-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapp.js
150 lines (107 loc) · 3.3 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
const Huncwot = require('huncwot');
const {
ok,
json,
notFound,
created,
unauthorized
} = require('huncwot/response');
const { can, register, login } = require('huncwot/auth');
const bcrypt = require('bcrypt');
const crypto = require('crypto');
const db = require('huncwot/db');
const app = new Huncwot();
const hash = bcrypt.hash;
const compare = bcrypt.compare;
const makeSession = async person_id => {
const token = await new Promise((resolve, reject) => {
crypto.randomBytes(16, (error, data) => {
error ? reject(error) : resolve(fromBase64(data.toString('base64')));
});
});
const hashedToken = crypto
.createHash('sha256')
.update(token)
.digest('base64');
await db`session`.insert({ token: hashedToken, person_id });
return token;
};
app.get('/', _ => 'Hello, Huncwot');
app.get('/a', can, _ => 'Hello, Secure');
app.get('/name/:name', ({ params }) => `Hello, your name is ${params.name}`);
app.get('/json', _ => json({ widget: 'This is widget 1' }));
app.get('/secure', async ({ headers, params }) => {
const { authorization: token } = headers;
if (!token) return unauthorized();
const hash = crypto
.createHash('sha256')
.update(token)
.digest('base64');
const [found] = await db`session`({ token: hash });
if (!found) return unauthorized();
return json({ secret: 'This message is only for admins!' });
});
app.post('/register', async ({ params }) => {
const { password } = params;
const hashed_password = await hash(password, 10);
let person = {
name: params.name,
email: params.email,
password: hashed_password
};
const [{ id: person_id }] = await db
.from('person')
.insert(person)
.return('id');
const token = await makeSession(person_id);
return json({ token, person_id });
});
app.post('/login', async ({ params }) => {
const { password } = params;
const [person] = await db.from('person').where({ email: params.email });
if (!person) return unauthorized();
const match = await compare(password, person.password);
if (!match) return unauthorized();
// create session
const token = await makeSession(person.id);
delete person.password;
return created({ token, ...person }, { Authorization: token });
});
const widgets = [
{
id: 1,
name: 'Widget 1'
}
];
let _id = 1;
const browse = _ => json(widgets);
const read = ({ params: { id } }) => json(widgets.find(_ => _.id === +id));
const add = ({ params: { name } }) => {
const id = ++_id;
widgets.push({ id, name });
return created({ id, name });
};
const edit = ({ params: { id, name } }) => {
const widget = widgets.find(_ => _.id === +id);
if (!widget) return notFound();
widget.name = name;
return json({ id, name });
};
const destroy = ({ params: { id } }) => {
const widgetIndex = widgets.findIndex(_ => _.id === +id);
if (widgetIndex < 0) return notFound();
widgets.splice(widgetIndex, 1);
return ok();
};
const finder = async ({ email }) => {
const result = await db.from('person').where({ email });
return result;
};
app.post('/register2', register({ fields: ['name', 'email'] }));
app.post('/login2', login({ finder }));
app.get('/widgets', browse);
app.get('/widgets/:id', read);
app.post('/widgets', can(add));
app.patch('/widgets/:id', can(edit));
app.delete('/widgets/:id', destroy);
app.listen(5544);