dirname, 'views'), {
|
||||
extension: 'ejs',
|
||||
|
|
|
|||
|
|
@ -3,24 +3,25 @@ import { join } from 'path';
|
|||
import passwords from 'passwords';
|
||||
import uuid from 'node-uuid';
|
||||
import views from 'co-views';
|
||||
import models from '../../models';
|
||||
const render = views(join(__dirname, '..', 'views'), { default: 'ejs' });
|
||||
import debugname from 'debug';
|
||||
const debug = debugname('hostr-web:auth');
|
||||
import sendgridInit from 'sendgrid';
|
||||
import models from '../../models';
|
||||
|
||||
const render = views(join(__dirname, '..', 'views'), { default: 'ejs' });
|
||||
const debug = debugname('hostr-web:auth');
|
||||
const sendgrid = sendgridInit(process.env.SENDGRID_KEY);
|
||||
|
||||
const from = process.env.EMAIL_FROM;
|
||||
const fromname = process.env.EMAIL_NAME;
|
||||
|
||||
export function* authenticate(email, password) {
|
||||
export async function authenticate(email, password) {
|
||||
const remoteIp = this.headers['x-forwarded-for'] || this.ip;
|
||||
|
||||
if (!password || password.length < 6) {
|
||||
debug('No password, or password too short');
|
||||
return new Error('Invalid login details');
|
||||
}
|
||||
const count = yield models.login.count({
|
||||
const count = await models.login.count({
|
||||
where: {
|
||||
ip: remoteIp,
|
||||
successful: false,
|
||||
|
|
@ -34,38 +35,38 @@ export function* authenticate(email, password) {
|
|||
debug('Throttling brute force');
|
||||
return new Error('Invalid login details');
|
||||
}
|
||||
const user = yield models.user.findOne({
|
||||
const user = await models.user.findOne({
|
||||
where: {
|
||||
email: email.toLowerCase(),
|
||||
activated: true,
|
||||
},
|
||||
});
|
||||
debug(user);
|
||||
const login = yield models.login.create({
|
||||
const login = await models.login.create({
|
||||
ip: remoteIp,
|
||||
successful: false,
|
||||
});
|
||||
|
||||
if (user && user.password) {
|
||||
if (yield passwords.verify(password, user.password)) {
|
||||
if (await passwords.verify(password, user.password)) {
|
||||
debug('Password verified');
|
||||
login.successful = true;
|
||||
yield login.save();
|
||||
await login.save();
|
||||
debug(user);
|
||||
return user;
|
||||
}
|
||||
debug('Password invalid');
|
||||
login.userId = user.id;
|
||||
}
|
||||
yield login.save();
|
||||
await login.save();
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
export function* setupSession(user) {
|
||||
export async function setupSession(user) {
|
||||
debug('Setting up session');
|
||||
const token = uuid.v4();
|
||||
yield this.redis.set(token, user.id, 'EX', 604800);
|
||||
await this.redis.set(token, user.id, 'EX', 604800);
|
||||
|
||||
const sessionUser = {
|
||||
id: user.id,
|
||||
|
|
@ -74,7 +75,7 @@ export function* setupSession(user) {
|
|||
maxFileSize: 20971520,
|
||||
joined: user.createdAt,
|
||||
plan: user.plan,
|
||||
uploadsToday: yield models.file.count({ userId: user.id }),
|
||||
uploadsToday: await models.file.count({ userId: user.id }),
|
||||
md5: crypto.createHash('md5').update(user.email).digest('hex'),
|
||||
token,
|
||||
};
|
||||
|
|
@ -86,7 +87,7 @@ export function* setupSession(user) {
|
|||
|
||||
this.session.user = sessionUser;
|
||||
if (this.request.body.remember && this.request.body.remember === 'on') {
|
||||
const remember = yield models.remember.create({
|
||||
const remember = await models.remember.create({
|
||||
id: uuid(),
|
||||
userId: user.id,
|
||||
});
|
||||
|
|
@ -96,8 +97,8 @@ export function* setupSession(user) {
|
|||
}
|
||||
|
||||
|
||||
export function* signup(email, password, ip) {
|
||||
const existingUser = yield models.user.findOne({
|
||||
export async function signup(email, password, ip) {
|
||||
const existingUser = await models.user.findOne({
|
||||
where: {
|
||||
email,
|
||||
activated: true,
|
||||
|
|
@ -107,8 +108,8 @@ export function* signup(email, password, ip) {
|
|||
debug('Email already in use.');
|
||||
throw new Error('Email already in use.');
|
||||
}
|
||||
const cryptedPassword = yield passwords.crypt(password);
|
||||
const user = yield models.user.create({
|
||||
const cryptedPassword = await passwords.crypt(password);
|
||||
const user = await models.user.create({
|
||||
email,
|
||||
password: cryptedPassword,
|
||||
ip,
|
||||
|
|
@ -121,9 +122,9 @@ export function* signup(email, password, ip) {
|
|||
include: [models.activation],
|
||||
});
|
||||
|
||||
yield user.save();
|
||||
await user.save();
|
||||
|
||||
const html = yield render('email/inlined/activate', {
|
||||
const html = await render('email/inlined/activate', {
|
||||
activationUrl: `${process.env.WEB_BASE_URL}/activate/${user.activation.id}`,
|
||||
});
|
||||
const text = `Thanks for signing up to Hostr!
|
||||
|
|
@ -146,18 +147,18 @@ ${process.env.WEB_BASE_URL}/activate/${user.activation.id}
|
|||
}
|
||||
|
||||
|
||||
export function* sendResetToken(email) {
|
||||
const user = yield models.user.findOne({
|
||||
export async function sendResetToken(email) {
|
||||
const user = await models.user.findOne({
|
||||
where: {
|
||||
email,
|
||||
},
|
||||
});
|
||||
if (user) {
|
||||
const reset = yield models.reset.create({
|
||||
const reset = await models.reset.create({
|
||||
id: uuid.v4(),
|
||||
userId: user.id,
|
||||
});
|
||||
const html = yield render('email/inlined/forgot', {
|
||||
const html = await render('email/inlined/forgot', {
|
||||
forgotUrl: `${process.env.WEB_BASE_URL}/forgot/${reset.id}`,
|
||||
});
|
||||
const text = `It seems you've forgotten your password :(
|
||||
|
|
@ -179,45 +180,45 @@ Visit ${process.env.WEB_BASE_URL}/forgot/${reset.id} to set a new one.
|
|||
}
|
||||
|
||||
|
||||
export function* fromToken(token) {
|
||||
const userId = yield this.redis.get(token);
|
||||
return yield models.user.findById(userId);
|
||||
export async function fromToken(token) {
|
||||
const userId = await this.redis.get(token);
|
||||
return await models.user.findById(userId);
|
||||
}
|
||||
|
||||
|
||||
export function* fromCookie(rememberId) {
|
||||
const userId = yield models.remember.findById(rememberId);
|
||||
return yield models.user.findById(userId);
|
||||
export async function fromCookie(rememberId) {
|
||||
const userId = await models.remember.findById(rememberId);
|
||||
return await models.user.findById(userId);
|
||||
}
|
||||
|
||||
|
||||
export function* validateResetToken(resetId) {
|
||||
return yield models.reset.findById(resetId);
|
||||
export async function validateResetToken(resetId) {
|
||||
return await models.reset.findById(resetId);
|
||||
}
|
||||
|
||||
|
||||
export function* updatePassword(userId, password) {
|
||||
const cryptedPassword = yield passwords.crypt(password);
|
||||
const user = yield models.user.findById(userId);
|
||||
export async function updatePassword(userId, password) {
|
||||
const cryptedPassword = await passwords.crypt(password);
|
||||
const user = await models.user.findById(userId);
|
||||
