let url = require('url'); let md5 = require('md5'); module.exports = function(app) { let User = app.models.User; let applications = app.get('applications'); app.get('/auth/', function(req, res) { res.render('auth.ejs', { assets: app.getWpAssets('auth') }); }); app.post('/auth/login', function(req, res) { let body = req.body; let user = body.user; let password = body.password; let syncOnFail = true; let usesEmail = user && user.indexOf('@') !== -1; login(); function login() { let loginInfo = {password: password}; if (usesEmail) loginInfo.email = user; else loginInfo.username = user; User.login(loginInfo, 'user', loginCb); } function loginCb(err, token) { if (err) { if (syncOnFail && !usesEmail) { syncOnFail = false; let filter = {where: {name: user}}; app.models.Account.findOne(filter, findCb); } else badLogin(); return; } let apiKey; let continueUrl; try { let query = url.parse(req.body.location, true).query; apiKey = query.apiKey; continueUrl = query.continue; } catch (e) { continueUrl = null; } if (!apiKey) apiKey = 'default'; let loginUrl = applications[apiKey] || '/login'; res.json({ token: token.id, continue: continueUrl, loginUrl: loginUrl }); } function findCb(err, instance) { if (err || !instance || instance.password !== md5(password)) { badLogin(); return; } let where = {id: instance.id}; let userData = { id: instance.id, username: user, password: password, email: instance.email, created: instance.created, updated: instance.updated }; User.upsertWithWhere(where, userData, login); } function badLogin() { res.status(401); res.json({ message: 'Login failed' }); } }); app.get('/auth/logout', function(req, res) { User.logout(req.accessToken.id, () => { res.redirect('/'); }); }); };