/
routes.js
89 lines (76 loc) · 2.19 KB
/
routes.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
/** @format */
import Joi from 'joi';
import cookieParser from 'cookie-parser';
import mongoConnect from 'connect-mongo';
import mongoose from 'mongoose';
import passport from 'passport';
import session from 'express-session';
import uniqueID from 'shared/uniqueID';
import svgCaptcha from 'svg-captcha';
import settings from 'api/settings';
import urljoin from 'url-join';
import { validation } from '../utils';
import './passport_conf.js';
const MongoStore = mongoConnect(session);
export default app => {
app.use(cookieParser());
app.use(
session({
secret: app.get('env') === 'production' ? uniqueID() : 'harvey&lola',
store: new MongoStore({
mongooseConnection: mongoose.connection,
}),
resave: false,
saveUninitialized: false,
})
);
app.use(passport.initialize());
app.use(passport.session());
app.post(
'/api/login',
validation.validateRequest(
Joi.object({
username: Joi.string().required(),
password: Joi.string().required(),
token: Joi.string(),
}).required()
),
(req, res, next) => {
passport.authenticate('local', (err, user) => {
if (err) {
next(err);
return;
}
req.logIn(user, error => {
if (error) {
next(err);
return;
}
res.status(200);
res.json({ success: true });
});
})(req, res, next);
}
);
app.get('/api/user', (req, res) => {
res.json(req.user || {});
});
app.get('/logout', (req, res) => {
req.session.destroy();
res.redirect('/');
});
app.get('/captcha', (req, res) => {
const captcha = svgCaptcha.createMathExpr({ mathMin: 1, mathMax: 19, mathOperator: '+' });
req.session.captcha = captcha.text;
res.type('svg');
res.send(captcha.data);
});
app.get('/remotecaptcha', async (req, res) => {
const _settings = await settings.get(true);
const remoteResponse = await fetch(urljoin(_settings.publicFormDestination, '/captcha'));
const [remotecookie] = remoteResponse.headers._headers['set-cookie'];
req.session.remotecookie = remotecookie;
res.type('svg');
remoteResponse.body.pipe(res);
});
};