user.password = cryptedPassword;
|
||||
yield user.save();
|
||||
await user.save();
|
||||
}
|
||||
|
||||
|
||||
export function* activateUser(code) {
|
||||
export async function activateUser(code) {
|
||||
debug(code);
|
||||
const activation = yield models.activation.findOne({
|
||||
const activation = await models.activation.findOne({
|
||||
where: {
|
||||
id: code,
|
||||
},
|
||||
});
|
||||
if (activation.updatedAt.getTime() === activation.createdAt.getTime()) {
|
||||
activation.activated = true;
|
||||
yield activation.save();
|
||||
const user = yield activation.getUser();
|
||||
await activation.save();
|
||||
const user = await activation.getUser();
|
||||
user.activated = true;
|
||||
yield user.save();
|
||||
yield setupSession.call(this, user);
|
||||
await user.save();
|
||||
await setupSession.call(this, user);
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
|
|
|
|||
|
|
@ -39,7 +39,8 @@ export class UserService {
|
|||
export class EventService {
|
||||
constructor($rootScope, ReconnectingWebSocket) {
|
||||
if (window.user && WebSocket) {
|
||||
const ws = new ReconnectingWebSocket('wss' + window.settings.apiURL.replace('https', '').replace('http', '') + '/user');
|
||||
const apiURL = new URL(window.settings.apiURL);
|
||||
const ws = new ReconnectingWebSocket((apiURL.protocol === 'http:' ? 'ws' : 'wss') + window.settings.apiURL.replace('https', '').replace('http', '') + '/user');
|
||||
ws.onmessage = (msg) => {
|
||||
const evt = JSON.parse(msg.data);
|
||||
$rootScope.$broadcast(evt.type, evt.data);
|
||||
|
|
|
|||
|
|
@ -27,92 +27,92 @@ function hotlinkCheck(file, userAgent, referrer) {
|
|||
return userAgentCheck(userAgent) || file.width || referrerCheck(referrer);
|
||||
}
|
||||
|
||||
export function* get() {
|
||||
if (this.params.size && ['150', '970'].indexOf(this.params.size) < 0) {
|
||||
this.throw(404);
|
||||
export async function get(ctx) {
|
||||
if (ctx.params.size && ['150', '970'].indexOf(ctx.params.size) < 0) {
|
||||
ctx.throw(404);
|
||||
return;
|
||||
}
|
||||
|
||||
const file = yield models.file.findOne({
|
||||
const file = await models.file.findOne({
|
||||
where: {
|
||||
id: this.params.id,
|
||||
name: this.params.name,
|
||||
id: ctx.params.id,
|
||||
name: ctx.params.name,
|
||||
},
|
||||
});
|
||||
this.assert(file, 404);
|
||||
ctx.assert(file, 404);
|
||||
|
||||
if (!hotlinkCheck(file, this.headers['user-agent'], this.headers.referer)) {
|
||||
this.redirect(`/${file.id}`);
|
||||
if (!hotlinkCheck(file, ctx.headers['user-agent'], ctx.headers.referer)) {
|
||||
ctx.redirect(`/${file.id}`);
|
||||
return;
|
||||
}
|
||||
|
||||
if (!file.width && this.request.query.warning !== 'on') {
|
||||
this.redirect(`/${file.id}`);
|
||||
if (!file.width && ctx.request.query.warning !== 'on') {
|
||||
ctx.redirect(`/${file.id}`);
|
||||
return;
|
||||
}
|
||||
|
||||
if (file.malware) {
|
||||
const alert = this.request.query.alert;
|
||||
const alert = ctx.request.query.alert;
|
||||
if (!alert || !alert.match(/i want to download malware/i)) {
|
||||
this.redirect(`/${file.id}`);
|
||||
ctx.redirect(`/${file.id}`);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
let localPath = join(storePath, file.id[0], `${file.id}_${file.name}`);
|
||||
let remotePath = join(file.id[0], `${file.id}_${file.name}`);
|
||||
if (this.params.size > 0) {
|
||||
localPath = join(storePath, file.id[0], this.params.size, `${file.id}_${file.name}`);
|
||||
remotePath = join(file.id[0], this.params.size, `${file.id}_${file.name}`);
|
||||
if (ctx.params.size > 0) {
|
||||
localPath = join(storePath, file.id[0], ctx.params.size, `${file.id}_${file.name}`);
|
||||
remotePath = join(file.id[0], ctx.params.size, `${file.id}_${file.name}`);
|
||||
}
|
||||
|
||||
if (file.malware) {
|
||||
this.statsd.incr('file.malware.download', 1);
|
||||
ctx.statsd.incr('file.malware.download', 1);
|
||||
}
|
||||
|
||||
let type = 'application/octet-stream';
|
||||
if (file.width > 0) {
|
||||
if (this.params.size) {
|
||||
this.statsd.incr('file.view', 1);
|
||||
if (ctx.params.size) {
|
||||
ctx.statsd.incr('file.view', 1);
|
||||
}
|
||||
type = mime.lookup(file.name);
|
||||
} else {
|
||||
this.statsd.incr('file.download', 1);
|
||||
ctx.statsd.incr('file.download', 1);
|
||||
}
|
||||
|
||||
if (userAgentCheck(this.headers['user-agent'])) {
|
||||
this.set('Content-Disposition', `attachment; filename=${file.name}`);
|
||||
if (userAgentCheck(ctx.headers['user-agent'])) {
|
||||
ctx.set('Content-Disposition', `attachment; filename=${file.name}`);
|
||||
}
|
||||
|
||||
this.set('Content-type', type);
|
||||
this.set('Expires', new Date(2020, 1).toISOString());
|
||||
this.set('Cache-control', 'max-age=2592000');
|
||||
ctx.set('Content-type', type);
|
||||
ctx.set('Expires', new Date(2020, 1).toISOString());
|
||||
ctx.set('Cache-control', 'max-age=2592000');
|
||||
|
||||
if (!this.params.size || (this.params.size && this.params.size > 150)) {
|
||||
if (!ctx.params.size || (ctx.params.size && ctx.params.size > 150)) {
|
||||
models.file.accessed(file.id);
|
||||
}
|
||||
|
||||
this.body = yield hostrFileStream(localPath, remotePath);
|
||||
ctx.body = await hostrFileStream(localPath, remotePath);
|
||||
}
|
||||
|
||||
export function* resized() {
|
||||
yield get.call(this);
|
||||
export async function resized(ctx) {
|
||||
await get.call(ctx);
|
||||
}
|
||||
|
||||
export function* landing() {
|
||||
const file = yield models.file.findOne({
|
||||
export async function landing(ctx) {
|
||||
const file = await models.file.findOne({
|
||||
where: {
|
||||
id: this.params.id,
|
||||
id: ctx.params.id,
|
||||
},
|
||||
});
|
||||
this.assert(file, 404);
|
||||
if (userAgentCheck(this.headers['user-agent'])) {
|
||||
this.params.name = file.name;
|
||||
yield get.call(this);
|
||||
ctx.assert(file, 404);
|
||||
if (userAgentCheck(ctx.headers['user-agent'])) {
|
||||
ctx.params.name = file.name;
|
||||
await get.call(ctx);
|
||||
return;
|
||||
}
|
||||
|
||||
this.statsd.incr('file.landing', 1);
|
||||
ctx.statsd.incr('file.landing', 1);
|
||||
const formattedFile = formatFile(file);
|
||||
yield this.render('file', { file: formattedFile });
|
||||
await ctx.render('file', { file: formattedFile });
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,56 +1,56 @@
|
|||
import uuid from 'node-uuid';
|
||||
import auth from '../lib/auth';
|
||||
|
||||
export function* main() {
|
||||
if (this.session.user) {
|
||||
if (this.query['app-token']) {
|
||||
this.redirect('/');
|
||||
export async function main(ctx) {
|
||||
if (ctx.session.user) {
|
||||
if (ctx.query['app-token']) {
|
||||
ctx.redirect('/');
|
||||
return;
|
||||
}
|
||||
const token = uuid.v4();
|
||||
yield this.redis.set(token, this.session.user.id, 'EX', 604800);
|
||||
this.session.user.token = token;
|
||||
yield this.render('index', { user: this.session.user });
|
||||
await ctx.redis.set(token, ctx.session.user.id, 'EX', 604800);
