[TASK] Finish implementing /session API.

This commit is contained in:
Jan Philipp Timme 2013-09-16 18:21:52 +02:00
parent d5c197f3e5
commit f72d126589

60
app.js
View File

@ -67,7 +67,7 @@ app.use("/", express.static(__dirname + '/static'));
app.use("/session", function(req, res) { app.use("/session", function(req, res) {
res.setHeader("Content-Type", "application/json"); res.setHeader("Content-Type", "application/json");
//refresh session //refresh session and return login status
if(req.method == "GET") { if(req.method == "GET") {
if(req.session.data.login == true) { if(req.session.data.login == true) {
if(new Date() - req.session.data.lastActivity < 5 * 60 * 1000) { if(new Date() - req.session.data.lastActivity < 5 * 60 * 1000) {
@ -77,38 +77,78 @@ app.use("/session", function(req, res) {
} }
} }
res.send(200, JSON.stringify({ res.send(200, JSON.stringify({
"success": true,
"login": req.session.data.login "login": req.session.data.login
})); }));
} }
//check user credentials, update session data //check user credentials, update session data
if(req.method == "PUT") { if(req.method == "PUT") {
//already logged in?
if(req.session.data.login == true) { if(req.session.data.login == true) {
res.send(200, JSON.stringify({ res.send(200, JSON.stringify({
"success": false "success": false,
})); "error": "You are already logged in!"
}
var params = req.body;
if(tools.reqParamsGiven() == false) {
res.send(200, JSON.stringify({
"login": req.session.data.login
})); }));
return; return;
} }
var params = req.body;
//username or password missing?
if(tools.reqParamsGiven(["username", "password"], params) == false) {
res.send(200, JSON.stringify({
"success": false,
"error": "Insufficient parameters given! Need: username, password"
}));
return;
}
//check if user exists
db.get(params.username, function (err, doc) {
if(!err && doc.type == "user") {
//user exists, verify password
scrypt.verifyHash(user.auth, params.password, function(err, match) {
if(err || match == false) {
res.send(200, JSON.stringify({
"success": false,
"error": "Invalid login credentials!"
}));
return;
}
if(!err && match == true) {
req.session.data.login = true; req.session.data.login = true;
req.session.data.lastActivity = new Date(); req.session.data.lastActivity = new Date();
res.send(200, JSON.stringify({ res.send(200, JSON.stringify({
"login": req.session.data.login "success": true
})); }));
return;
}
});
} else {
//user does not exist.
res.send(200, JSON.stringify({
"success": false,
"error": "Invalid login credentials!"
}));
return;
}
});
} }
//destroy the session //destroy the session
if(req.method == "DELETE") { if(req.method == "DELETE") {
//only do logout if login exists
if(req.session.data.login == false) {
res.send(200, JSON.stringify({
"success": false,
"error": "Cannot log you out, you are not logged in!"
}));
} else {
req.session.data.login = false; req.session.data.login = false;
res.send(200, JSON.stringify({ res.send(200, JSON.stringify({
"login": req.session.data.login "success": true
})); }));
} }
}
}); });
//API: /user //API: /user