summaryrefslogblamecommitdiffstats
path: root/server/api/authentication.js
blob: 60b08a15a0a13d540bead556a237cb833b70a104 (plain) (tree)
1
2
3
4
5
6
7
8



                                                         

                                                   

                                                                          







                                                                                                                                                                    












                                                      










                                                                                                                                                                  


                                          
/* global __appdir */
const path = require('path')
var db = require(path.join(__appdir, 'lib', 'sequelize'))
var express = require('express')
const { decorateApp } = require('@awaitjs/express')
var noAuthRouter = decorateApp(express.Router())
var authentication = require(path.join(__appdir, 'lib', 'authentication'))

// Setup method for checking if setup is possible.
noAuthRouter.get('/setup', (req, res) => {
  db.user.findAll().then(users => {
    if (users.length > 0) res.status(403).send({ status: 'USERTABLE_NOT_EMPTY', error_message: 'The user table is not empty, unauthorized creation is forbidden.' })
    else res.send({ status: 'SUCCESS' })
  })
})

noAuthRouter.post('/token', (req, res) => {
  authentication.loginToken(req, res)
})

noAuthRouter.post('/login', (req, res) => {
  authentication.loginCookie(req, res)
})

noAuthRouter.post('/logout', (req, res) => {
  authentication.logout(req, res)
})

// Setup method for creating the initial root account.
noAuthRouter.postAsync('/setup', async (req, res) => {
  const users = await db.user.findAll()
  if (users.length > 0) res.status(403).send({ status: 'USERTABLE_NOT_EMPTY', error_message: 'The user table is not empty, unauthorized creation is forbidden.' })
  else {
    const user = await authentication.signup(req, res)
    const roleDb = await db.role.create({ name: user.username, descr: 'Superadmin' })
    const permission = await db.permission.findOne({ where: { name: 'superadmin' } })
    await roleDb.addPermissions(permission.id)
    await user.addRoles(roleDb.id)
    res.status(200).send({ auth: true, status: 'VALID' })
  }
})

module.exports.noAuthRouter = noAuthRouter