|
||||
ctx.session.user.token = token;
|
||||
await ctx.render('index', { user: ctx.session.user });
|
||||
} else {
|
||||
if (this.query['app-token']) {
|
||||
const user = yield auth.fromToken(this, this.query['app-token']);
|
||||
yield auth.setupSession(this, user);
|
||||
this.redirect('/');
|
||||
} else if (this.cookies.r) {
|
||||
const user = yield auth.fromCookie(this, this.cookies.r);
|
||||
yield auth.setupSession(this, user);
|
||||
this.redirect('/');
|
||||
if (ctx.query['app-token']) {
|
||||
const user = await auth.fromToken(ctx, ctx.query['app-token']);
|
||||
await auth.setupSession(ctx, user);
|
||||
ctx.redirect('/');
|
||||
} else if (ctx.cookies.r) {
|
||||
const user = await auth.fromCookie(ctx, ctx.cookies.r);
|
||||
await auth.setupSession(ctx, user);
|
||||
ctx.redirect('/');
|
||||
} else {
|
||||
yield this.render('marketing');
|
||||
await ctx.render('marketing');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
export function* staticPage(next) {
|
||||
if (this.session.user) {
|
||||
export async function staticPage(ctx, next) {
|
||||
if (ctx.session.user) {
|
||||
const token = uuid.v4();
|
||||
yield this.redis.set(token, this.session.user.id, 'EX', 604800);
|
||||
this.session.user.token = token;
|
||||
yield this.render('index', { user: this.session.user });
|
||||
await ctx.redis.set(token, ctx.session.user.id, 'EX', 604800);
|
||||
ctx.session.user.token = token;
|
||||
await ctx.render('index', { user: ctx.session.user });
|
||||
} else {
|
||||
switch (this.originalUrl) {
|
||||
switch (ctx.originalUrl) {
|
||||
case '/terms':
|
||||
yield this.render('terms');
|
||||
await ctx.render('terms');
|
||||
break;
|
||||
case '/privacy':
|
||||
yield this.render('privacy');
|
||||
await ctx.render('privacy');
|
||||
break;
|
||||
case '/pricing':
|
||||
yield this.render('pricing');
|
||||
await ctx.render('pricing');
|
||||
break;
|
||||
case '/apps':
|
||||
yield this.render('apps');
|
||||
await ctx.render('apps');
|
||||
break;
|
||||
case '/stats':
|
||||
yield this.render('index', { user: {} });
|
||||
await ctx.render('index', { user: {} });
|
||||
break;
|
||||
default:
|
||||
yield next;
|
||||
await next();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,63 +6,63 @@ import models from '../../models';
|
|||
import debugname from 'debug';
|
||||
const debug = debugname('hostr-web:user');
|
||||
|
||||
export function* signin() {
|
||||
if (!this.request.body.email) {
|
||||
yield this.render('signin', { csrf: this.csrf });
|
||||
export async function signin(ctx) {
|
||||
if (!ctx.request.body.email) {
|
||||
await ctx.render('signin', { csrf: ctx.csrf });
|
||||
return;
|
||||
}
|
||||
|
||||
this.statsd.incr('auth.attempt', 1);
|
||||
this.assertCSRF(this.request.body);
|
||||
const user = yield authenticate.call(this, this.request.body.email, this.request.body.password);
|
||||
ctx.statsd.incr('auth.attempt', 1);
|
||||
|
||||
const user = await authenticate.call(ctx, ctx.request.body.email, ctx.request.body.password);
|
||||
|
||||
if (!user) {
|
||||
this.statsd.incr('auth.failure', 1);
|
||||
yield this.render('signin', { error: 'Invalid login details', csrf: this.csrf });
|
||||
ctx.statsd.incr('auth.failure', 1);
|
||||
await ctx.render('signin', { error: 'Invalid login details', csrf: ctx.csrf });
|
||||
return;
|
||||
} else if (user.activationCode) {
|
||||
yield this.render('signin', {
|
||||
await ctx.render('signin', {
|
||||
error: 'Your account hasn\'t been activated yet. Check for an activation email.',
|
||||
csrf: this.csrf,
|
||||
csrf: ctx.csrf,
|
||||
});
|
||||
return;
|
||||
}
|
||||
this.statsd.incr('auth.success', 1);
|
||||
yield setupSession.call(this, user);
|
||||
this.redirect('/');
|
||||
ctx.statsd.incr('auth.success', 1);
|
||||
await setupSession.call(ctx, user);
|
||||
ctx.redirect('/');
|
||||
}
|
||||
|
||||
|
||||
export function* signup() {
|
||||
if (!this.request.body.email) {
|
||||
yield this.render('signup', { csrf: this.csrf });
|
||||
export async function signup(ctx) {
|
||||
if (!ctx.request.body.email) {
|
||||
await ctx.render('signup', { csrf: ctx.csrf });
|
||||
return;
|
||||
}
|
||||
|
||||
this.assertCSRF(this.request.body);
|
||||
if (this.request.body.email !== this.request.body.confirm_email) {
|
||||
yield this.render('signup', { error: 'Emails do not match.', csrf: this.csrf });
|
||||
ctx.assertCSRF(ctx.request.body);
|
||||
if (ctx.request.body.email !== ctx.request.body.confirm_email) {
|
||||
await ctx.render('signup', { error: 'Emails do not match.', csrf: ctx.csrf });
|
||||
return;
|
||||
} else if (this.request.body.email && !this.request.body.terms) {
|
||||
yield this.render('signup', { error: 'You must agree to the terms of service.',
|
||||
csrf: this.csrf });
|
||||
} else if (ctx.request.body.email && !ctx.request.body.terms) {
|
||||
await ctx.render('signup', { error: 'You must agree to the terms of service.',
|
||||
csrf: ctx.csrf });
|
||||
return;
|
||||
} else if (this.request.body.password && this.request.body.password.length < 7) {
|
||||
yield this.render('signup', { error: 'Password must be at least 7 characters long.',
|
||||
csrf: this.csrf });
|
||||
} else if (ctx.request.body.password && ctx.request.body.password.length < 7) {
|
||||
await ctx.render('signup', { error: 'Password must be at least 7 characters long.',
|
||||
csrf: ctx.csrf });
|
||||
return;
|
||||
}
|
||||
const ip = this.headers['x-forwarded-for'] || this.ip;
|
||||
const email = this.request.body.email;
|
||||
const password = this.request.body.password;
|
||||
const ip = ctx.headers['x-forwarded-for'] || ctx.ip;
|
||||
const email = ctx.request.body.email;
|
||||
const password = ctx.request.body.password;
|
||||
try {
|
||||
yield signupUser.call(this, email, password, ip);
|
||||
await signupUser.call(ctx, email, password, ip);
|
||||
} catch (e) {
|
||||
yield this.render('signup', { error: e.message, csrf: this.csrf });
|
||||
await ctx.render('signup', { error: e.message, csrf: ctx.csrf });
|
||||
return;
|
||||
}
|
||||
this.statsd.incr('auth.signup', 1);
|
||||
yield this.render('signup', {
|
||||
ctx.statsd.incr('auth.signup', 1);
|
||||
await ctx.render('signup', {
|
||||
message: 'Thanks for signing up, we\'ve sent you an email to activate your account.',
|
||||
csrf: '',
|
||||
});
|
||||
|
|
@ -70,51 +70,51 @@ export function* signup() {
|
|||
}
|
||||
|
||||
|
||||
export function* forgot() {
|
||||
const token = this.params.token;
|
||||
export async function forgot(ctx) {
|
||||
const token = ctx.params.token;
|
||||
|
||||
if (this.request.body.password) {
|
||||
if (this.request.body.password.length < 7) {
|
||||
yield this.render('forgot', {
|
||||
if (ctx.request.body.password) {
|
||||
if (ctx.request.body.password.length < 7) {
|
||||
await ctx.render('forgot', {
|
||||
error: 'Password needs to be at least 7 characters long.',
|
||||
csrf: this.csrf,
|
||||
csrf: ctx.csrf,
|
||||
token,
