Postgres.
This commit is contained in:
parent
695644c260
commit
806f42e3f8
25 changed files with 501 additions and 294 deletions
|
@ -1,63 +1,88 @@
|
|||
import passwords from 'passwords';
|
||||
import auth from 'basic-auth';
|
||||
import models from '../../models';
|
||||
import debugname from 'debug';
|
||||
const debug = debugname('hostr-api:auth');
|
||||
|
||||
const badLoginMsg = '{"error": {"message": "Incorrect login details.", "code": 607}}';
|
||||
|
||||
export default function* (next) {
|
||||
const Users = this.db.Users;
|
||||
const Files = this.db.Files;
|
||||
const Logins = this.db.Logins;
|
||||
let user = false;
|
||||
|
||||
const remoteIp = this.req.headers['x-real-ip'] || this.req.connection.remoteAddress;
|
||||
const login = yield models.login.create({
|
||||
ip: remoteIp,
|
||||
successful: false,
|
||||
});
|
||||
if (this.req.headers.authorization && this.req.headers.authorization[0] === ':') {
|
||||
debug('Logging in with token');
|
||||
const userToken = yield this.redis.get(this.req.headers.authorization.substr(1));
|
||||
this.assert(userToken, 401, '{"error": {"message": "Invalid token.", "code": 606}}');
|
||||
debug('Token found');
|
||||
user = yield Users.findOne({ _id: this.db.objectId(userToken) });
|
||||
user = yield models.user.findById(userToken);
|
||||
if (!user) {
|
||||
login.save();
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
const authUser = auth(this);
|
||||
this.assert(authUser, 401, badLoginMsg);
|
||||
const remoteIp = this.req.headers['x-real-ip'] || this.req.connection.remoteAddress;
|
||||
const count = yield Logins.count({
|
||||
ip: remoteIp,
|
||||
successful: false,
|
||||
at: { $gt: Math.ceil(Date.now() / 1000) - 600 },
|
||||
const count = yield models.login.count({
|
||||
where: {
|
||||
ip: remoteIp,
|
||||
successful: false,
|
||||
createdAt: {
|
||||
$gt: new Date(Math.ceil(Date.now()) - 600000),
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
this.assert(count < 25, 401,
|
||||
'{"error": {"message": "Too many incorrect logins.", "code": 608}}');
|
||||
|
||||
yield Logins.insertOne({ ip: remoteIp, at: Math.ceil(Date.now() / 1000), successful: null });
|
||||
user = yield Users.findOne({
|
||||
email: authUser.name,
|
||||
banned: { $exists: false },
|
||||
status: { $ne: 'deleted' },
|
||||
user = yield models.user.findOne({
|
||||
where: {
|
||||
email: authUser.name,
|
||||
activated: true,
|
||||
},
|
||||
});
|
||||
this.assert(user, 401, badLoginMsg);
|
||||
const authenticated = yield passwords.match(authUser.pass, user.salted_password);
|
||||
this.assert(authenticated, 401, badLoginMsg);
|
||||
|
||||
if (!user || !(yield passwords.match(authUser.pass, user.password))) {
|
||||
login.save();
|
||||
this.throw(401, badLoginMsg);
|
||||
return;
|
||||
}
|
||||
}
|
||||
debug('Checking user');
|
||||
this.assert(user, 401, badLoginMsg);
|
||||
debug('Checking user is activated');
|
||||
this.assert(!user.activationCode, 401,
|
||||
debug(user.activated);
|
||||
this.assert(user.activated === true, 401,
|
||||
'{"error": {"message": "Account has not been activated.", "code": 603}}');
|
||||
|
||||
const uploadedTotal = yield Files.count({ owner: user._id, status: { $ne: 'deleted' } });
|
||||
const uploadedToday = yield Files.count({
|
||||
owner: user._id,
|
||||
time_added: { $gt: Math.ceil(Date.now() / 1000) - 86400 },
|
||||
login.successful = true;
|
||||
yield login.save();
|
||||
|
||||
const uploadedTotal = yield models.file.count({
|
||||
where: {
|
||||
userId: user.id,
|
||||
},
|
||||
});
|
||||
const uploadedToday = yield models.file.count({
|
||||
where: {
|
||||
userId: user.id,
|
||||
createdAt: {
|
||||
$gt: Math.ceil(Date.now() / 1000) - 86400,
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
const normalisedUser = {
|
||||
id: user._id,
|
||||
id: user.id,
|
||||
email: user.email,
|
||||
daily_upload_allowance: user.type === 'Pro' ? 'unlimited' : 15,
|
||||
daily_upload_allowance: user.plan === 'Pro' ? 'unlimited' : 15,
|
||||
file_count: uploadedTotal,
|
||||
max_filesize: user.type === 'Pro' ? 524288000 : 20971520,
|
||||
plan: user.type || 'Free',
|
||||
max_filesize: user.plan === 'Pro' ? 524288000 : 20971520,
|
||||
plan: user.plan,
|
||||
uploads_today: uploadedToday,
|
||||
};
|
||||
this.response.set('Daily-Uploads-Remaining',
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue