diff --git a/src/api/endpoints/auth/accept.js b/src/api/endpoints/auth/accept.ts similarity index 84% rename from src/api/endpoints/auth/accept.js rename to src/api/endpoints/auth/accept.ts index 1c0b100948..2c104ef1c6 100644 --- a/src/api/endpoints/auth/accept.js +++ b/src/api/endpoints/auth/accept.ts @@ -5,6 +5,7 @@ */ import rndstr from 'rndstr'; const crypto = require('crypto'); +import it from '../../it'; import App from '../../models/app'; import AuthSess from '../../models/auth-session'; import AccessToken from '../../models/access-token'; @@ -43,21 +44,19 @@ module.exports = (params, user) => new Promise(async (res, rej) => { // Get 'token' parameter - const sesstoken = params.token; - if (sesstoken == null) { - return rej('token is required'); - } + const [token, tokenErr] = it(params.token).expect.string().required().qed(); + if (tokenErr) return rej('invalid token param'); // Fetch token const session = await AuthSess - .findOne({ token: sesstoken }); + .findOne({ token: token }); if (session === null) { return rej('session not found'); } // Generate access token - const token = rndstr('a-zA-Z0-9', 32); + const accessToken = rndstr('a-zA-Z0-9', 32); // Fetch exist access token const exist = await AccessToken.findOne({ @@ -73,7 +72,7 @@ module.exports = (params, user) => // Generate Hash const sha256 = crypto.createHash('sha256'); - sha256.update(token + app.secret); + sha256.update(accessToken + app.secret); const hash = sha256.digest('hex'); // Insert access token doc @@ -81,7 +80,7 @@ module.exports = (params, user) => created_at: new Date(), app_id: session.app_id, user_id: user._id, - token: token, + token: accessToken, hash: hash }); } diff --git a/src/api/endpoints/auth/session/generate.js b/src/api/endpoints/auth/session/generate.ts similarity index 89% rename from src/api/endpoints/auth/session/generate.js rename to src/api/endpoints/auth/session/generate.ts index cf75b83e2d..6e730123c1 100644 --- a/src/api/endpoints/auth/session/generate.js +++ b/src/api/endpoints/auth/session/generate.ts @@ -4,6 +4,7 @@ * Module dependencies */ import * as uuid from 'uuid'; +import it from '../../../it'; import App from '../../../models/app'; import AuthSess from '../../../models/auth-session'; import config from '../../../../conf'; @@ -49,10 +50,8 @@ module.exports = (params) => new Promise(async (res, rej) => { // Get 'app_secret' parameter - const appSecret = params.app_secret; - if (appSecret == null) { - return rej('app_secret is required'); - } + const [appSecret, appSecretErr] = it(params.app_secret).expect.string().required().qed(); + if (appSecretErr) return rej('invalid app_secret param'); // Lookup app const app = await App.findOne({ diff --git a/src/api/endpoints/auth/session/show.js b/src/api/endpoints/auth/session/show.ts similarity index 91% rename from src/api/endpoints/auth/session/show.js rename to src/api/endpoints/auth/session/show.ts index 425c980d9d..55641929d8 100644 --- a/src/api/endpoints/auth/session/show.js +++ b/src/api/endpoints/auth/session/show.ts @@ -3,6 +3,7 @@ /** * Module dependencies */ +import it from '../../../it'; import AuthSess from '../../../models/auth-session'; import serialize from '../../../serializers/auth-session'; @@ -57,10 +58,8 @@ module.exports = (params, user) => new Promise(async (res, rej) => { // Get 'token' parameter - const token = params.token; - if (token == null) { - return rej('token is required'); - } + const [token, tokenErr] = it(params.token).expect.string().required().qed(); + if (tokenErr) return rej('invalid token param'); // Lookup session const session = await AuthSess.findOne({ diff --git a/src/api/endpoints/auth/session/userkey.js b/src/api/endpoints/auth/session/userkey.ts similarity index 87% rename from src/api/endpoints/auth/session/userkey.js rename to src/api/endpoints/auth/session/userkey.ts index 2c34304a5e..fdb8c26d4e 100644 --- a/src/api/endpoints/auth/session/userkey.js +++ b/src/api/endpoints/auth/session/userkey.ts @@ -3,6 +3,7 @@ /** * Module dependencies */ +import it from '../../../it'; import App from '../../../models/app'; import AuthSess from '../../../models/auth-session'; import AccessToken from '../../../models/access-token'; @@ -53,10 +54,8 @@ import serialize from '../../../serializers/user'; module.exports = (params) => new Promise(async (res, rej) => { // Get 'app_secret' parameter - const appSecret = params.app_secret; - if (appSecret == null) { - return rej('app_secret is required'); - } + const [appSecret, appSecretErr] = it(params.app_secret).expect.string().required().qed(); + if (appSecretErr) return rej('invalid app_secret param'); // Lookup app const app = await App.findOne({ @@ -68,10 +67,8 @@ module.exports = (params) => } // Get 'token' parameter - const token = params.token; - if (token == null) { - return rej('token is required'); - } + const [token, tokenErr] = it(params.token).expect.string().required().qed(); + if (tokenErr) return rej('invalid token param'); // Fetch token const session = await AuthSess