|
||||
});
|
||||
return;
|
||||
}
|
||||
this.assertCSRF(this.request.body);
|
||||
const user = yield validateResetToken(token);
|
||||
ctx.assertCSRF(ctx.request.body);
|
||||
const user = await validateResetToken(token);
|
||||
if (user) {
|
||||
yield updatePassword(user.userId, this.request.body.password);
|
||||
const reset = yield models.reset.findById(token);
|
||||
await updatePassword(user.userId, ctx.request.body.password);
|
||||
const reset = await models.reset.findById(token);
|
||||
//reset.destroy();
|
||||
yield setupSession.call(this, user);
|
||||
this.statsd.incr('auth.reset.success', 1);
|
||||
this.redirect('/');
|
||||
await setupSession.call(ctx, user);
|
||||
ctx.statsd.incr('auth.reset.success', 1);
|
||||
ctx.redirect('/');
|
||||
}
|
||||
} else if (token) {
|
||||
const tokenUser = yield validateResetToken(token);
|
||||
const tokenUser = await validateResetToken(token);
|
||||
if (!tokenUser) {
|
||||
this.statsd.incr('auth.reset.fail', 1);
|
||||
yield this.render('forgot', {
|
||||
ctx.statsd.incr('auth.reset.fail', 1);
|
||||
await ctx.render('forgot', {
|
||||
error: 'Invalid password reset token. It might be expired, or has already been used.',
|
||||
csrf: this.csrf,
|
||||
csrf: ctx.csrf,
|
||||
token: null,
|
||||
});
|
||||
return;
|
||||
}
|
||||
yield this.render('forgot', { csrf: this.csrf, token });
|
||||
await ctx.render('forgot', { csrf: ctx.csrf, token });
|
||||
return;
|
||||
} else if (this.request.body.email) {
|
||||
this.assertCSRF(this.request.body);
|
||||
} else if (ctx.request.body.email) {
|
||||
ctx.assertCSRF(ctx.request.body);
|
||||
try {
|
||||
const email = this.request.body.email;
|
||||
yield sendResetToken.call(this, email);
|
||||
this.statsd.incr('auth.reset.request', 1);
|
||||
yield this.render('forgot', {
|
||||
const email = ctx.request.body.email;
|
||||
await sendResetToken.call(ctx, email);
|
||||
ctx.statsd.incr('auth.reset.request', 1);
|
||||
await ctx.render('forgot', {
|
||||
message: `We've sent an email with a link to reset your password.
|
||||
Be sure to check your spam folder if you it doesn't appear within a few minutes`,
|
||||
csrf: this.csrf,
|
||||
csrf: ctx.csrf,
|
||||
token: null,
|
||||
});
|
||||
return;
|
||||
|
|
@ -122,25 +122,25 @@ export function* forgot() {
|
|||
debug(error);
|
||||
}
|
||||
} else {
|
||||
yield this.render('forgot', { csrf: this.csrf, token: null });
|
||||
await ctx.render('forgot', { csrf: ctx.csrf, token: null });
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
export function* logout() {
|
||||
this.statsd.incr('auth.logout', 1);
|
||||
this.cookies.set('r', { expires: new Date(1), path: '/' });
|
||||
this.session = null;
|
||||
this.redirect('/');
|
||||
export async function logout(ctx) {
|
||||
ctx.statsd.incr('auth.logout', 1);
|
||||
ctx.cookies.set('r', { expires: new Date(1), path: '/' });
|
||||
ctx.session = null;
|
||||
ctx.redirect('/');
|
||||
}
|
||||
|
||||
|
||||
export function* activate() {
|
||||
const code = this.params.code;
|
||||
if (yield activateUser.call(this, code)) {
|
||||
this.statsd.incr('auth.activation', 1);
|
||||
this.redirect('/');
|
||||
export async function activate(ctx) {
|
||||
const code = ctx.params.code;
|
||||
if (await activateUser.call(ctx, code)) {
|
||||
ctx.statsd.incr('auth.activation', 1);
|
||||
ctx.redirect('/');
|
||||
} else {
|
||||
this.throw(400);
|
||||
ctx.throw(400);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue