[TASK] Finish implementing /session API.

This commit is contained in:
Jan Philipp Timme 2013-09-16 18:21:52 +02:00
parent d5c197f3e5
commit f72d126589
1 changed files with 57 additions and 17 deletions

74
app.js
View File

@ -67,7 +67,7 @@ app.use("/", express.static(__dirname + '/static'));
app.use("/session", function(req, res) {
res.setHeader("Content-Type", "application/json");
//refresh session
//refresh session and return login status
if(req.method == "GET") {
if(req.session.data.login == true) {
if(new Date() - req.session.data.lastActivity < 5 * 60 * 1000) {
@ -77,37 +77,77 @@ app.use("/session", function(req, res) {
}
}
res.send(200, JSON.stringify({
"success": true,
"login": req.session.data.login
}));
}
//check user credentials, update session data
if(req.method == "PUT") {
//already logged in?
if(req.session.data.login == true) {
res.send(200, JSON.stringify({
"success": false
}));
}
var params = req.body;
if(tools.reqParamsGiven() == false) {
res.send(200, JSON.stringify({
"login": req.session.data.login
"success": false,
"error": "You are already logged in!"
}));
return;
}
req.session.data.login = true;
req.session.data.lastActivity = new Date();
res.send(200, JSON.stringify({
"login": req.session.data.login
}));
var params = req.body;
//username or password missing?
if(tools.reqParamsGiven(["username", "password"], params) == false) {
res.send(200, JSON.stringify({
"success": false,
"error": "Insufficient parameters given! Need: username, password"
}));
return;
}
//check if user exists
db.get(params.username, function (err, doc) {
if(!err && doc.type == "user") {
//user exists, verify password
scrypt.verifyHash(user.auth, params.password, function(err, match) {
if(err || match == false) {
res.send(200, JSON.stringify({
"success": false,
"error": "Invalid login credentials!"
}));
return;
}
if(!err && match == true) {
req.session.data.login = true;
req.session.data.lastActivity = new Date();
res.send(200, JSON.stringify({
"success": true
}));
return;
}
});
} else {
//user does not exist.
res.send(200, JSON.stringify({
"success": false,
"error": "Invalid login credentials!"
}));
return;
}
});
}
//destroy the session
if(req.method == "DELETE") {
req.session.data.login = false;
res.send(200, JSON.stringify({
"login": req.session.data.login
}));
//only do logout if login exists
if(req.session.data.login == false) {
res.send(200, JSON.stringify({
"success": false,
"error": "Cannot log you out, you are not logged in!"
}));
} else {
req.session.data.login = false;
res.send(200, JSON.stringify({
"success": true
}));
}
}
});