Postgres.

This commit is contained in:
Jonathan Cremin 2016-06-19 10:14:47 -07:00
parent 695644c260
commit 806f42e3f8
25 changed files with 501 additions and 294 deletions

View file

@ -1,63 +1,88 @@
import passwords from 'passwords';
import auth from 'basic-auth';
import models from '../../models';
import debugname from 'debug';
const debug = debugname('hostr-api:auth');
const badLoginMsg = '{"error": {"message": "Incorrect login details.", "code": 607}}';
export default function* (next) {
const Users = this.db.Users;
const Files = this.db.Files;
const Logins = this.db.Logins;
let user = false;
const remoteIp = this.req.headers['x-real-ip'] || this.req.connection.remoteAddress;
const login = yield models.login.create({
ip: remoteIp,
successful: false,
});
if (this.req.headers.authorization && this.req.headers.authorization[0] === ':') {
debug('Logging in with token');
const userToken = yield this.redis.get(this.req.headers.authorization.substr(1));
this.assert(userToken, 401, '{"error": {"message": "Invalid token.", "code": 606}}');
debug('Token found');
user = yield Users.findOne({ _id: this.db.objectId(userToken) });
user = yield models.user.findById(userToken);
if (!user) {
login.save();
return;
}
} else {
const authUser = auth(this);
this.assert(authUser, 401, badLoginMsg);
const remoteIp = this.req.headers['x-real-ip'] || this.req.connection.remoteAddress;
const count = yield Logins.count({
ip: remoteIp,
successful: false,
at: { $gt: Math.ceil(Date.now() / 1000) - 600 },
const count = yield models.login.count({
where: {
ip: remoteIp,
successful: false,
createdAt: {
$gt: new Date(Math.ceil(Date.now()) - 600000),
},
},
});
this.assert(count < 25, 401,
'{"error": {"message": "Too many incorrect logins.", "code": 608}}');
yield Logins.insertOne({ ip: remoteIp, at: Math.ceil(Date.now() / 1000), successful: null });
user = yield Users.findOne({
email: authUser.name,
banned: { $exists: false },
status: { $ne: 'deleted' },
user = yield models.user.findOne({
where: {
email: authUser.name,
activated: true,
},
});
this.assert(user, 401, badLoginMsg);
const authenticated = yield passwords.match(authUser.pass, user.salted_password);
this.assert(authenticated, 401, badLoginMsg);
if (!user || !(yield passwords.match(authUser.pass, user.password))) {
login.save();
this.throw(401, badLoginMsg);
return;
}
}
debug('Checking user');
this.assert(user, 401, badLoginMsg);
debug('Checking user is activated');
this.assert(!user.activationCode, 401,
debug(user.activated);
this.assert(user.activated === true, 401,
'{"error": {"message": "Account has not been activated.", "code": 603}}');
const uploadedTotal = yield Files.count({ owner: user._id, status: { $ne: 'deleted' } });
const uploadedToday = yield Files.count({
owner: user._id,
time_added: { $gt: Math.ceil(Date.now() / 1000) - 86400 },
login.successful = true;
yield login.save();
const uploadedTotal = yield models.file.count({
where: {
userId: user.id,
},
});
const uploadedToday = yield models.file.count({
where: {
userId: user.id,
createdAt: {
$gt: Math.ceil(Date.now() / 1000) - 86400,
},
},
});
const normalisedUser = {
id: user._id,
id: user.id,
email: user.email,
daily_upload_allowance: user.type === 'Pro' ? 'unlimited' : 15,
daily_upload_allowance: user.plan === 'Pro' ? 'unlimited' : 15,
file_count: uploadedTotal,
max_filesize: user.type === 'Pro' ? 524288000 : 20971520,
plan: user.type || 'Free',
max_filesize: user.plan === 'Pro' ? 524288000 : 20971520,
plan: user.plan,
uploads_today: uploadedToday,
};
this.response.set('Daily-Uploads-Remaining',