import DOMPurify from 'isomorphic-dompurify' import bcrypt from 'bcrypt' import UserRepository from './../../repositories/userRepository.js' import loginSchema from './../../schemas/auth/login.js' /** * handle auth * * @author Björn Hase, Tentakelfabrik * @license http://opensource.org/licenses/MIT The MIT License * @link https://github.com/tentakelfabrik/fastify-lowdb-riotjs-lessons-learned * */ export default async function(fastify, opts) { /** * auth * * @param {object} request * @param {object} response * */ fastify.post('/auth', loginSchema, async function (request, reply) { let { username, password } = request.body // strip crap from strings username = DOMPurify.sanitize(username) password = DOMPurify.sanitize(password) const userRepository = new UserRepository() const user = await userRepository.findOneByUsername(username) // add header for json reply.header('Content-Type', 'application/json; charset=utf-8') // user not found if (!user) { return reply .code(404) .send() } // password wrong if (!bcrypt.compareSync(password, user.password)) { return reply .code(401) .send() } // setting session to store and set cookie request.sessionStore.set(request.session.sessionId, request.session, async function() { user.sessionId = request.session.sessionId await userRepository.update(user) // send 200 and send set-token reply .code(200) .send() }) }) }